The UK National Cyber Security Centre has issued an alert warning that multiple actors are attempting to exploit a MobileIron vulnerability to compromise the networks of UK organisations.

MobileIron issued a security patch in June 2020 for their Mobile Device Management system to resolve several vulnerabilities in their software.  Included was a critical remote code execution vulnerability (CVE-2020-15505) which is being chained with the Netlogon/Zerologon (CVE-2020-1472) vulnerability in order to breach the networks under attack.

The NCSC alert warns that nation state actors and cyber criminal gangs are targeting this vulnerability now and any unpatched systems need to be addressed urgently.

Both of the vulnerabilities under attack (in MobileIron’s Core and Connector products and the Microsoft Zerologon vulnerability) have had security patches freely available for several months.  A proof of concept exploit was published in September 2020 which triggered an increase in the number of bad actors attempting the exploit this MobileIron vulnerability. The vulnerability was also included in the recent list of the top vulnerabilities being targeted today issued by the NSA.

Establishing a regular monthly security patching activity for all systems is one of the most effective steps any organisation can take in order to improve their cyber security.  This can be combined with regular vulnerability scans which will identify any patches which have been missed.