Last week, the European Commission launched an investigation after finding evidence that its mobile device management platform was hacked. The Commission reported that it discovered “traces of a cyberattack” that targeted infrastructure that manages its staff’s mobile devices. The breach resulted in staff members’ personal information including names and phone numbers being accessed by the attackers.
Dray Agha, Senior Manager of Security Operations at Huntress emphasised the need for organisations to reinforce the security of their digital systems.
“This highlights the critical need to secure mobile management systems. As mobile devices become central to our work, ensuring the platforms that manage them are fortified is essential. This incident serves as a reminder for all organisations to continuously assess and strengthen their security layers.”
He added that “It shouldn’t go unnoted that the European Commission clearly had effective proactive detection to catch their threat, and their subsequent transparency will be a strong example. The European Commission’s swift identification of this incident and clear communication about potentially accessed data, while confirming staff devices remain secure, demonstrates a responsible approach to modern cyber threats.”
Keeper Security CEO and co-founder Darren Guccione agreed that device management infrastructure needs to be protected as it is now the primary attack surface for nation-state and financially motivated attackers.
He said that while patching is essential, it is not sufficient on its own. “In complex environments, delays between vulnerability disclosure, patch availability and full remediation create an exploitable window. Once initial access is gained, the decisive factor becomes how much privilege, trust and reach that access provides,” he continued.
Guccione also shed light on the issue of code injection and insecure credential handling, and how it can escalate the impact of a single flaw. Attackers exploit hardcoded secrets, shared credentials and static configuration files to quicken access into organisations’ systems. He suggested that organisations move away from embedding secrets in code altogether, ensuring credentials are encrypted, centrally managed and injected only at runtime.
CEO and Co-Founder of CyberSmart, Jamie Akhtar, emphasised the need to protect supply chains from cyber risks.
“Device and endpoint management platforms typically sit at the centre of complex supply chains. They link identity services, communications tools, third-party applications and external suppliers. When one of these platforms is compromised, attackers gain visibility into how organisations operate and who they trust. That visibility can then be used to impersonate suppliers, initiate follow-on attacks, or target connected organisations through convincing social engineering.
“Incidents like this reinforce why supply chain cyber risk cannot be treated as a one-off supplier issue. A breach at one point in the chain can be leveraged to impact many others, particularly where access is broad, monitoring is limited, or assurance is inconsistent. Even short periods of access can be enough to map relationships and identify downstream targets.”
He noted that Organisations should take a consistent, standards-based approach to managing supply chain risk, including clearly defining what access suppliers need, limiting it wherever possible, and ensuring strong authentication and ongoing oversight across shared systems.
“Supply chain cyber risk is no longer confined to individual organisations. It is a shared responsibility, and incidents like this show how quickly trust across an ecosystem can be tested when that responsibility is not managed collectively,” Akhtar concluded.
In order to uphold strong defences, least-privilege access, strong authentication, continuous monitoring of privileged activity, separation between management and operational systems and zero trust controls around any platform capable of executing privileged actions need to be in place. Organisation leaders need to realise that cyber resilience depends on not just preventing breaches but containing them. This means prioritising visibility and access governance as strategic controls, rather than operational afterthoughts.
