What is the story about?
What's Happening?
A significant number of industrial cellular routers in Australia have been exploited for smishing attacks, according to a report by French security vendor Sekoia. The routers, manufactured by Milesight, have been used to send phishing messages via SMS, targeting government service portals in Belgium. Sekoia's investigation revealed that over 18,000 Milesight routers are accessible online, with 572 found to be misconfigured, allowing unauthorized access to their SMS APIs. In Australia, 90 out of 3,000 tested routers were found to expose their SMS-send/receive API without authentication, with at least six involved in fraudulent campaigns. These campaigns aimed to steal banking information from Belgian phone numbers. The attacks were detected through Sekoia's honeypots, and the infrastructure used by attackers was traced to a Lithuanian VPS provider. The campaign has been active since February 2022, affecting several countries, including Sweden and Italy.
Why It's Important?
The exploitation of these routers highlights significant cybersecurity vulnerabilities in industrial devices, which can have far-reaching implications for businesses and governments. The ability to send phishing messages through these routers poses a threat to sensitive information, particularly in sectors reliant on secure communications. The incident underscores the importance of proper device configuration and firmware updates to prevent unauthorized access. For Australia, being the country with the highest concentration of these routers, the issue is particularly pressing. The broader impact includes potential financial losses and compromised data security for individuals and organizations targeted by these smishing campaigns. The situation calls for increased vigilance and improved security measures to protect against such cyber threats.
What's Next?
In response to these findings, there may be increased pressure on manufacturers like Milesight to address the misconfiguration issues and ensure their devices are secure. Regulatory bodies might also step in to enforce stricter cybersecurity standards for industrial devices. Organizations using these routers are likely to conduct security audits and implement necessary updates to protect their networks. Additionally, there could be a push for greater awareness and training on cybersecurity best practices to prevent similar incidents in the future. The ongoing investigation by Sekoia and other cybersecurity firms may lead to further revelations about the scope and methods of these attacks.
AI Generated Content
Do you find this article useful?
