What's Happening?
Industrial cellular routers in Australia have been exploited by attackers for smishing, a form of SMS phishing. French security vendor Sekoia discovered that the API of Milesight routers was used to send phishing messages targeting Belgian government service portals. Over 18,000 Milesight routers were found accessible online, with 572 misconfigured to allow unauthenticated access to their SMS APIs. In Australia, 90 routers were identified as vulnerable, with six involved in fraudulent campaigns. The attacks, active since February 2022, targeted multiple countries, including Sweden and Italy.
Why It's Important?
The exploitation of industrial routers for smishing attacks highlights vulnerabilities in network security, particularly concerning IoT devices. This incident underscores the need for robust security measures and proper configuration to prevent unauthorized access and misuse. The widespread impact of these attacks, affecting multiple countries, demonstrates the global nature of cybersecurity threats and the importance of international cooperation in addressing them. Companies and governments must prioritize cybersecurity to protect sensitive information and maintain trust in digital communications.
