#iot-security

#iot-security

Researchers at Sekoia.io have found that cybercriminals are exploiting Milesight cellular routers on a large scale to spread phishing messages via SMS. This is known as smishing. These devices are typically used in industrial environments, for example, to connect traffic lights, energy meters, and other IoT systems via 3G, 4G, or 5G. The routers are equipped with SIM cards and can be controlled via SMS, Python scripts, and web interfaces.

The latest record-breaking attack peaked at 22.2 terabits per second (Tbps) and 10.6 billion packets per second (Bpps), and lasted only 40 seconds. The company said this hyper-volumetric DDoS attack, which was double in size compared to the previous record, was autonomously blocked by its systems. Cloudflare told SecurityWeek that the attack was aimed at a single IP address of an unnamed European network infrastructure company. Cloudflare has yet to determine who was behind the attack, but believes it may have been powered by the Aisuru botnet, which was also linked earlier this year to a massive 6.3 Tbps attack on the website of cybersecurity blogger Brian Krebs.

Pudu Robotics is a Chinese robot manufacturer with over 100,000 units in over 1,000 cities doing everything from serving meals with the cat-like BellaBot, to using its mechanical-armed FlashBot to operate human-designed systems like elevators, as you can see below. According to analysts Frost and Sullivan, last year it captured 23 percent of the market for such kit, but a hacker has found that the backend software systems controlling them are vulnerable to abuse.

Zscaler is launching a cellular solution that utilizes a SIM card to bring Zero Trust security to IoT and OT devices globally, eliminating the need for VPNs.

IoT manufacturers are failing to help prevent DDoS attacks by fixing known vulnerabilities, allowing criminals to launch years-long campaigns.