The number of smishing detections was 500,000 in 2023, exceeding 2.1 million last year, more than fourfold.
Kim Eun-seong, head of the Smishing Response Team at the Korea Internet & Security Agency (KISA), noted on the 27th that "the number of smishing blocks exceeded 19,000 last year, recording more than seven times the 2,700 cases in 2023" and said, "We will prevent bait message exposure and suppress phishing attacks through proactive responses." Smishing refers to phishing through Short Message Service (SMS). KISA introduced the current evolving smishing and supply chain threat situation along with response measures.
Kim explained that the basic phishing attack technique of "bait text" is evolving with the times. He said, "In the past, it was a system where a sender's number was registered, and bulk messages were sent through texts containing a phishing link. However, recently, attackers are inducing users to install normal remote control applications through phone calls, followed by installing malicious apps, or they are inducing users to install malicious apps through QR codes."
KISA aims to prevent such crimes through proactive responses. Kim, the head of the team, said, "We launched the ‘Qsing Verification Service’ on Jan. 31, where users can check whether a QR code is normal or malicious by scanning it within KakaoTalk." He added, "To block malicious messages, we are developing the ‘X-ray system’ and will analyze the links included in mass text messages requested by corporate messaging service providers, blocking those considered malicious from being sent."
Additionally, KISA supports the establishment of a Software Bill of Materials (SBOM) security model to respond to the increasing risks of software supply chains. SBOM refers to applying the concept of a bill of materials in manufacturing to software. SBOM is used to identify and manage the components of software. This project requires corporations, institutions, and system integration (SI) companies involved in software supply chains to form various forms of consortia with development and manufacturing partners. KISA plans to select a total of eight projects and provide up to 375 million won for each project.
Lee Dong-hwa, head of the Supply Chain Safety Policy Team at KISA, stated, "The recent increase in software supply chain threats has led to security enhancement measures in major countries such as the United States and the European Union (EU), and several countries are implementing policies mandating SBOM submission or management, raising concerns about potential export barriers for domestic corporations." He added, "Therefore, KISA is proceeding with pilot projects targeting companies that develop, supply, and operate digital products and services."