"Information security in 2021" reviews the key events of the year and describes the strong growth in cyber security incidents

Digital development constantly makes new services available to us, facilitating our everyday life. The downside of this development is that cybercrime and different kinds of incidents are becoming more and more common. As with all digital phenomena, cyber threats are also characterised by rapid development. Scams, vulnerabilities and malware are causing trouble to organisations and private individuals alike.

The year 2021 was a busy one on the cyber front. The NCSC-FI addressed manually more than 17,000 reports of actual and suspected security breaches. The number of automatically processed incidents was more than 200,000. Cooperation networks and information sharing groups have become more active, and joining forces has made efforts to prevent cyber threats more efficient. The importance of cooperation and being prepared for cyber threats was also highlighted in the yearbook of the Finnish Security and Intelligence Service.

Information security in 2021 is a comprehensive review of last year’s most important events at the NCSC-FI. The following presents a few information security events that had a major impact last year. For more information, watch the video or download the publication via the link below.

The Log4shell vulnerability cast a shadow over the end of the year

The vulnerability of the Log4j library discovered in early December 2021 was actively exploited, and data breaches related to it have also occurred in Finland. We published a critical alert concerning the vulnerability; it was the last one in 2021.

We provided information about the vulnerability and reminded the management of companies that the vulnerability should be approached as a risk to the continuity of the organisation’s own business. The real impact of the vulnerability will only be revealed during the next few months, and the methods of exploiting the vulnerability will remain in the toolbox of attackers for years.

Swift action with telecommunications operators helped prevent the spread of the FluBot malware

In 2021, we issued two alerts about the malware FluBot, which may steal information from a smartphone and use it to send scam text messages that spread the malware further. Scam messages in Finnish were sent to thousands of people in Finland.

“Companies in particular should know what information the phones of their employees contain and draw up a risk assessment on what kind of an impact a data leak caused by malware could have,” says Deputy Director-General Sauli Pahlman from the NCSC-FI.

We worked together with telecommunications operators to combat the wave of FluBot mobile malware infections, and managed to eradicate the malware in Finland by the end of the year. However, the infrastructure used by the malware still exists, and it is possible that FluBot is waiting for an opportune moment for a comeback in a new disguise.

The Exchange vulnerability attracted cyber criminals

In the spring of 2021, there were news about a critical vulnerability of the Exchange email server being actively exploited in Finland and around the world. In the beginning, we detected roughly 300 vulnerable Exchange servers in Finland, some of which had already been breached.

“It is important to make the general public aware of such a set of vulnerabilities quickly so that attempts to exploit the vulnerability can be prevented or at least noticed quickly,” says Pahlman.

We contacted more than 250 organisations, and by the end of March 74 breaches had been reported to us. The vulnerable Exchange servers of Finnish organisations had been updated by the start of April.

Putting a stop to international scam calls

In recent years, international calls where the caller’s number has been fraudulently changed to a Finnish number have been a common problem in Finland.

In February 2022, Traficom issued a recommendation to telecommunications operators on ways to prevent caller ID spoofing and the transmission of scam calls to recipients in Finland. The recommendation was drafted in cooperation with telecommunications operators.

The measures recommended will be adopted with a Traficom regulation, which is intended to be issued this spring. The obligations imposed in the regulation will enter into force gradually during 2022 and 2023.

The status of communications networks in Finland remains stable

In 2021, disturbances in the public communications network and international services showed us yet again how dependent we are of functioning connections and different kinds of digital services.

The NCSC-FI collects information on disturbances in domestic communications networks. This allows us to tackle the root causes of the disturbances and improve the safety and reliability of networks in cooperation with the industry. The capacity of our networks has been more than sufficient throughout the pandemic, despite the increased load.

The number of critical disturbances that affect least 100,000 users has decreased in recent years. As a whole, the trend can be considered positive, even if the number of significant disturbances has stopped decreasing.

The majority of significant disturbances in Finnish communications networks involve mobile network services, i.e. the functioning of calls, internet connections and SMS. Network malfunctions are caused by power failures, different kinds of configuration errors, hardware failures and cable damage, for example. Faults could also be caused by a human typing error or an excavator bucket hitting a cable.

Regulation helps improve security and reliability in society

The Cyber Security Development Programme drawn up in 2021 specifies the key measures to improve cyber security throughout the whole society. The primary goal of the programme is to create a cyber security ecosystem in Finland that increases the number of jobs in the field, creates the necessary expertise and improves the durability of our digital society with regard to different phenomena in the cyber operating environment. The NCSC-FI has an important role in developing the cooperation at national and international level.

Last year, the Government also adopted a resolution to improve information security and data protection in the critical sectors of society. The resolution focuses, in particular, on more effective cooperation between the authorities, obligatory information security requirements and regular monitoring of the requirements.

The NCSC-FI plays a key role in promoting the goals of the government resolution, developing cooperation and supporting the operations of other authorities.

Even though the NCSC-FI works to promote the use of its services in different sectors, each sector must continue to develop its own operations towards constantly improving information security.

“Information security should be built into the operating culture of critical sectors, and the actors must bear the responsibility for it themselves,” says Deputy Director-General Sauli Pahlman from the NCSC-FI.