The National Cyber Security Centre Finland’s weekly review – 01/2024
Information security now!
This week, we provide information on funding opportunities in early 2024 and review some of the most important developments in cyber security in 2023.
Topics covered in this week’s review
- Application round for financial assistance intended for SMEs for the deployment of modern cyber security solutions and innovations now open
- Sign up now! Webinar on current and upcoming funding opportunities in the field of cyber security 18 January 2024
- 2023 in review: cyber security in Finland
Application round for financial assistance intended for SMEs for the deployment of modern cyber security solutions and innovations now open
The NCSC-FI operating under the Finnish Transport and Communications Agency Traficom has launched an application round for financial assistance intended for the deployment of modern cyber security solutions and innovations. Applications for the financial assistance can be submitted by microenterprises and small and medium-sized enterprises registered in Finland. The assistance is granted to projects that will develop the applicant enterprise’s own operations and capacity to protect itself from information security threats and lead to more long-term information security improvements.
The application round started on 2 January 2024 and ends on 1 March 2024. The total amount of financial assistance available is EUR 1.5 million, with the maximum amount of assistance to be granted per project being EUR 60,000. The financial assistance can cover up to 75% of the total costs of a project. The financial assistance can be granted for projects to be carried out between 2 January and 30 September 2024.
The financial assistance is discretionary and will be granted to applicants that meet the eligibility criteria and the terms for the financial assistance and score the highest in the application evaluation process.
Sign up now! Webinar on current and upcoming funding opportunities in the field of cyber security 18 January 2024
The NCSC-FI’s National Coordination Centre is holding a webinar on 18 January 2024 from 10:00 to 11:30 to provide information on funding opportunities in the field of cyber security in early 2024. The first section of the webinar from 10:00 to 10:45 will provide information on the financial assistance intended for the deployment of modern cyber security solutions and innovations available from the NCSC-FI operating under the Finnish Transport and Communications Agency Traficom. The second section of the webinar from 10:45 to 11:30 will provide information on open calls under the European Commission’s Digital Europe Programme. Depending on the funding programme, funding can be granted to companies, NGOs, universities, research institutes and public sector operators.
Event participants will be provided an opportunity to ask questions about the funding opportunities. The webinar will be held in Finnish. The webinar will not be recorded. The presentations of the event will be published after the event at www.kansallinenkoordinointikeskus.fi. Please register your participation in the webinar by 12:00 on 17 January 2024 using the registration form below.
2023 in review: cyber security in Finland
Last week, we reviewed (External link) what 2023 was like in light of our weekly reviews. This week, we take one more look back at the past year.
Out of all the information security incidents reported to the NCSC-FI, different types of scams and phishing attacks have remained the most common year after year. In 2023, Finland took a big step in preventing scam calls as a result of Traficom and Finnish telecommunications operators working together to develop solutions for preventing scam calls originating from abroad that involve the caller ID spoofing of Finnish numbers. The solutions are detailed in a new regulation that entered into effect at the start of October, to immediate results.
“The numbers of scam calls to Finland from abroad soon plummeted. Criminals found that there was no point in calling Finland anymore, since the calls would simply not go through,” commented Director of the NCSC-FI Pekka Jokinen on Yle news (External link).
Another way in which we managed to reduce cyber impacts on Finnish society in collaboration with companies was by improving denial-of-service attack mitigation. In 2023, Finnish organisations were frequently targeted particularly by the pro-Russian hactivist group NoName057(16). However, according to reports from targeted organisations, most attacks were successfully thwarted, especially towards the end of the year.
“It bears keeping in mind that even if a denial-of-service attack prevents access to a public authority’s website, their operative systems remain unaffected,” Pekka Jokinen points out.
Vulnerabilities
CVE: CVE-2023-51764, CVE-2023-51765, CVE-2023-51766
CVSS: not disclosed
What: Vulnerability in the implementation of the Simple Mail Transfer Protocol (SMTP) in several email applications
Product: Postfix, Sendmail, Exim, Cisco Secure Email Gateway, but also other potentially vulnerable products
Fix: Postfix, Sendmail and Exim: install versions that fix the vulnerability. Cisco: implement the manufacturer’s recommended configuration changes
ABOUT THE WEEKLY REVIEW
This is the weekly review of the National Cyber Security Centre Finland (NCSC-FI) (reporting period 29 December 2023–4 January 2024). The purpose of the weekly review is to share information about current cyber phenomena. The weekly review is intended for a wide audience, from cyber security specialists to regular citizens.