The National Cyber Security Centre Finland’s weekly review – 07/2024

The year has gotten off to a busy start in terms of vulnerabilities

Last Friday, we published a vulnerability bulletin about critical vulnerabilities in Fortinet products (in Finnish). This marked our eighth vulnerability bulletin published this year, the significance of which becomes apparent when you consider that last year, we had only just published the first vulnerability bulletin of the year around this time (14 February 2023).

We prepare vulnerability bulletins on the most notable vulnerabilities. Our assessment of the notability of a vulnerability is based on a number of factors, such as

• how easy the vulnerability is to exploit
• whether the vulnerability can be exploited remotely
• how widely used the vulnerable product or component is in Finland
• whether the vulnerability has already been actively exploited
• whether the vulnerability gives rise to exceptionally active discussion.

Outside of vulnerability bulletins, we also share information about vulnerabilities in our daily vulnerability digest, for example. You can subscribe to the vulnerability digest here.

As already mentioned, the start of the year has seen the disclosure of an exceptionally high number of notable vulnerabilities, including the critical vulnerabilities in Ivanti products , which affected hundreds of servers in Finland.  In the cases of both the Ivanti and Fortinet vulnerabilities, criminals have already been found to be exploiting them.  The time between a vulnerability being disclosed and its active exploitation is constantly growing shorter, which is why organisations should carry out vulnerability management even during holiday periods and install patches addressing vulnerabilities, especially critical ones, without delay. This applies especially to network devices or systems visible to the public internet. In connection with the installation of patches, it is also advisable to look for any signs of the patched vulnerabilities having already been exploited.

If you detect signs of the exploitation of a vulnerability or attempts thereof, you should not hesitate to report it to the NCSC-FI. You can also report the discovery of a new vulnerability to us. In the case of a suspected data breach or attempt, we recommend also filing a police report.

Ongoing phishing campaigns in many sectors

In recent weeks, the NCSC-FI has been receiving reports of several different phishing campaigns, with phishing messages being sent under the names of various banks, MyKanta and Booking.com, among others. We have also received numerous reports of phishing messages themed around speeding tickets and penalties. If you receive such messages, do not open the included links or enter your bank credentials on the websites that they lead to.

Scammers impersonating authorities to phish for bank credentials

Many people in Finland have been receiving scam messages sent under the names of various authorities. The themes of the messages have varied from updating personal information in MyKanta to taking care of tax matters in the MyTax service and responding to traffic violations online.

The themes of the scam messages are aimed at creating a sense of urgency for the purpose of getting the victim to enter their credentials on a phishing site. It is important to remember that messages sent by Finnish public authorities will never include links. You should also never enter your credentials on websites that you doubt the authenticity of.

Active phishing under the names of banks continues

There are still large numbers of phishing messages going around under the names of Finnish banks. These messages are also aimed at getting the recipient to urgently log in to the websites that the messages include links to. Genuine messages from banks do not usually include links, and you should only ever log in to your online bank service via your bank’s official app or by entering the bank’s address in the browser address bar yourself.

The NCSC-FI has also received reports of cases where scammers have called victims and impersonated bank employees. In some cases, the calls were preceded by phishing messages sent under the name of some other party, such as the Finnish Tax Administration. After entering their bank credentials on the phishing site, the victims received a call from scammers, who tried to get the victim to disclose their key code list code that is required to log in to online banking services, for example. Banks will never ask for your login credentials over the phone, so you should never disclose them to an unknown party. You can also always check your bank’s official customer service number from their website if it appears like a call is not coming from the right number.

Phishing under the name of Booking.com

The NCSC-FI has also received reports of customers of Booking.com being relayed messages via the service that were actually sent by scammers instead of the booking service. The scam messages have been used to phish for credit card numbers, among other things. You should never disclose your information on a website that you are not absolutely sure is genuine.

The messages may appear very convincing and include details of a real hotel reservation. In addition to this, the messages arrive from a Booking.com email address. The links included in the messages have led to a phishing site disguised to look like the real Booking.com website.

If you receive a message like this and have doubts about its authenticity, you can always ask the hotel about it using their own contact information. You should also always check the URL displayed in your browser’s address bar before entering your personal data or bank credentials.

The presidential election went smoothly

Before Finland’s recent presidential election, we reported on Finnish authorities’ cross-administrative cooperation and preparations for securing the information systems relevant to the election. Although the second round of the presidential election was the closest in the history of the current election system, it did not manage to send election officials’ heart rates soaring, as the counting of votes and publication of the results proceeded smoothly and on schedule. Citizens were able to access all the relevant information conveniently via their televisions, radios and various online services throughout the election weekend. This is all thanks to the experience and expertise of the authorities, private service providers and media companies involved. The preparations were extensive, and despite the involvement of many different actors, everything worked seamlessly together. A credible election system that people trust is an important part of the perceived overall safety and security of our society.

The experience gained and lessons learned from the presidential election provide a good basis for the next election coming up in the summer: the European Parliament election will take place in all EU Member States during the period of 6–9 June 2024. Finnish authorities will be continuing their cross-administrative cooperation throughout the spring to ensure that the European Parliament election proceeds smoothly as well. Let’s keep up the good work!

New regulations concerning digital services enter into effect

New obligations are being imposed on online platforms and other digital services when the EU’s Digital Services Act (DSA) starts applying to all online intermediaries in the EU on 17 February 2024. The purpose of the DSA is to reduce illegal content and increase the openness of digital services.

The DSA will improve the status of the users of digital services. In future, if you submit a report of suspected illegal content in an online service, the service provider must process the report and inform you of the measures taken in response to it. If you produce content on social media or sell goods via a digital marketplace, you have the right to be informed of and receive justifications for any restrictions on the use of the service.

In Finland, the main supervisory authority for the DSA is Traficom, but certain obligations are supervised by the Consumer Ombudsman and the Data Protection Ombudsman. For very large online platforms, the DSA already entered into effect in summer 2023. They are supervised by the European Commission.

Further information:

SMEs still have time to apply for financial assistance

The NCSC-FI grants financial assistance for the deployment of modern cyber security solutions and innovations to Finnish microenterprises and SMEs. The assistance is granted to projects that will develop the applicant enterprise’s own operations and capacity to protect itself from information security threats and lead to more long-term information security improvements.

The total amount of financial assistance being allocated is EUR 1,500,000, with the maximum amount of assistance to be granted per applicant and project being EUR 60,000. The financial assistance can cover up to 75% of the total costs of a project. The financial assistance can be granted for projects to be carried out between 2 January and 30 September 2024.

The financial assistance is discretionary and will be granted to applicants that meet the eligibility criteria and the terms for the financial assistance and score the highest in the application evaluation process. The application period ends on 1 March 2024 at 16:15.

Read more about the financial assistance and how to apply on our website (in Finnish). (External link)

Vulnerabilities

CVE: CVE-2024-21762 and CVE-2024-23113
CVSS: 9.6 and 9.8
What: Critical vulnerabilities in Fortinet products
Product: FortiOS, FortiProxy, FortiPAM and FortiSwitchManager
Fix: Update to a newer version

More information (in Finnish).