The National Cyber Security Centre Finland’s weekly review – 09/2024

Various types of recruitment scams going around

The National Cyber Security Centre Finland has recently been receiving reports about various scams related to recruitment. Even though the scams have caused no actual damage, the phenomenon is interesting. You can notify the National Cyber Security Centre Finland if you receive or observe any scams in relation to recruitment.

The recruitment scams have come in many forms:

• People have pretended to represent an organisation’s HR and approached potential candidates
• Vacancies that do not actually exist have been advertised in online services on behalf of organisations
• Citizens have received different job offers e.g. via WhatsApp
• Organisations have received exceptionally large numbers of applications to open vacancies
• Spam has also been an issue: open applications have been flooded with computer-generated messages

Please report your observations to the National Cyber Security Centre Finland!

We previously covered WhatsApp recruitment scams in our weekly review 50/2023 .

Be careful with attachments!

We all receive attached documents through various services. We generally think of attachments in connection with email, but they can also be received through different online forms or services. Organisations have prepared for email attachments e.g. by automatically inspecting the quality of attachments with different protective methods. Some harmful messages are indeed automatically quarantined or the attachment is removed before reaching the inbox.

Scammers know how to disguise an attachment or even package it inside another file. This may allow the file to pass through various security controls to be viewed in the user’s email inbox or service. At this stage, the vigilance of users and the quality of the organisation’s internal information security training need to step up.

Attached files can e.g. spread malware that in the worst-case scenario can lead to ransomware or less severe information security incidents. Antivirus software can also place a workstation under quarantine, which may require reinstallation.

Advice on attachments:

• Inspect the email and whether it and its attachments are genuine
• Do not automatically click on Office attachments or .zip packages
• If necessary, ask a friend or the person in charge of the organisation’s information security about the quality of an attachment
• Draw up instructions in your organisation on how to deal with attachments if they are a part of your work tasks
• Do not approve macros or other permissions requested by an attachment without being sure
• Keep important files safe in case an attachment infects your computer
• Keep backup copies up to date and available in case a workstation or an entire environment is infected by malware through an attachment

Organisations need to be aware of any systems that can send attachments to be processed by employees. You should test what files can be avoided and then implement the necessary hardening to improve information security. Not all attachment file formats should be approved, and processes should be drawn up on how to deal with each.

Training, mapping and vigilance are less costly than a cyber incident!

Anssi Kärkkäinen appointed as the new Deputy Director-General of the National Cyber Security Centre Finland at Traficom

Doctor of Science (Technology) with a General Staff Officer’s Degree, Anssi Kärkkäinen has been appointed as the new Deputy Director-General of the National Cyber Security Centre Finland at the Finnish Transport and Communications Agency Traficom for a fixed term of three years as of 4 March 2024. Kärkkäinen is also a member of the Agency’s executive group.

“The National Cyber Security Centre Finland at Traficom has a significant role in increasing the overall cyber security of our society,” says Kärkkäinen. “It is a privilege to be able to work with the Centre’s cyber security professionals, interest groups and partners. Our shared aim moving forward is an even safer Finland, also in the digital operating environment.”

Vulnerabilities

CVE: CVE-2024-26294, CVE-2024-26295, CVE-2024-26296, CVE-2024-26297, CVE-2024-26298, CVE-2024-26299, CVE-2024-26300, CVE-2024-26301, CVE-2024-26302, CVE-2023-50164

CVSS: 9.8

What: Several vulnerability fixes 

Product: Aruba Networking ClearPass Policy Manager 

Fix: Update