The National Cyber Security Centre Finland’s weekly review – 11/2024
Information security now!
Microsoft 365 account hijacking is on the rise again. This time, criminals are phishing for credentials under the name of Dropbox. Multi-factor authentication is an effective way of defending against phishing.
Topics covered in this week’s review
- Scammers phishing for email credentials with a Dropbox link
- Text message scam themed around vehicle tax phishing for bank credentials
- Cyber attacks moving to the cloud
- AI becoming an increasingly important element of future information security solutions
- February Cyber Weather report published
- Information Security Trailblazer award given out at the Tietoturva 2024 information security seminar
- Vulnerabilities
Scammers phishing for email credentials with a Dropbox link
Over the past week, the NCSC-FI has once again received several reports of Microsoft 365 account hijacking. In the most recent wave of attacks, accounts have been hijacked with the help of a PDF file distributed via Dropbox. The names of the files have included long strings of numbers. The scam message notifying users of the shared file includes a link that leads to a phishing website asking for the victim’s username and password.
If you make the mistake of clicking the link in the scam message and entering your email username and password on the website that opens up, your email account will be hijacked by criminals, who may use it for fraud and to send out more phishing messages, for example. Hijacked accounts have been used to send out as many as thousands of new phishing messages.
Prevent, report, react
- The NCSC-FI urges all organisations using Microsoft 365 services to provide their employees with information about the threats posed by phishing messages.
- One effective way of protecting against phishing is to make multi-factor authentication mandatory for your organisation’s users.
- We also recommend that organisations internally review whether their users need to be able to install software directly as part of their Microsoft 365 subscription.
- In some cases, criminals have installed an eM Client on a breached account that is utilised for sending phishing messages from the account. The existence of the application in an environment where it is not usually used could be a sign of a data breach.
- If you suspect a message that you received to be a phishing message, you should report it to your organisation’s IT support. You can also report phishing messages and their links to the NCSC-FI. The NCSC-FI will investigate the link and report any malicious links to the website administrator.
Read more about prevention and mitigation measures
The National Cyber Security Centre Finland’s weekly review – 04/2024
The National Cyber Security Centre Finland’s weekly review – 08/2024
Text message scam themed around vehicle tax phishing for bank credentials
The Finnish Transport and Communications Agency Traficom is warning people about scam messages sent under its name (bulletin in Finnish) (External link). The scam message claims that the recipient has not paid their vehicle tax. The message is a phishing message designed to get you to click on the included link and hand your bank credentials over to criminals.
Follow these steps
- Do not click on links included in email or text messages.
- Do not access services via links or search engine results. What you should do instead is enter the address of the website in its entirety in the browser address bar.
- Save the addresses of important services as browser bookmarks or favourites, which provide a secure way of accessing the services in future.
- If you have entered your credit card information or bank credentials on a website, you may have become the victim of fraud. If this is the case, you should first contact your own bank and then submit a police report. Attempted fraud should be reported as well.
Cyber attacks moving to the cloud
As a result of the ongoing cloud transformation, cyber attacks are also moving to the cloud. The operations of both cyber criminals and state actors are also increasingly targeting organisations’ cloud environments. Instead of exploiting vulnerabilities, the attacks carried out as part of these operations focus on hijacking working user accounts or stealing and exploiting authentication tokens.
AI becoming an increasingly important element of future information security solutions
There is currently a great deal of discussion going on about artificial intelligence and the utilisation thereof in the promotion of cyber security. Many industries are already using various AI-based information security solutions. Where are we currently at in terms of the development and use of such solutions? What kinds of developments can we expect to see in the future? What kinds of opportunities does AI present for the development of information security overall?
These are some of the questions explored in the new report on AI-based cyber security solutions prepared by Traficom and the National Emergency Supply Agency.
In addition to providing an overview of the current situation and examining future trends, the report offers practical instructions regarding an effective process for developing AI applications and the worst pitfalls. With the help of the report, organisations can improve their own understanding of and know-how in the utilisation of AI to improve information security.
February Cyber Weather report published
The cyber weather in February was characterised by rains. Microsoft 365 accounts continued to be hijacked in February as well. Hacktivists also continued their denial-of-service attacks, with a large number of Finnish organisations suffering attacks at the start of the month.
Glimpses of light in February included SMS Sender IDs protected against scams, of which there are now over 80. Each protected SMS Sender ID reduces criminals’ ways of impersonating authorities and companies. Meanwhile, the long-term trends section of the report takes a look at the increasingly rapid exploitation of vulnerabilities.
Information Security Trailblazer award given out at the Tietoturva 2024 information security seminar
The Tietoturva 2024 information security seminar organised by the Finnish Transport and Communications Agency Traficom and the National Emergency Supply Agency was held in Helsinki on 13 March 2024. The event focused on examining the future of information security and cyber security from the perspectives of AI and quantum technology, among others.
The seminar also included the award ceremony of this year’s Information Security Trailblazer award. This year, the award recognised the cooperation carried out by Finnish telecommunications operators and public authorities in preventing international scam calls and messages. The recognition was awarded to DNA Oyj, Elisa Oyj, the National Bureau of Investigation, the Finnish Transport and Communications Agency Traficom, Länsilinkki Oy, Setera Communications Oy, Suomen Numerot NUMPAC Oy, Telia Finland Oyj and Ålands Telekommunikation Ab.
A recording of the event will soon be published on Traficom’s YouTube channel (External link).
The seminar was attended by a total of over 2,200 people on-site and remotely. Thank you to all attendees! We hope to see you again at the Tietoturva 2025 seminar next March.
Vulnerabilities
CVE: CVE-2023-48788
CVSS: 9.3
What: Critical vulnerability in a Fortinet product
Product: FortiClient Endpoint Management Server
Fix: Software update
Fortinet’s bulletin (External link)
ABOUT THE WEEKLY REVIEW
This is the weekly review of the National Cyber Security Centre Finland (NCSC-FI) (reporting period 8–14 March 2024). The purpose of the weekly review is to share information about current cyber phenomena. The weekly review is intended for a wide audience, from cyber security specialists to regular citizens.