The National Cyber Security Centre Finland’s weekly review – 1/2023

Topics covered in this week’s review

• The new year is off to a calm start
• Phishing and scam campaigns continue
• Criminals exploiting people’s distress
• Get your cyber security basics in order!
• Vulnerabilities

The new year is off to a calm start

Based on reports submitted to the NCSC-FI, the first week of the new year has been calm in terms of cyber security. Denial-of-service attacks have not been as prevalent as back in December; while we have continued to receive reports of attempted denial-of-service attacks, the number of reports submitted has decreased significantly compared to December. The reported attempts have all been successfully thwarted, with no visible impacts.

What the reports submitted to the NCSC-FI are showing now are increasing numbers of various types of scams, such as phishing attempts and fake webshops. Most of these reports have come from persons who have identified poorly attempted scams without actually falling for them. For example, there have been CEO fraud attempts targeting some organisations, but these attempts have remained unsuccessful thanks to the vigilance of the persons targeted.

For more information on how to avoid scams, please see our guide: How to protect yourself against online scams .

If you or your organisation suffers a data breach, you can report it confidentially to the NCSC-FI. We also welcome examples of phishing messages and will contact the parties whose compromised accounts the phishing messages are being sent out of, if necessary.

Report to us

If you suspect that you have become the victim of a crime, you should always file a police report (External link) either online or at your nearest police station.

Phishing and scam campaigns continue

Various phishing campaigns have continued unabated during the first week of the year.

There are currently large numbers of phishing messages impersonating banks going around. Taking the form of either text or email messages seemingly sent by a bank, these messages will claim that the recipient needs to log in to their account. The messages can seem highly believable and are often written in fluent Finnish.

Identify phishing messages to avoid entering your account information on a phishing site

• Exercise caution whenever someone contacts you to ask for your personal information.
• If you receive a suspicious message, you can try contacting the alleged sender some other way to verify whether the message is genuine.
• Public authorities, banks and other trustworthy parties will never call you or send you a text message or email to ask you for your online bank credentials or credit/debit card information. Furthermore, genuine messages will never include a direct link to a login page.
• You should always check the sender’s or caller’s information and compare it to the numbers or email addresses that they have used previously, for example. You can also visit the bank’s or public authority’s website to verify their official contact information.
• Learn to identify phishing websites with these instructions:

ide/en/news/identify-safe-website-its-addres
Tips for identifying suspicious websites
For more information on how to protect your user accounts, see our article Advice to help you protect your accounts .

If you suspect that you might have entered your bank credentials on a phishing website, contact your bank immediately. After that, file a police report. (External link)

Lately, some Finnish users have also experienced phishing attempts related to multi-factor authentication on Facebook. These typically involve one of your ‘friends’ contacting you on Facebook Messenger about a competition or prize draw, for example, and asking you to send them a code that you receive via text message. This code is actually the code used in multi-factor authentication, which the scammer is trying to obtain in order to break into your Facebook account.

Facebook friends contacting you in unusual ways or messages written in unusually poor Finnish can be signs that your friend’s account has been compromised. To verify whether the person messaging you is actually the person you know, you can try asking them some questions without disclosing any of your own personal information. If your friend will not give you any straight answers, you are most likely chatting with someone who has hijacked your friend’s account. In such cases, it is a good idea to contact the friend some other way to verify whether they are aware of what is happening. In any case, you should never do the things that a message asks you to do before being absolutely sure that the message was actually sent by a person you know.

Criminals exploiting people’s distress

Besides social media phishing, another, more recent phenomenon that has been on the rise lately is parties calling themselves hackers offering to help users restore deleted social media accounts for a fee. These so-called hackers typically target persons who make a living on social media, for whom losing access to a social media account can be particularly devastating.

These parties will typically request various types of information to help restore the account, such as passwords or a copy of the user’s passport. While some individuals have reported getting their user accounts back by following the instructions, in the vast majority of cases these so-called hackers are trying to pull off some kind of scam.

The party offering to help may, in fact, be the one responsible for getting the user account deleted in the first place, or they may be working together with someone else who can restore the account. The fact is that you should never disclose personal information, such as your personal identity code, to an outsider. The restoration of social media accounts is always handled by the provider of the social media service in question, and outsiders cannot restore accounts without engaging in cooperation with the service provider.

If your social media accounts have been compromised, you should always contact the service provider directly first. Even if the service provider’s customer service is slow, the only way to safely restore a user account is to go through the official restoration channels.

Get your cyber security basics in order!

While sophisticated cyber attacks are often the ones that garner the most publicity, the fact is that most successful cyber attacks could have been avoided with basic information security measures.

The criminals carrying out cyber attacks are primarily looking for easy money and consequently target individuals or organisations whose cyber security is lacking. Some of the basic methods that these criminals employ include phishing, scams and the exploitation of incorrect configurations. As such, the ways to defend against these kinds of attacks should also be a part of every person’s basic cyber security skills.

Data breaches that exploit weak or default passwords are common, but they are also easy to prevent with good password hygiene. Using strong passwords and enabling multi-factor authentication are easily implemented measures that provide effective protection against attempted data breaches.

If you are struggling with long passwords, a password manager can help. With a password manager, you no longer need to remember multiple, complex and long passwords, as it is enough to remember the password manager’s master password. The master password gives you access to all of your other passwords, which you do not necessarily even need to actually know – all you need to do is copy and paste passwords from the password manager into the login screens of the services that you want to access.

Popular password manager LastPass has been making headlines lately due to having suffered an unfortunate data breach. What makes this breach particularly notable is that the content of the stolen user databases was only partially encrypted. Data that was leaked unencrypted include URLs and other metadata related to passwords. It should be noted that criminals may attempt to decrypt encrypted data even after long periods. As such, we recommend that all LastPass users should change at least the most important passwords that they had stored in the password manager. The leaked data could potentially be used for targeted phishing and personal profiling as well. For more information on the incident, please see the notice published by LastPass:

LastPass: Notice of Recent Security Incident (External link)

Despite these unfortunate news, password managers are still worth using, as in many cases the only alternative is to use unsafe passwords. In addition to security, using a password manager also improves usability, as nowadays it is typical for every person to have numerous user accounts on various services. Having to only remember a single master password inevitably makes it easier to manage a large number of user accounts.

Tips for using a password manager

In addition to covering cyber security basics, our website also has instructions for foresight and procedures in various exceptional circumstances.

Vulnerabilities

CVE: CVE-2022-43931
CVSS: 10
What: Arbitrary code execution vulnerability in the Remote Desktop Functionality of Synology VPN Plus Server
Products: VPN Plus Server for SRM 1.2 and 1.3
Fix: Update to version 1.4.4-0635, 1.4.3-0534 or newer

Synology’s security advisory. (External link)

Subscribe to the NCSC-FI’s newsletters  (External link)or RSS feeds  (External link)to be notified as soon as new information is published.