The National Cyber Security Centre Finland’s weekly review – 12/2024

The ‘Information security in 2023’ report forecasts that the threat level will stay elevated in 2024 as well

The ‘Information security in 2023’ report, which provides information on and assessments and analyses of the most notable cyber phenomena, trends and information security regulations in 2023, has been published. In terms of cyber security, 2023 was characterised by ransomware, scam messages and denial-of-service attacks. Criminals seemed to be one step ahead in 2023, effectively exploiting opportunities to breach organisations’ information systems, scam money and personal data from citizens and disrupt popular websites as a way of protest. The cyber security threat level has remained elevated since September 2022, and the NCSC-FI estimates that it will continue to remain so in 2024 as well.

“Last year saw cyber attacks grow more severe and targeted,” says Deputy Director-General of Traficom’s NCSC-FI Anssi Kärkkäinen. “Although the situation is serious, it is also stable. In response, we have been persistently developing our preparedness. Cybersecure Finland is the result of effective cooperation.”

As society becomes increasingly digitalised, our everyday lives are becoming more and more dependent on reliable and secure digital services. When these services are disrupted, the effects are rarely limited to individual actors. Preparing for and responding to modern threats requires close cooperation between the various sectors of society and uninterrupted and quick exchange of information.

Tune in to the Futucast podcast this spring to hear our specialist talk about cyber security

The Futucast podcast will be focusing on a number of topics related to cyber security this spring, with our specialists joining the discussion about various cyber security matters. The episode released on 15 March featured Senior Specialist Helinä Turunen (External link), who provided tips on how to protect yourself from cyber crime. Upcoming episodes will also include discussion about themes related to the future of information security and cyber crime, for example.

You can listen to Futucast episodes on the Futucast website (External link), YouTube and various podcast platforms.

New publications on the transition to cloud services and minimum information security requirements

The use and adoption of cloud services are topical matters for many organisations. In recognition of this, the Ministry of Finance has published a guide on cloud services aimed for government organisations. The guide is part of the Cirrus project funded by the Ministry of Finance, which is aimed at promoting the cloud transition of Finland’s public sector. Read more about the guide here (in Finnish) (External link).

The Ministry of Finance has also published a recommendation on minimum requirements for information security. The recommendation defines the minimum requirements for information security that everyone from authorities to private individuals should meet. Read more here (in Finnish). (External link)

Recently reported scams

In this summary, we provide information about scams reported to the NCSC-FI during the past week.

Vulnerabilities

CVE: CVE-2024-2605, CVE-2024-2606, CVE-2024-2607, CVE-2024-2608, CVE-2023-5388, CVE-2024-2609, CVE-2024-2610, CVE-2024-2611, CVE-2024-2612, CVE-2024-2613, CVE-2024-2614, CVE-2024-2615

CVSS: not disclosed

What: Vulnerabilities in the Firefox browser

Product: Mozilla Firefox

Fix: Update the browser

More information: https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/