Skip to content
Front Page: NCSC-FI
Front Page: NCSC-FI
Go to SearchSearch
English
Menu

The National Cyber Security Centre Finland’s weekly review – 13/2023

Information security now!

Published

This week, we will be talking about the Hack and Leak phenomenon and the supply chain attack aimed at the 3CXDesktopApp video conferencing software.

TLP:CLEAR

Topics covered in this week’s review

  • Cyber and information influence activities come together in the Hack and Leak phenomenon
  • Supply chain attack on 3CXDesktopApp video conferencing software
  • The European Cyber Security Challenge competition attracts cyber talent to Norway
  • Digital fraud increased significantly towards the end of 2022
  • More than 600 companies have already applied for support for the development of information security
  • Vulnerability summary

Cyber and information influence activities come together in the Hack and Leak phenomenon

The Hack and Leak phenomenon refers to instances where the objective of the attacker is to carry out a data breach of their target and then steal and utilise information critical to the victim. This can be considered a so-called hybrid attack.

Hack and Leak attacks play a key role in information influencing and target institutions and political actors, in particular. Hack and Leak attacks were part of the US presidential election in 2016, for example. At that time, US authorities blamed Russia for interfering in the election, because an email account of the Democratic Party was hacked and the messages within were later published on the WikiLeaks website. The objective of the criminals was to weaken the credibility of Hillary Clinton and the overall trust in democratic institutions.

“It is clear that politicians and those in power have always been of interest to anyone wanting to influence others as well as criminal activity. This has been a known threat for a long time, and parties have prepared for these threats and trained their candidates to protect themselves against them. The authorities have also offered candidates guidance in protecting their data. We have not detected anything alarming or out of the ordinary compared to previous elections this time around,” says Information Security Advisor Otso Manninen from the NCSC-FI.

Read more: Cyber and information influence activities come together in the Hack and Leak phenomenon

Supply chain attack on 3CXDesktopApp video conferencing software

According to observations by data security companies, harmful code has been slipped into the installation package of the widely used 3CXDesktopApp video conferencing software abroad. This code is installed onto the user’s device in connection with an update or installation. A harmful version of the software has been installed, if the download or update has taken place after 22 March 2023.

The aim of a supply chain attack is to gain a foothold in different organisations along the supply chain. Once a foothold has been secured, it can be used in different kinds of further attacks, such as data breaches and ransomware attacks.

Read more: Supply chain attack on 3CXDesktopApp video conferencing software

The European Cyber Security Challenge competition attracts cyber talent to Norway

The annual European Cyber Security Challenge (ECSC) organised by ENISA is a competition for young people aged 14–25, which brings together young cyber security talent from all over Europe to compete and learn together. The 2023 finale will be held in Hamar, Norway, in October.

As part of ECSC, ENISA has published the Open ECSC (External link) for this year. It is an open online version, in which anyone can practice different information security tasks.

Performing the tasks also serves as the qualifier for the Finnish team for the ECSC finale in Norway. If you are 14 to 25 years old and interested in representing Finland in Norway, remember to give permission / select YES in the following sections on the website:
1) sharing your data and results with the Finnish ECSC committee, i.e. Next Gen Hack FI
2) indicate that you want to participate in the Finnish qualifier.

The Next Gen Hack FI website will be published shortly.

More information about the ECSC competition (External link)

Digital fraud increased significantly towards the end of 2022

Digital fraud continued to become more commonplace in 2022, and Finns lost a total of EUR 32.4 million to criminals. This sum could have been even larger if it weren’t for banks and authorities being able to stop the transfer of a total of EUR 14.5 million to the hands of fraudsters and recover the money.

Not all forms of fraud appear in fraud statistics maintained by banks. Incidents where the victim does not report the fraud to the bank or submit a crime report to the police are not displayed in statistics. The precise number of such incidents and the proceeds of such crime cannot be known for certain.

The joint ‘Varo, Varmista, Varoita’ (Watch out, verify, warn others) campaign by companies and the authorities reminds people that it is possible to avoid being swindled.

  • Beware of any messages and other surprising contacts that contain links or ask you to do something.
  • Make sure that any messages you receive are actually sent by the alleged source. Sign in to services using secure routes: enter the direct address to the service in the address bar of your browser or navigate to the service using a bookmark that you have saved. Do not use links provided by search engines. If the service can be used with a dedicated app, use it.
  • Warm others of fraud: your loved ones, acquaintances and colleagues.

Further information of various types of fraud and their prevention can be found e.g. here:

Read more about the ‘Varo, Varmista, Varoita’ (Watch out, verify, warn others) - In Finnish campaign (External link)

More than 600 companies have already applied for support for the development of information security

Applications for support for the development of information security have been received from a total of 667 companies so far, with 122 applications having been completely processed.

Thus far, a total of approximately EUR 2,500,000 of support has been granted to 102 companies. Of this amount, roughly EUR 1,300,000 have consisted of support of up to EUR 15,000 and EUR 1,200,000 have consisted of support of up to EUR 100,000. 

Support for developing information security is direct government support paid to companies in sectors critical to the functioning of society for measures aimed at improving information security. A total of EUR 6 million has been appropriated for the support.

Read more: Apply for support for the development of information security

Vulnerabilities

Critical vulnerabilities in several Apple products. Any updates to Apple devices should be installed immediately.

CVE: Numerous CVE numbers.
CVSS: Numerous values.
Product: Numerous Apple devices, e.g. iOS and MacOS.
Fix: Updates are available, please update immediately. Comprehensive product-specific additional information is available on the Apple website.

For more general information about vulnerabilities and the terminology used, please see our Information Security Now! article ‘NCSC-FI vulnerability coordination in a nutshell’.

ABOUT THE WEEKLY REVIEW

This is the weekly review of the National Cyber Security Centre Finland (NCSC-FI) (reporting period 24 March–30 March 2023). The purpose of the weekly review is to share information about current cyber phenomena. The weekly review is intended for a wide audience, from cyber security specialists to regular citizens.

Previous weekly reviews are available here