Front Page: NCSC-FI
Front Page: NCSC-FI
Menu

Information security now!

This week, we will be talking about data breaches on social media accounts and ID phishing on Microsoft M365 user accounts. Patch Tuesday featured many updates – remember to update your device!

TLP:CLEAR

Topics covered in this week’s review

  • Update your device – a large number of new patches released this week
  • Social media account breaches on the rise
  • Active phishing on Microsoft M365 user accounts
  • Recent review examined authorities’ capacity to ensure cyber security
  • The number of data breaches and scams spelled rainy cyber weather in March
  • Vulnerabilities in several Apple products

Update your device – a large number of new patches released this week

The second Tuesday of each month is known as Patch Tuesday in the cyber world. That is when many well-known manufacturers and software companies release updates for their products. We also published a vulnerability article on the information security updates released by Apple this week.

Any devices that you use regularly should be set to auto-update. If you cannot do this, check the devices and apps for updates regularly. At worst, a product that has not been updated can enable attackers to access the device remotely over the web. If this happens, the device can be used for criminal purposes in the name of the owner. Updates enhance the information security of devices and software and improve their functionality as well as add new features.

“In addition to your own devices, you should also ensure the information security of the devices and software used by your loved ones. Not everyone has enabled automatic updates, made sure their backups are in order and introduced multi-factor authentication on important accounts. It is important to help others in matters concerning information security, if you have the skills,” says Information Security Specialist Matias Mesiä from the NCSC-FI.

You can subscribe to warnings and vulnerability summaries drafted by us by joining the CERT-FI-ALERT mailing list. Subscribe to our information security news summary, as well, while you’re at it.

Social media account breaches on the rise

The significant increase (35%) in data breaches and leaks from January and February to March was mostly due to social media account breaches. The rise in breaches of social media accounts alone was more than 65% in the same period. Of the social media account breaches reported to the National Cyber Security Centre Finland, 65 per cent were Facebook account breaches. With the exception of a few individual reports, nearly all of the monthly reports were submitted by private individuals.

Breaches often start with someone asking the user for a phone number or the user participating in a competition advertised in the name of a reputable company, which turns out to be a scam. In most cases, using multi-factor authentication would have prevented the breach.

Remember these tips:

If your livelihood is based on social media, review any risks carefully and try to consider in advance what you would do if you did not have access to your account or it was hijacked. How could you inform your customers? If worse came to worst, how could you create a new account and restore data from backups? How would you report a data breach to the platform service provider?

Active phishing on Microsoft M365 user accounts

Over the past week, we have received reports of incidents of Microsoft M365 user account phishing from various organisations. This time, the incidents involve various messages related to secure email that have been sent to the organisations for the purpose of phishing for usernames and passwords. Similarly to earlier instances, the messages are sent by accounts that have already been breached. In many cases, the phishing link has directed the user to an address like this: “https://’various-words'.powerappsportals.com/"

Turvapostiteemainen kalasteluviesti
Example of a phishing message. According to information received by the National Cyber Security Centre Finland, actual messages resembling the one above do not require users to enter their username or password.

Using multi-factor authentication can prevent almost all account hijacking attempts. In companies, the administrator must first enable multi-factor authentication related to M365 services.

Recent review examined authorities’ capacity to ensure cyber security

In early 2022, the Ministry of the Interior and the Ministry of Defence set up a project to assess the capacity of authorities to ensure national cyber security, prevent cybercrime, implement cyber defence and respond to rapidly evolving situations that threaten society's cyber security. The report was published on 11 April 2023.

The report contains proposals by the working group concerning both rapidly employable development measures and those requiring legislative amendments in seven key areas: the strategic goal state of cyber security, cooperation and the processes of public authorities, situational awareness, information exchange, influence and responses, data acquisition and protection of public safety networks.

The number of data breaches and scams spelled rainy cyber weather in March

Reports of various types of data breaches increased in March compared to the beginning of the year. Text message scams

This time, we have also included updated quarterly statistics, which depict the trends of the first part of the year. We have seen an increasing amount of CEO fraud and other invoicing fraud in the first quarter of 2023. Phishing for bank credentials has also continued to increase. During the past quarter, the largest denial-of-service attack in Finland was 89 Gbit/s in scope. Most of the denial-of-service attacks in the beginning of the year lasted less than 15 minutes.

Read more about Cyber Weather for March (in Finnish) (External link)

Vulnerabilities

CVE: CVE-2023-28205, CVE-2023-28206
CVSS: 8.8 and 8.6
What: Critical vulnerabilities in several Apple products that can be updated.
Product: In several Apple products; iOS, iPadOS and macOS.
Fix: Updates are available, please update immediately. The Apple website contains comprehensive additional product-specific information.

ABOUT THE WEEKLY REVIEW

This is the weekly review of the National Cyber Security Centre Finland (NCSC-FI) (reporting period 6 April–13 April 2023). The purpose of the weekly review is to share information about current cyber phenomena. The weekly review is intended for a wide audience, from cyber security specialists to regular citizens.