Front Page: NCSC-FI
Front Page: NCSC-FI

The National Cyber Security Centre Finland’s weekly review – 17/2024

Information security now!

This week, our topics include the use of .fi domain names in phishing and how to ensure information security at the workplace during the summer holiday season.


Topics covered in this week’s review

1. Stay vigilant with .fi websites as well
2. Information security tips for the summer holiday season
3. Investigate and report information security incidents
4. Report from the Digital Security 2024 trade fair in Jyväskylä
5. Recently reported scams
6. Vulnerabilities

Stay vigilant with .fi websites as well

We have recently been receiving reports of phishing websites registered in Finland’s country code top-level domain .fi, with phishing attacks utilising .fi websites being carried out in the names of the Finnish Patent and Registration Office, the Positive Credit Register and Osuuspankki, among others. The idea behind using .fi websites to phish for bank credentials or other sensitive data is to exploit the good reputation of the country code top-level domain.

The NCSC-FI would like to remind readers that the .fi domain extension by itself is not a guarantee of a trustworthy website. When trying to identify a scam website, you should always examine its address in its entirety. A website address cannot be registered to multiple operators, so criminals often use slight variations of an existing website’s address on their scam websites. 

In addition to the address, you can look for signs of phishing in the appearance or content of a website. In many scams, the service that the phishing site is trying to imitate is also completely different from what the address would suggest.

Tips for identifying a safe website address  (External link) 

Since the Finnish Transport and Communications Agency Traficom is also responsible for .fi domain names, the NCSC-FI has received numerous requests to take down phishing websites using the .fi domain name extension. Many parties have also asked or suggested that the registration of .fi domain names should be prevented or that the websites should be taken down immediately.

However, seeing as how domain names play a major role in information exchange and even the realisation of people’s basic rights these days, websites are never taken down lightly. For the same reason, the registration of domain names cannot simply be blocked. Access to a website will only be blocked temporarily and on a case-by-case basis after due consideration if other intervention methods prove ineffective. Even then, the website will first be investigated by the NCSC-FI’s specialists to ensure that it actually poses a major information security risk. Major information security risks include generally accessible websites that phish for bank credentials.

Read more about the subject: Phishing websites in the .fi domain: why are the authorities not doing anything – or are they?  (External link) 

Information security tips for the summer holiday season

Difficult as it may be to believe looking at the snow situation, summer employees are already starting work at many organisations. As part of employee onboarding, organisations should make sure to also provide their summer employees with information about their invoice payment processes. Another important thing that needs to be taken care of during the summer is the installation of new security updates. Below, we also provide information security tips for employees going on holiday trips.

Make sure that all of your employees and substitutes are aware of your invoicing practices

New employees are not always expected to know all of their employer’s processes as well as more experienced employees. Unfortunately, this makes them attractive targets for criminals attempting invoice fraud. These types of scams typically occur during holiday periods. The most effective way of protecting your organisation from invoice fraud is to always verify payment requests by phone or using the original contact information of the issuer. [1]

Prepare to install updates in the middle of the holiday season as well

Critical security updates for systems and applications are naturally released during the summer months as well. As such, it is important for organisations to keep their update processes running as normal during the summer months, even if some of the associated tasks are carried out by substitutes. It is also important to make sure that any instructions and documentation related to update processes are up to date when they are needed. [2] 

Keep information security in mind during holiday trips

We have also compiled eight basic tips for everyday information security, which naturally apply to holidays as well. Check them out to ensure both information security and peace of mind during your summer holiday! [3]

Read more:

[1] Summer means a peak in invoicing scams – how to protect yourself against fraud  (External link) 
[2] Älä anna päivitysprosessin lomailla suvena (‘Do not ignore your update process during the summer’, article in Finnish) (External link)
[3] Kyberrikolliset eivät lomaile - Vinkit tietoturvalliseen kesään (‘Cyber criminals never rest – Tips for a secure summer’, article in Finnish) (External link)

Investigate and report information security incidents

Any organisation can be directly or indirectly affected by an information security incident. Even organisations that have invested in their information security, keep their systems updated and have their processes in order can still end up getting caught unawares. That is why we recently published an Information Security Now! article in which we explain why it is important to investigate security incidents, how to communicate about security incidents and why it is useful to report them to the authorities. 

Check out the article here (in Finnish): Miksi tietoturvapoikkeaman selvittäminen on tärkeää ja miksi asiasta kannattaa ilmoittaa viranomaiselle? (‘Why is it important to investigate security incidents and report them to the authorities?’) (External link)

Syklissä toisiaan seuraavat tunnistaminen, suojautuminen, havainnointi, vaste ja palautuminen, kaiken keskiössä kyberturvallisuuden hallinta. Kybermittari ja harjoitustominta kattavat nämä kaikki. HYÖKY eli kansallinen hyökkäyspinnan kartoitus keskittyy ennen kaikkea tunnistamiseen ja suojautumiseen. HAVARO eli vakavien tietoturvauhkien kansallinen havainnointipalvelu keskittyy havainnointiin ja vasteeseen.
Our services for organisations. The NCSC-FI provides organisations with services that support all the stages of security incident management. Read more:

Report from the Digital Security 2024 trade fair in Jyväskylä

The NCSC-FI participated in the Digital Security 2024 trade fair (article in Finnish) (External link) held for a second time in Jyväskylä, Finland, on Thursday 18 April. The event included presentations by and panels featuring our specialists focusing on topics such as current threats illustrated with concrete examples.

The event brought together a large group of students interested in the topic, representatives of organisations and people fascinated by the different aspects of digital security. The NCSC-FI’s stand attracted plenty of visitors, with many students stopping by to ask for tips on how to apply for a job with the government and what it is like to work for the government, for example. The stand was also visited by representatives of various stakeholders who wanted to discuss the NCSC-FI’s services or current phenomena. 

Recently reported scams

In this summary, we provide information about scams reported to the NCSC-FI during the past week.

Finnish Patent and Registration Office (PRH)

Banks: “Access to signed documents!”


Follow these instructions if you have been scammed:

Immediately contact your bank if you have made a payment based on a scam or a criminal has gained access to your online banking service or gotten hold of your payment card information.

Learn how to detect and protect yourself against online scams


Several severe vulnerabilities in Cisco ASA and FTD products:

  • CVE-2024-20353
  • CVE-2024-20359 
  • CVE-2024-20358

Fix: Update to the latest version

The manufacture recommends checking for signs of compromise in connection with installing updates. 

Read more (in Finnish):  (External link)Useita vakavia haavoittuvuuksia Cisco ASA ja FTD-tuotteissa (‘Several severe vulnerabilities in Cisco ASA and FTD products’)  (External link)