The National Cyber Security Centre Finland’s weekly review – 20/2023

Topics covered in this week’s review

• Denial-of-service attacks come in waves
• Data breaches affecting industrial system providers require quick action on the part of their clients as well
• Finnish company: worried about the information security of supply chains? There is still time to participate in Ketjutonttu!
• The National Emergency Supply Agency publishes a guide on cloud services

Denial-of-service attacks come in waves

Denial-of-service attacks have been described as being akin to demonstrations on the internet, display window vandalism and giving the finger to a security camera, for example. As a phenomenon, denial-of-service attacks are usually more harmless than they sound, however. In most cases, denial-of-service attacks are effectively prevented or their impacts remain minor, with only a handful of more severe denial-of-service attacks occurring each year. These more severe attacks can make an identification service unreachable or a transport service mobile app temporarily unusable on consumers’ mobile devices, for example. Denial-of-service attacks can also cause concrete costs and loss of income for different organisations, such as media industry companies that rely on providing consumers and advertisers with constant access to their online services.

Finland joined NATO on 4 April this year. On the same day, the NCSC-FI received seven reports of denial-of-service attacks. In mid-April, we received a few more reports of attacks, some of which affected the availability of services, such as websites. After this, the situation remained calm for about a month until 17 May, when Finnish port organisations were hit by denial-of-service attacks. For more information on these attacks, see this article by Yle (in Finnish) (External link). The NCSC-FI monitored the situation and provided relevant parties with information on the incident.

Organisations need to define their most important services visible to the internet and make the necessary decisions about protecting them as part of their risk assessment. The NCSC-FI has published instructions for organisations about this. (External link)

The NCSC-FI welcomes all reports of denial-of-service attacks, even ones that end up having no effect on services. We use the reports submitted to us to generate situational awareness and to analyse and compare incidents.

Data breaches affecting industrial system providers require quick action on the part of their clients as well

Organisations need to also take incidents affecting their suppliers into account in their preparedness. A cyber attack on an important supplier requires quick action on the part of its client organisations as well.

The victims of the recent data breaches leading to ransomware cases in Europe have also included major companies that serve as critical infrastructure providers and providers of industrial production automation systems. In these types of environments, it is typical for the supplier of an industrial facility to continue playing an important role in the operational maintenance of the facility after commissioning. In such cases, the supplier may also be responsible for maintaining up-to-date documentation on the production facility, investigating incidents and implementing configuration changes related to the production process via remote maintenance connections, for example.

Read our article for more information

Finnish company: worried about the information security of supply chains? There is still time to participate in Ketjutonttu!

The NCSC-FI’s Ketjutonttu campaign is off to a great start: participants have already signed up over 1,000 suppliers for check-ups, the campaign’s security experts have reported over 100 information security observations and the quickest suppliers have already implemented fixes. However, the NCSC-FI is still hoping for more companies of all sizes and from all industries to take part in the campaign. Funded by the National Emergency Supply Agency, the Ketjutonttu campaign involves carrying out security check-ups based on open data sources on your company’s suppliers and helping them fix any discovered vulnerabilities. Participation is free of charge for both you and your suppliers and only takes up a few hours of your time. Participating in the campaign can help you reduce your supplier-related cyber risks, improve your own information security, prepare for the requirements of the NIS2 Directive and improve the security of supply and preparedness of your industry. Learn more and sign up here (in Finnish)! (External link)

The National Emergency Supply Agency publishes a guide on cloud services

We warmly recommend that you check out the National Emergency Supply Agency’s new publication ‘Huoltovarmuutta pilvipalveluilla’ (‘Security of supply through cloud services’) (in Finnish) (External link).

“From the perspective of crisis preparedness and security of supply, cloud services offer clear benefits compared to traditional data centres. That being said, deciding on what kind of cloud services to adopt and how, and whether to extend the use of cloud services to critical functions, is not easy for companies. To support this decision-making, the National Emergency Supply Organisation has published the ‘Tunnista ja turvaa’ (‘Identify and secure’) card deck, which can help companies with decisions related to the adoption of cloud services. By using the card deck, companies can make sure that their decisions are based on facts and also take continuity management and security of supply factors into consideration.”

Be sure to also check out the recent article ‘Yritys kyberhyökkäyksen kohteena’ (‘Company under cyber attack’) (External link) in the National Emergency Supply Agency’s online publication Varmuuden vuoksi (in Finnish).

Vulnerabilities

CVE: CVE-2023-2721
CVSS: Not known yet
What: Google Chrome browser updates
Product: Chrome
Fix: Update the product. More information on the Chrome Releases page (External link)