The National Cyber Security Centre Finland’s weekly review – 25/2023

Topics covered in this week’s review

• Increased vigilance required to defend against phishing and scam messages
• Victims of the Vastaamo data breach targeted with ‘housing allowance’ phishing messages
• NCSC-FI authorised as a CVE Numbering Authority
• Protect your local area network devices
• Financial assistance applications from SMEs for the deployment of modern cyber security solutions now being accepted
• Vulnerabilities

Increased vigilance required to defend against phishing and scam messages

Phishing and scam messages are constantly evolving, with criminals utilising various technologies, such as machine learning and artificial intelligence, as well as psychological methods to win their victims’ trust. And no wonder, as phishing campaigns are lucrative for criminals. According to the NCSC-FI’s estimate, approximately one hundred Finnish organisations have had their email accounts compromised in the last few months as a result.

One of the most significant developments contributing to the believability of online scams has been the utilisation of social manipulation. What this means is that scammers strive to collect as much information as possible about their potential victims from open information sources, such as social media profiles and organisations’ websites. Based on the collected information, the criminals then proceed to tailor their scam to the target. For example, invoice fraud attempts are typically targeted at persons who handle invoices and monetary transactions in organisations.

Read more (in Finnish): Increased vigilance required to defend against phishing and scam messages (External link)

Victims of the Vastaamo data breach targeted with ‘housing allowance’ phishing messages

On Tuesday 20 June, we received reports of scam emails impersonating the Suomi.fi online service. The messages offered “housing allowance” and included the recipients’ personal identity codes and address information.  Many of the people who reported the messages mentioned that they were victims of the Vastaamo data breach.

The message is a scam and can be safely ignored. Do not click on the links included in the message. The NCSC-FI issues takedown requests to phishing sites, and at least the phishing site that the first messages linked to has already been successfully taken offline. 

NCSC-FI authorised as a CVE Numbering Authority

 
The NCSC-FI has been authorised as a CVE Numbering Authority (CNA), which means that we can now assign CVE (Common Vulnerabilities and Exposures) IDs.

CNAs are organisations that assign CVE IDs to discovered vulnerabilities. The NCSC-FI’s role as a CNA is to assign CVE IDs to vulnerabilities in the products of Finnish organisations.

“International vulnerability work is by and large volunteer work. Because of this, it is important for the parties engaging in vulnerability work to contribute to the production and maintaining of up-to-date and high-quality vulnerability data,” states Chief Adviser Juhani Eronen from the NCSC-FI.

Read more (in Finnish): Kyberturvallisuuskeskus CVE-tunnisteita jakavaksi CNA-toimijaksi (‘NCSC-FI authorised as a CVE Numbering Authority’) (External link)

Protect your local area network devices

Earlier this year, the NCSC-FI’s specialists discovered a vulnerability in Zyxel’s NAS devices (External link) that was subsequently reported to the manufacturer in late April. The vulnerability made it possible to break in to the affected devices without a username and password if they were accessible from the internet. This week, Zyxel released a software update for affected devices that fixes the vulnerability.

Vulnerable household and corporate devices that are accessible from the internet can be used for cyber attacks or the data stored in them can be stolen or destroyed.

Many people use various devices at home that are connected to a local area network, such as the aforementioned NAS devices, televisions or home automation devices and servers. Allowing such devices to be accessed from the internet is not recommended. Devices that connect to their manufacturers’ cloud services for control purposes really only need outbound connections from the local area network.

Do at least the following:

• Make sure that all devices connected to your local area network have had the default passwords to their administration interfaces changed.
• If you are using a broadband connection, use network address translation (NAT). This is usually the default setting. If, for whatever reason, you need a bridging connection, protect your internal network with a firewall.
• Do not allow inbound connections from the internet to the internal network without good reason and due consideration.
• Update the firmware on your devices regularly. Not all devices are capable of doing this automatically.

Read more (in Finnish): Zyxel korjasi kriittisen haavoittuvuuden verkkolevyasemissaan (NAS) (‘Zyxel fixes critical vulnerability in its network-attached storage (NAS) devices’)

Financial assistance applications from SMEs for the deployment of modern cyber security solutions now being accepted

The NCSC-FI’s National Coordination Centre (NCC-FI) has launched its first application round for financial assistance intended for SMEs for the deployment of modern cyber security solutions and innovations. The financial support is primarily aimed at strengthening SMEs’ own capabilities and Finland’s national capacity and infrastructure to defend against cyber attacks. Applications for the financial assistance can be submitted by small and medium-sized enterprises registered in Finland. The application round ends on 16 August.

Read more about the financial assistance application round on the National Coordination Centre’s website (in Finnish)

Vulnerabilities

CVSS 9.8
CVE-2023-27992 (External link)

Network device manufacturer Zyxel released updates to fix critical vulnerabilities in its network-attached storage (NAS) devices. The NCSC-FI recommends that owners update the devices in question without delay.

The vulnerability makes it possible to execute arbitrary commands and code on the devices without a user account or any action on the part of the user. There is an update that fixes the vulnerability available, which should be installed immediately. The NCSC-FI would like to point out that not all devices need to be connected to the internet. Criminals are constantly scouring the web for vulnerable devices to use for various malicious purposes.

In its security advisory, Zyxel thanks (External link) the NCSC-FI for reporting the vulnerability. The vulnerability was discovered by the NCSC-FI’s specialists, who reported it to Zyxel on 24 April 2023.