The National Cyber Security Centre Finland’s weekly review – 28/2023

Topics covered in this week’s review

• Cyber security during the NATO summit week and during the visit of President Biden
• Malware infections are increasingly common
• Vulnerabilities

Cyber security during the NATO summit week and during the visit of President Biden

In the beginning of the week, a NATO summit was held in Lithuania, and President Biden visited Finland yesterday. The cyber security situation in Finland remained stable during the events, and communications networks worked as usual. However, many people have been concerned about the possibility of spillover effects of the tightened international situation on information security. Director Pekka Jokinen of the Development of Cyber Services service area at the National Cyber Security Centre Finland commented on the topic on the news on MTV. (External link)

There have been news about waves of cyber attacks in Lithuania, related to the NATO summit in Vilnius. The online services of traffic and logistics operators, as well as of the City of Vilnius, have been the targets of denial-of-service attacks by pro-Russia hacktivist groups. The National Cyber Security Centre Finland’s Deputy Director-General Sauli Pahlman spoke to Iltalehti about possible cyber incidents during the visit of Biden (External link) and how the visit has been protected (External link). The National Cyber Security Centre Finland did not detect any cyber incidents and did not receive any incident reports regarding the cyber security situation in Finland on Thursday 13 July.

The NATO summit has also been utilised internationally for spreading malware. A phishing campaign utilised the promotion of Ukraine’s NATO membership and the theme of the NATO summit in Vilnius to try to steal information from its targets using malware. According to Microsoft, the phishing targeted defense and government organisations in Europe and North America. The attack used Microsoft Office documents sent in an email message as links, which utilised a zero-day vulnerability in Windows systems.

Government and authorities cooperate closely

One effective method of easing the burden of the information security experts of ministries and agencies who strive to protect their organisations day after day is cooperation between authorities. This cooperation is facilitated by the NCSC-FI, which plays a role in detecting various cyber threats and reporting them to various organisations.

In addition to this, the NCSC-FI facilitates a number of information exchange groups between authorities and various central government organisations. This way we can all learn from one another and better understand the trends, threats and legislative changes affecting different administrative branches, for example. The creation and development of these types of confidential networks requires the commitment and contribution of all the parties involved, but the benefits can often be significant.

A denial-of-service attack is a simple but flashy attack technique.

Denial-of-service attacks involve driving large amounts of traffic to websites or online services, affecting the availability of the websites or services. For users, this means that the website cannot be reached or using it is extremely slow.

When the denial-of-service attack is over or after the attack has been successfully blocked by technical measures, the website or online service continues to function normally. Disruptions in service tend to be brief. Denial-of-service attacks rarely cause real or long-term damage. Organisations prepare for denial-of-service attacks and prevent them every day in order to make their services as fluently available to everyone as possible. 

Malware infections are increasingly common

The name malware refers to many kinds of worms and viruses, as well as spyware and ransomware. Criminals are constantly making up new ways to infect devices with malware and hide their harmfulness. Malware may be difficult to detect before infection.

Falsified software

One way to spread malware is to make it appear like valid and real software on the surface. Criminals often make their malware appear like an antivirus software. This is an efficient method, as antivirus software is widely used. Not all users will examine the product or wish to pay for it, and some may download a pirated version, for example. In both situations, the actual software may be either a real and legal software which has been edited, or a false version created for the purpose. The software may be anything but what it is claimed to be, and the user may end up downloading malware on their device. 

Read more in our article here. (in Finnish)

Vulnerabilities

In its monthly Patch Tuesday package, Microsoft released several vulnerability fixes which should be updated immediately. The vulnerabilities were in several different products, and four of them had a CVSS score of 9.8.

Citrix also released critical updates:
CVE: CVE-2023-24492 and CVE-2023-24491
CVSS: 9.6 and 7.8
What: A vulnerability which enables remote use.
Product: Citrix Secure Access client for Ubuntu and Windows
Fix: Install the latest updates.

Fortinet released a fix for a critical vulnerability.
CVE: CVE-2023-33308
CVSS: 9.8
What: A vulnerability which enables remote use.
Product: FortiOS and FortiProxy 
Fix: Install the updates.