The National Cyber Security Centre Finland’s weekly review – 41/2023

Topics covered in this week’s review

1. Denial-of-service attacks by hactivists continue
2. Dozens of reports of phishing centred around tax returns
3. September Cyber Weather rainy due to scam calls and denial-of-service attacks
4. The future of information security discussed at the Tietoturva 2023 seminar

Denial-of-service attacks by hactivists continue

Denial-of-service attacks carried out by pro-Russian hacktivists against Finnish organisations continued this week. We last covered recent denial-of-service attacks in our weekly review 38/2023 (External link). 

Finnish organisations have been weathering a series of denial-of-service attacks starting from Thursday 5 October, with hacktivist group NoName057(16) having carried out attacks on a few dozen Finnish organisations. The impacts of these attacks have, however, remained minor; the websites or services of some organisations have only slowed down or been offline temporarily. The aim of the attacks is to influence the surrounding information environment, as we wrote in our weekly review 38/2023 (External link). Denial-of-service attacks cannot actually break anything: their impacts are limited to temporary disruptions and the work hours required to investigate and communicate about them.

The NCSC-FI is closely monitoring the phenomenon and engaging in active cooperation with Finnish organisations. Responding to the denial-of-service attacks has actually taught valuable lessons to some organisations. After all, suffering a cyber attack that affects an organisation’s services also presents an opportunity for the organisation to test agreed-upon processes and practice related communications. The recent denial-of-service attacks have also prompted cooperation between organisations. According to the NCSC-FI’s situation information, Finnish organisations are generally well-equipped to respond to various levels of denial-of-service attacks.

NCSC-FI Information Security Specialist Samuli Könönen provided the following comment on the situation to YLE (External link)on 6 October: “These kinds of minor impacts are no cause for alarm.” The denial-of-service attacks carried out by hacktivists are not meant to break anything, nor are they capable of doing so. If the hacktivists manage to take a website down temporarily, they will promptly proceed to celebrate their success on instant messaging services. Once the attack is prevented or ends, the affected website works as normal again. 

Dozens of reports of phishing centred around tax returns

Early in the week, the NCSC-FI started to receive dozens of reports of phishing centred around tax returns. The phishing messages ask the recipient to enter their bank credentials on a very real-looking spoofed login page, from which they end up in the hands of criminals. As far as the NCSC-FI is aware, these phishing attacks have been targeted at least at the customers of Osuuspankki, Danske Bank and Nordea. The phishing messages are written in fairly poor Finnish.

The NCSC-FI would like to remind readers that you should only log in to services via organisations’ official websites, which you should only ever access directly instead of via search engines. This is because there have been documented cases of criminals exploiting online advertising systems to raise spoofed websites above organisations’ official websites in search results.

September Cyber Weather rainy due to scam calls and denial-of-service attacks

September was a month of scam calls and denial-of-service attacks. In fact, scam calls from spoofed numbers were reported in record-breaking numbers before the new Traficom regulation intended to prevent them entered into effect at the start of October. One glimpse of light in September was a decrease in the numbers of reported data breaches, attempted data breaches and data leaks.

Read the full Cyber Weather report here (External link) (in Finnish).

The future of information security discussed at the Tietoturva 2023 seminar

The Tietoturva 2023 information security seminar was held on Thursday 12 October in Helsinki and online. The event brought together nearly 2,300 people interested in information security to watch interesting and varied presentations. The topics of these presentations included the future of cyber threats, secure software development and artificial intelligence, to name but a few.  A recording of the seminar is available to watch on the Finnish Transport and Communications Agency Traficom’s YouTube channel (External link).

The seminar also included the award ceremony of this year’s Information Security Trailblazer award, which was awarded to vocational education and training provider Keuda.  In the grounds for the award, Keuda was praised for its open communication and conduct following the ransomware attack carried out against it in November 2022. This was the eighth time that the award for exemplary work in the promotion of information security was given out by Traficom.

Read more in our bulletin (External link)(in Finnish).