The National Cyber Security Centre Finland’s weekly review – 42/2023

Topics covered in this week’s review

• Yellow alert: Wave of Microsoft 365 account breaches caused by phishing attacks 
• New instructions for securing home networks and routers
• New report provides information on the current state and development needs of software development

Yellow alert: Wave of Microsoft 365 account breaches caused by phishing attacks

Criminals are using spoofed email messages to phish for Microsoft 365 account passwords. The account names and passwords obtained through these phishing attacks allow the criminals to hijack M365 accounts. During the past week, we have received reports of phishing messages and new cases of account compromise from dozens of Finnish organisations. The phishing campaign spreads from one organisation to the next by utilising the contact lists of hijacked accounts.

The phishing messages used in this recent campaign are made to look like secure email messages, which has increased their believability, resulting in an exceptionally high number of victims. Secure email messages normally include a link to the secure email server, but the link included in these spoofed phishing messages takes the user to a phishing site controlled by criminals instead. The message or secure email may also include a PDF attachment with a link to the phishing site. The PDF attachments that we have investigated so far have been harmless, but you should not click on the links included in them.

The NCSC-FI recommends that organisations force their users to enable multi-factor authentication to prevent login attempts by criminals. However, it should be noted that no single security measure is sufficient by itself: you also need to provide training to your employees.

New instructions for securing home networks and routers

Your modem or router is the gateway to your home network, which is why it is especially important to keep it secure. Your modem and router may be two separate devices, or you may have a single device that serves as both a modem and a router. Our recently published instructions cover the basics of router security to help you protect your home network and personal data.

Taking care of the information security of your router is important because criminals are constantly scouring the internet for vulnerable network devices both manually and by automated means. Once hijacked, network devices can be used to carry denial-of-service attacks, for example. In our new instructions, we explain how to change your router’s default password and SSID and use its firewall, for example. We also detail how to disable remote access on your router.

Read the full instructions here (in Finnish).

New report provides information on the current state and development needs of software development

How secure is software development in Finland today? How can secure software development and software procurement be developed at the national level? These are just some of the questions explored in the recent report prepared by Traficom and the National Emergency Supply Agency.

You can find the full report (in Finnish) here

Vulnerabilities

Our vulnerability bulletin 20/2023 (in Finnish) 
- Cisco published a security advisory on vulnerability CVE-2023-20198, which affects the web UI of Cisco IOS XE Software. The vulnerability can be exploited by an attacker to gain control of a vulnerable device.

Our vulnerability bulletin 21/2023 (in Finnish) 
- On 10 October 2023, Citrix released an update on vulnerability CVE-2023-4966, which has been exploited since August. Any organisations that have not yet updated the product should do so now and make sure that the vulnerability has not been exploited.