The National Cyber Security Centre Finland’s weekly review – 43/2022
Information security now!
This is the weekly review of the National Cyber Security Centre Finland (NCSC-FI) (reporting period 21–27 October 2022). The purpose of the weekly review is to share information about current cyber phenomena. The weekly review is intended for a wide audience, from cyber security specialists to regular citizens.
Topics covered in this week’s review
- Short denial-of-service attacks reported in higher-than-normal numbers
- Information Security Trailblazer award given out at the Tietoturva 2022 information security seminar on 25 October 2022
- This week’s scams: phishing for banking credentials, police impersonation and one-ring scams
- Microsoft adds additional context to multi-factor authentication approval requests
- Vulnerabilities: Security updates for Apple phones and tablets
Short denial-of-service attacks reported in higher-than-normal numbers
The NCSC-FI has been receiving increasing numbers of reports of denial-of-service attacks during the autumn. This phenomenon was already briefly reported on in our previous weekly review 42/2022 .
The wave of denial-of-service attacks was actively highlighted by the media in the spring and has been highlighted again in the autumn. The attacks have been targeted at many different sectors, from central government to media industry organisations. While the resulting disruptions of various online services have garnered a great deal of attention, the actual impacts of the attacks have remained minor. The attacks have typically caused websites to become unreachable for no more than tens of minutes at a time.
Denial-of-service attacks are everyday occurrences both in Finland and the rest of the world, but their numbers vary month-by-month. The numbers of denial-of-service attacks reported to the NCSC-FI have been increasing every month since the summer, with October having been the most active month of the year for denial-of-service attacks so far. We will be publishing an Information Security Now! article on the phenomenon in the coming days.
Information Security Trailblazer award given out at the Tietoturva 2022 information security seminar on 25 October 2022
This year, the Information Security Trailblazer award given out by the Finnish Transport and Communications Agency Traficom was awarded to the Finnish News Agency STT. In the award rationale, STT was praised for the open communication that the agency engaged in when it suffered a cyber attack in summer 2022. This was the seventh time that the award for exemplary work in the promotion of information security was given out.
“STT communicated about the incident openly and to the extent that was possible and justified. Through its public-facing and other conduct, STT has helped other organisations protect themselves against cyber attacks and plan more effective recovery measures,” says Traficom’s Director-General Kirsi Karlamaa.
The Tietoturva 2022 information security seminar organised by the Finnish Transport and Communications Agency Traficom’s National Cyber Security Centre Finland and the National Emergency Supply Agency was held at Tennispalatsi in Helsinki. The event was followed on-site and online by over a thousand participants. The event’s speakers included the Finnish Minister of Transport and Communications Timo Harakka, Director of the NATO CCDCOE Mart Noorma and Detective Chief Inspector Marko Leponen. A recording of the event will be published on Traficom’s YouTube channel soon.
This week’s scams: phishing for banking credentials, police impersonation and one-ring scams
The week has been lively as far as scams are concerned. The phishing for banking credentials has been very active, with phishing messages being sent out in the name of all commercial banks as well as in the name of the Finnish Tax Authority and other authorities. The attempts to phish online banking credentials have consisted primarily of text messages, though there have been some exceptions as well. There have also been reports of scammers sending out Telegram messages asking recipients for their banking credentials in the form of a QR code along with a copy of their passport’s data page.
Various types of scams involving the impersonation of both real and made-up law enforcement authorities continue to go around. What these scams have in common are PDF documents sent to potential victims via email. These formal-looking documents will accuse the recipient of serious crimes, but also suggest that the matter can be resolved with money: In return for a sum of approximately EUR 5,000, the scammer presenting themself as the “Police General” or “Director of Interpol” will promise to forgo all charges.
Some one-ring scams have once again managed to get through to the Finnish telephone network. Some of these calls have come from numbers using the area codes for Tanzania and French Polynesia. In a typical one-ring scam, the victim receives a call from a foreign number that rings only once before disconnecting, encouraging the victim to make a return call that is subject to high call charges. These kinds of one-ring scams were a significant problem a few years ago, but nowadays Finnish telecommunications operators are able to identify and block most scam calls quickly.
- Aktia’s instructions (in Finnish and Swedish) (External link)
- Danske Bank’s instructions (in Finnish) (External link)
- Danske Bank’s instructions (in Finnish) (External link)
- Nordea’s instructions (External link)
- Oma säästöpankki’s instructions (in Finnish) (External link)
- Osuuspankki’s instructions (External link)
- POP Pankki’s instructions (in Finnish and Swedish) (External link)
- S-Pankki’s instructions (in Finnish and Swedish) (External link)
- Säästöpankki’s instructions (in Finnish and Swedish) (External link)
- Ålandsbanken’s instructions (in Finnish and Swedish) (External link)
Microsoft adds additional context to multi-factor authentication approval requests
In our 38/2022 weekly review , we reported on MFA fatigue attacks against multifactor authentication services. An MFA fatigue attack involves generating so many authenticator notifications that the victim is no longer able to sign in to the targeted system without accidentally also approving the attacker’s MFA code and thus giving them access.
To defend against MFA fatigue attacks, Microsoft has now made new Microsoft Authenticator security features, such as number matching, generally available. With number matching enabled, the user is required to enter the number displayed on the sign-in screen when approving an MFA request. In addition to number matching, the new security features make it possible to show additional context about sign-in attempts, such as the sign-in location. The party responsible for enabling the new security features is the administrator of the sign-in service, such as an employer.
Security updates for Apple phones and tablets
CVE: CVE-2022-42825, CVE-2022-32940, CVE-2022-42813, CVE-2022-32946, CVE-2022-32947, CVE-2022-42820, CVE-2022-42806, CVE-2022-32924, CVE-2022-42808, CVE-2022-42827, CVE-2022-42829, CVE-2022-42830, CVE-2022-42831, CVE-2022-42832, CVE-2022-42811, CVE-2022-32938, CVE-2022-42799, CVE-2022-42823, CVE-2022-42824, CVE-2022-32922
What: Several different types of vulnerabilities in Apple phones and tablets
Product: Apple iOS and iPadOS operating systems
Fix: Update to operating system versions iOS 16.1 and iPadOS 16 according to the normal update cycle.