The National Cyber Security Centre Finland’s weekly review – 44/2023
Information security now!
Published
This week, we take a look at a scam campaign aimed at defrauding victims of rent payments and maintenance charges and a misconfiguration in the ServiceNow platform that has exposed organisations to data leaks. Other topics include the NCSC-FI’s future-themed November and the Digital and Population Data Services Agency’s Taisto exercise.
Topics covered in this week’s review
- ServiceNow misconfiguration exposes organisations to data leaks
- Criminals going after rent payments and maintenance charges
- The NCSC-FI’s communications in November look towards the future
- The NCSC-FI is participating in the Cyber Security Nordic event
- The Digital and Population Data Services Agency’s annual Taisto exercise has begun
- The theme of this year’s European Cybersecurity Month is social engineering
ServiceNow misconfiguration exposes organisations to data leaks
ServiceNow is a platform-as-a-service that is used by companies to manage and process technical support and customer service cases, for example. The service can be considered one of the most critical systems of the companies that use it, as it often provides access to confidential information, such as the details of information systems and personal data.
Approximately a week ago, ServiceNow announced on their support website that misconfigurations in the service could result in unintended access to sensitive data. The security flaw in question is a critical concern for organisations using the service, as it could potentially lead to sensitive business information being leaked. The NCSC-FI is aware of cases of the security flaw being exploited.
The security flaw is related to a misconfiguration of the widgets used in the service to create the content of ServiceNow portals, such as forms, lists and tables. ServiceNow offers a variety of widgets that users can use to customise the service based on their own needs. The widgets are composed of HTML and CSS files and server and user-side scripts.
To limit the impacts of the security flaw, organisations using ServiceNow should carry out at least the following measures
Review any public widgets that you are using and their access rights. Any needlessly public software should be removed or restricted to internal use.
Consider using a stricter access control mechanism, such as IP-based access control or adaptive authentication.
Consider using the Explicit Roles plugin in ServiceNow. According to ServiceNow, this plugin will prevent external users from accessing internal data.
Review the event logs of the Simple List widget for any signs of exploitation.
Criminals going after rent payments and maintenance charges
The NCSC-FI has received several reports of a scam in which the victim is manipulated into paying their rent or maintenance charges to a new bank account. The scam involves criminals sending out text messages that seem to come from ‘Taloyhtiö’ (‘housing company’) and say that the account number for paying rent or maintenance charges has changed. The messages are a scam and should not be believed.
You should not respond to suspicious messages, as doing so will only result in you exchanging messages with criminals.
“Scam text messages are very general in nature because they are designed to get as many people as possible to believe that the messages are just for them. The scammers’ aim is to get people to change their payment information as quickly as possible so that they will end up paying money to the scammers’ bank account. You should always confirm any changes to your rent or maintenance charge payment information with your lessor or housing company,” says Information Security Specialist Samuli Könönen.
There was another very similar scam campaign active in March this year, which we wrote about in our weekly review 9/2023. In that campaign, the scam messages only talked about rent. It would appear that the criminals are now attempting to expand their range of potential victims to homeowners as well.
If you have already transferred money to a bank account provided via a scam text message, immediately contact your bank and submit a police report.
The NCSC-FI’s communications in November look towards the future
In November, the NCSC-FI’s social media channels will be looking towards the future of information security. Throughout the month, we will be posting weekly videos in which our experts discuss topics such as artificial intelligence and the secure software development of the future and detailing what kind of future and forecasting work is carried out at Traficom.
How is AI changing cyber security from the perspective of attackers and defenders? Why is now the perfect time for Finnish companies to turn software security into a competitive advantage? How will quantum computers affect current encryption algorithms? Follow our social media channels to stay up to date on the future of the cyber world!
SERVICE: YouTube
Tulevaisuustyö ja ennakointi
When you move to the YouTube website, please note that YouTube has its own cookie and privacy policies.
You can watch the video here:
The NCSC-FI is participating in the Cyber Security Nordic event
Traficom’s NCSC-FI, the National Emergency Supply Agency and the Digital and Population Data Services Agency will be participating in the Cyber Security Nordic event to be held at Messukeskus in Helsinki on 7–8 November 2023 together. Our themes at the event will be the future of information security, preparedness and artificial intelligence. You can find us at booth L1 a-c.
The Digital and Population Data Services Agency’s annual Taisto exercise has begun
The Digital and Population Data Services Agency has commenced its sixth annual Taisto exercise. Taisto is the largest digital security exercise in Finland. The open and free-of-charge exercise is designed especially for the public sector, but other operators are also welcome to take part. Taisto offers a safe opportunity for organisations to practise, test and develop their digital security operating models through imaginary incidents. Taisto focuses especially on incident management, leadership and communications, and its scenarios reflect contemporary threats.
The theme of this year’s European Cybersecurity Month is social engineering
The people we encounter online might not always be who they claim to be. Persons and personalities can be made up or digitally altered, and you may even run into scammers trying to impersonate people you know.
The theme of this year’s European Cybersecurity Month is social engineering. Follow the campaign on social media with the hashtags #BeSmarterThanAHacker and #CyberSecMonth to learn more about things like phishing messages and impersonation scams. The European Cybersecurity Month will also be visible on the NCSC-FI’s website and social media channels, where we will be sharing tips and information in Finnish.
Vulnerabilities
CVE: CVE-2023-22518
CVSS: 9.1
What: Critical vulnerability in Atlassian Confluence products
Product: Atlassian Confluence Data Center and Server products
Fix: Software update
Vulnerability bulletin (in Finnish)
CVE: CVE-2023-46604
CVSS: 10.0
What: Critical remote code execution vulnerability in Apache ActiveMQ products
Product: Apache ActiveMQ and Apache ActiveMQ Legacy OpenWire Module
Fix: Users are recommended to upgrade to version 5.15.16, 5.16.7, 5.17.6 or 5.18.3, which fixes the issue.
Vulnerability bulletin (External link) (in Finnish)
ABOUT THE WEEKLY REVIEW
This is the weekly review of the National Cyber Security Centre Finland (NCSC-FI) (reporting period 27 October–2 November 2023). The purpose of the weekly review is to share information about current cyber phenomena. The weekly review is intended for a wide audience, from cyber security specialists to regular citizens.