The National Cyber Security Centre Finland’s weekly review – 45/2023
Information security now!
This week, our topics include the rescinding of the alert concerning the wave of Microsoft 365 account breaches and our ‘Turvallisesti netissä’ series on OnniTV.
Topics covered in this week’s review
- Alert concerning the wave of Microsoft 365 account breaches rescinded
- Watch our ‘Turvallisesti netissä’ series on OnniTV this autumn
- Huld Certification Oy accredited as an information security inspection body
- New NCSC-FI guide on how to secure offline workstations
- Traficom regulation curbing text message scams
- October Cyber Weather stormy on many fronts
Alert concerning the wave of Microsoft 365 account breaches rescinded
Back in October, we issued a severe alert on the wave of Microsoft 365 account breaches that occurred during the autumn as a result of criminals phishing for Microsoft 365 account passwords using spoofed email messages. There were thousands of such email messages circulating during the height of the wave, with NCSC-FI receiving reports of hundreds of account breaches. The phishing campaign has since winded down, and the numbers of reported account breaches have started to decrease.
Criminals frequently change the themes and methods of their scams, so we are sure to see more phishing and data breach campaigns in the future. At present, there is no cause for an alert, but we urge all our readers to stay vigilant nonetheless.
You can report information security incidents to the NCSC-FI using this form .
Watch our ‘Turvallisesti netissä’ series on OnniTV this autumn
Our ‘Turvallisesti netissä’ (‘Safe on the internet’) series aimed at older people is running on the OnniTV TV channel this autumn. The next episode will premiere on 13 November, airing Monday to Friday at 12:30. The five-episode series will be aired several times in its entirety during the rest of the year. The series features one of our information security specialists providing instructions on how to use the internet safely, and learning about the topic with guests.
You can watch OnniTV live online, via terrestrial TV channel 33 in specific regions and via Elisa and Telia cable TV channel 66.
You can find more information about availability and the live broadcast on OnniTV’s website (External link) (in Finnish).
Huld Certification Oy accredited as an information security inspection body
Finnish Transport and Communications Agency Traficom accredited Huld Certification Oy as an information security inspection body on 7 November 2023. As a result of the accreditation, Huld Certification is now authorised to carry out inspections in accordance with ISO/IEC 27001:2013 and process security classification level III and lower documents.
Huld Certification Oy is the fourth information security inspection body accredited by Traficom so far. The three previously accredited information security inspection bodies are KPMG IT Sertifiointi Oy, Nixu Certification Oy and Inspecta Sertifiointi Oy. The operations of the information security inspection bodies are steered and supervised by Traficom. More detailed information on the information security inspection bodies and their competence areas is available on the NCSC-FI’s website .
Traficom accredits information security inspection bodies on the basis of applications (Act on Information Security Inspection Bodies 1405/2011). The be accredited, applicants must have completed FINAS accreditation, which involves examining things like the independence of the body, staff competence and the tools and methods used in the body’s operations. After the accreditation, Traficom verifies the reliability of the body’s contact person and whether the body is capable of processing security classified documents in the competence areas specified in their application. In addition to this, Traficom verifies whether the body has appropriate instructions in place for their operations and the monitoring thereof. The inspections based on the Act on Information Security Inspection Bodies are public administrative tasks.
New NCSC-FI guide on how to secure offline workstations
As part of its statutory duties, the NCSC-FI published a guide on how to secure offline workstations at the end of October. The guide is intended for authorities and companies that are required to process security classified documents as part of their duties. The guide also offers insights for private individuals familiar with the topic on how to improve the security of private computers.
The guide was prepared to support the internal risk management of authorities and companies that process security classified documents.
For more information, please see the guide (in Finnish) .
Traficom regulation curbing text message scams
In recent years, most of us have received text messages from criminals impersonating other parties, such as banks, logistics companies and the Finnish Tax Administration. The sender information of the text messages have also been spoofed, making them more believable.
Finnish Transport and Communications Agency Traficom has been working with Finnish telecommunications operators to develop methods for protecting people from text message impersonation scams. As a result of the new regulation that recently entered into effect, organisations can now protect their SMS Sender IDs to ensure that no other parties in Finland can use them. When the SMS Sender ID is verified as genuine, the recipient of the message can rest assured that the message is real. Organisations can apply for the protection of their SMS Sender IDs as of 9 November 2023.
“The new regulation is not enough by itself to completely eliminate the threat of network scams, but we see it as a key method for limiting text message scams and restoring Finnish people’s trust in text messages as a communication service,” says Development Manager Lauri Isotalo from Traficom’s NCSC-FI.
Traficom urges all organisations that send text messages to protect their SMS Sender IDs as soon as possible.
Did you know?
SMS Sender ID = the name or number that identifies the sender of a text message. The new regulation is intended to curb the misuse of SMS Sender IDs. According to SMS standards, the SMS Sender ID does not necessarily need to be the sender’s mobile phone number, such as 040 1234567, as it can also be an alphanumeric string consisting of 3 to 11 characters.
October Cyber Weather stormy on many fronts
The Cyber Weather in October was markedly stormy. One of the biggest reasons for this was the issuing of severe alert 1/2023 concerning the wave of Microsoft 365 phishing and account breaches. The wave resulted in hundreds of reports of email account compromise in Finland. In addition to this, October saw the announcement of several critical vulnerabilities, many of which had already been exploited. The October Cyber Weather report also includes an updated list of the top five threats.
The October Cyber Weather report is available here (in Finnish).
CVE: CVE-2023-46747 and CVE-2023-46748
What: Critical vulnerability in F5 BIG-IP products - Exploitation reported
Product: F5 BIG IP product family
Fix: Install the software update that includes a fix or apply the mitigation measures published by the manufacturer
Vulnerability bulletin 24/2023 (in Finnish)
CVE: CVE-2023-23368 and CVE-2023-23369
What: Critical vulnerabilities in QNAP NAS devices
Product: Operating systems (QTS, QuTS hero and QuTScloud) and software (Multimedia Console and Media Streaming add-on) of QNAP NAS devices
Fix: Software update
Vulnerability bulletin 25/2023 (in Finnish)
CVE: CVE-2023-38547 and CVE-2023-38548
What: Critical vulnerabilities in Veeam ONE software
Product: Veeam ONE monitoring and analytics software (versions 11, 11a and 12)
Fix: Software update
Vulnerability bulletin 26/2023 (in Finnish)
Updated vulnerability bulletins
CVE: CVE-2023-22518 (exploitation reported)
CVSS: 10.0 (previously 9.1)
What: Critical vulnerability in Atlassian Confluence products
Product: Atlassian Confluence Data Center and Server products
Fix: Install the software update that includes a fix and apply the mitigation measures published by the manufacturer
Vulnerability bulletin 22/2023 *updated* (in Finnish)
This is the weekly review of the National Cyber Security Centre Finland (NCSC-FI) (reporting period 3–9 November 2023). The purpose of the weekly review is to share information about current cyber phenomena. The weekly review is intended for a wide audience, from cyber security specialists to regular citizens.