The National Cyber Security Centre Finland’s weekly review – 45/2023

Topics covered in this week’s review

• Alert concerning the wave of Microsoft 365 account breaches rescinded
• Watch our ‘Turvallisesti netissä’ series on OnniTV this autumn
• Huld Certification Oy accredited as an information security inspection body
• New NCSC-FI guide on how to secure offline workstations
• Traficom regulation curbing text message scams
• October Cyber Weather stormy on many fronts

Alert concerning the wave of Microsoft 365 account breaches rescinded

Back in October, we issued a severe alert on the wave of Microsoft 365 account breaches that occurred during the autumn as a result of criminals phishing for Microsoft 365 account passwords using spoofed email messages. There were thousands of such email messages circulating during the height of the wave, with NCSC-FI receiving reports of hundreds of account breaches. The phishing campaign has since winded down, and the numbers of reported account breaches have started to decrease.

Criminals frequently change the themes and methods of their scams, so we are sure to see more phishing and data breach campaigns in the future. At present, there is no cause for an alert, but we urge all our readers to stay vigilant nonetheless.

You can report information security incidents to the NCSC-FI using this form .

Watch our ‘Turvallisesti netissä’ series on OnniTV this autumn

Our ‘Turvallisesti netissä’ (‘Safe on the internet’) series aimed at older people is running on the OnniTV TV channel this autumn. The next episode will premiere on 13 November, airing Monday to Friday at 12:30. The five-episode series will be aired several times in its entirety during the rest of the year. The series features one of our information security specialists providing instructions on how to use the internet safely, and learning about the topic with guests.

You can watch OnniTV live online, via terrestrial TV channel 33 in specific regions and via Elisa and Telia cable TV channel 66.

You can find more information about availability and the live broadcast on OnniTV’s website (External link) (in Finnish).

Huld Certification Oy accredited as an information security inspection body

Finnish Transport and Communications Agency Traficom accredited Huld Certification Oy as an information security inspection body on 7 November 2023. As a result of the accreditation, Huld Certification is now authorised to carry out inspections in accordance with ISO/IEC 27001:2013 and process security classification level III and lower documents.

Huld Certification Oy is the fourth information security inspection body accredited by Traficom so far. The three previously accredited information security inspection bodies are KPMG IT Sertifiointi Oy, Nixu Certification Oy and Inspecta Sertifiointi Oy. The operations of the information security inspection bodies are steered and supervised by Traficom. More detailed information on the information security inspection bodies and their competence areas is available on the NCSC-FI’s website .

New NCSC-FI guide on how to secure offline workstations

As part of its statutory duties, the NCSC-FI published a guide on how to secure offline workstations at the end of October. The guide is intended for authorities and companies that are required to process security classified documents as part of their duties. The guide also offers insights for private individuals familiar with the topic on how to improve the security of private computers.

The guide was prepared to support the internal risk management of authorities and companies that process security classified documents.

For more information, please see the guide (in Finnish) . 

Traficom regulation curbing text message scams

In recent years, most of us have received text messages from criminals impersonating other parties, such as banks, logistics companies and the Finnish Tax Administration. The sender information of the text messages have also been spoofed, making them more believable.

Finnish Transport and Communications Agency Traficom has been working with Finnish telecommunications operators to develop methods for protecting people from text message impersonation scams. As a result of the new regulation that recently entered into effect, organisations can now protect their SMS Sender IDs to ensure that no other parties in Finland can use them. When the SMS Sender ID is verified as genuine, the recipient of the message can rest assured that the message is real. Organisations can apply for the protection of their SMS Sender IDs as of 9 November 2023.

“The new regulation is not enough by itself to completely eliminate the threat of network scams, but we see it as a key method for limiting text message scams and restoring Finnish people’s trust in text messages as a communication service,” says Development Manager Lauri Isotalo from Traficom’s NCSC-FI.

Traficom urges all organisations that send text messages to protect their SMS Sender IDs as soon as possible.

Did you know?

SMS Sender ID = the name or number that identifies the sender of a text message. The new regulation is intended to curb the misuse of SMS Sender IDs. According to SMS standards, the SMS Sender ID does not necessarily need to be the sender’s mobile phone number, such as 040 1234567, as it can also be an alphanumeric string consisting of 3 to 11 characters.

Read more: Traficom regulation curbing text message scams – organisations can apply for the protection of their SMS Sender IDs as of 9 November 2023 (External link) (article in Finnish).

October Cyber Weather stormy on many fronts

The Cyber Weather in October was markedly stormy. One of the biggest reasons for this was the issuing of severe alert 1/2023 concerning the wave of Microsoft 365 phishing and account breaches. The wave resulted in hundreds of reports of email account compromise in Finland. In addition to this, October saw the announcement of several critical vulnerabilities, many of which had already been exploited. The October Cyber Weather report also includes an updated list of the top five threats.

The October Cyber Weather report is available here (in Finnish).

Vulnerabilities

CVE: CVE-2023-46747 and CVE-2023-46748
CVSS: 9.8
What: Critical vulnerability in F5 BIG-IP products - Exploitation reported
Product: F5 BIG IP product family
Fix: Install the software update that includes a fix or apply the mitigation measures published by the manufacturer
Vulnerability bulletin 24/2023 (in Finnish)

CVE: CVE-2023-23368 and CVE-2023-23369
CVSS: 9.8
What: Critical vulnerabilities in QNAP NAS devices
Product: Operating systems (QTS, QuTS hero and QuTScloud) and software (Multimedia Console and Media Streaming add-on) of QNAP NAS devices
Fix: Software update
Vulnerability bulletin 25/2023 (in Finnish)

CVE: CVE-2023-38547 and CVE-2023-38548
CVSS: 9.9
What: Critical vulnerabilities in Veeam ONE software
Product: Veeam ONE monitoring and analytics software (versions 11, 11a and 12)
Fix: Software update
Vulnerability bulletin 26/2023 (in Finnish)

Updated vulnerability bulletins

CVE: CVE-2023-22518 (exploitation reported)
CVSS: 10.0 (previously 9.1)
What: Critical vulnerability in Atlassian Confluence products
Product: Atlassian Confluence Data Center and Server products
Fix: Install the software update that includes a fix and apply the mitigation measures published by the manufacturer
Vulnerability bulletin 22/2023 *updated* (in Finnish)