Skip to content
Front Page: NCSC-FI
Front Page: NCSC-FI
Go to SearchSearch
English
Menu

The National Cyber Security Centre Finland’s weekly review – 50/2022

Information security now!

Published

This is the weekly review of the National Cyber Security Centre Finland (NCSC-FI) (reporting period 9–15 December 2022). The purpose of the weekly review is to share information about current cyber phenomena. The weekly review is intended for a wide audience, from cyber security specialists to regular citizens.

TLP:CLEAR

Topics covered in this week’s review

  • Finland records an exceptional amount of snowfall – and denial-of-service attacks
  • Active phishing in the social welfare and health care sector
  • Responsibilities and trust in the digital environment as perceived by Finns
  • Late autumn winds keep November’s Cyber Weather chilly
  • Large number of fixed vulnerabilities in remote desktop and virtual machine services, among others

Finland records an exceptional amount of snowfall – and denial-of-service attacks

With Finland gripped by heavy snowfall, the NCSC-FI also received an exceptionally high number of reports of denial-of-service attacks this week. Denial-of-service attacks involve driving large amounts of traffic to websites or online services. For regular users, this usually results in the website or service becoming inaccessible or working very slowly. Recently, these attacks have been targeted at operators in the central government, financial and health and social services sectors in particular.

The majority of the attacks have not caused any visible harm. Even in cases where services have temporarily gone down, organisations have been able to implement new protective measures and restore their services. Targeted organisations have been active in implementing protection measures and communicating about the disruptions to their customers.

The fact that the impacts have remained very small despite the high number of attacks indicate that Finnish operators have prepared for attacks with the right kind of safeguards. For organisations that have not yet done so, it is high time to review preparedness measures and make sure that they are up to date. The fact is that denial-of-service attacks have become everyday occurrences on the internet, which is why they should also be a part of every organisation’s risk management.

The numbers of reported denial-of-service attacks have been rising for a good while now, and the trend is not expected to reverse anytime soon. As such, organisations should review their safeguards and configurations, as it is very likely that denial-of-service attacks will affect more and more organisations in the future.

We also published an Information Security Now! article on the topic this week. In addition, we have also prepared instructions on how to prepare for denial-of-service attacks and what to do if you are targeted by one:

During the week, the NCSC-FI provided support to organisations in the investigation of denial-of-service attacks, coordinated information sharing concerning cases and carried out technical analyses based on data collected about attacks. We would like to offer our thanks to everyone who has submitted reports to us. National cyber security is built together.

Active phishing in the social welfare and health care sector

In recent weeks, phishing has been more active than usual in the social welfare and health care sector. Cyber criminals typically phish for user names and passwords with mass emails. The phishing messages are often themed around some general interest or frightening event or phenomenon, such as taxation or the availability of ICT services. Whatever the theme, the criminals’ goal is to manipulate the recipient into entering their user name and password on a website under the criminals’ control. One of the most common tactics that criminals use to try and achieve this is to create a sense of urgency and an impression that the recipient will miss out on something valuable if they do not react immediately.

Lately, the phishing messages reported to us have been written in good Finnish. Here is one example:

EXAMPLE PHISHING MESSAGE

Suljemme kaikki vanhat postilaatikkomme versiot 6.12.2022 alkaen.

Päivitä tilisi seuraamalla alla olevaa sivua:

Uusi versio [a link to a website controlled by the criminals, which has been disguised in the HTML format email message to look like a familiar site]

Kiitos,

[service provider]

The messages can come from the email accounts of real people, as criminals will use the credentials that they manage to get a hold of by phishing to break into organisations’ online email services and send out more phishing messages. That being said, it is also easy to spoof the sender’s name and email address visible to the recipient. Criminals will also customise their phishing messages for different sectors, sending messages themed around social welfare and health care to the email addresses of organisations operating in the social welfare and health care sector, for example.

Criminals use the credentials that they manage to collect by phishing to also carry out other, more severe information security breaches, including stealing data from email accounts and breaking into organisations’ other information systems. At worst, a successful phishing attempt can lead to criminals hijacking a significant number of an organisation’s information systems and then proceeding to blackmail the organisation by threatening to leak or encrypt their data. These types of serious cyber crimes have become increasingly common in Finland as well.

Protecting against phishing and data breaches carried out using credentials obtained through phishing requires continuous personnel training and technical safeguards.

  1. Provide your personnel with continuous guidance on phishing messages, how to handle them and what to do if they suspect that their credentials have fallen into the hands of criminals. No matter how many technical safeguards you have, some phishing messages will occasionally get through to employees’ inboxes. That being the case, you should collect phishing reports from your personnel and use them as examples in training. Be sure to also report any phishing attempt to us , especially if you suspect a data breach or assess that one is likely to occur.
  2. Use multi-factor authentication for all services visible to the internet that offer it. Pay particular attention to providing guidance to users and user account monitoring in cases where multi-factor authentication cannot be used.
    Read more about multi-factor authentication.
  3. Make use of other available information security controls as well. The available information security controls often differ depending on whether the software is running on your own server or being provided as a cloud service. As such, you should also be familiar with your information systems.
  4. Monitor security incidents and react to them.

More information

Responsibilities and trust in the digital environment as perceived by Finns

Finnish people’s trust in public authorities in the digital world has remained high according to the Tietoevry Security Barometer survey, which was recently carried out for the third time. According to the survey, as many as 87% of Finns are very or moderately confident in how their personal data is handled by public authorities, with a fifth saying that they are very confident. Compared to the results of the 2020 survey, confidence has remained the same overall. Trust in government handling of personal data is also high across the Nordic countries overall, with 78% of Swedes and 69% of Norwegians saying that they are very or moderately confident in it.

Trust in personal data handling by the private sector has also remained the same, meaning relatively low. A total of 50% of Finnish people say that they are very or moderately confident in how their personal data is handled by private sector companies, but 57% are afraid of their data being leaked when shopping online. Only 3% of Finnish respondents were very confident in how their personal data is handled by companies.

Finnish people’s attitudes towards the data collection carried out by public authorities have become more positive. According to the Tietoevry Security Barometer carried out in 2018, 63% of Finns had a negative attitude towards data collection, while in this year’s survey the corresponding figure was 34%. However, the percentage of Finnish people who have a positive attitude towards data collection also decreased to 20% from 30% in 2018, though this decrease can be considered small.

Cyber security responsibilities seem unclear to Finnish people. According to Tietoevry’s survey, 68% of respondents are of the opinion that the party responsible for the security of digital services is ‘someone else,’ with only 23% saying that they are personally responsible. According to 32% of respondents, the party primarily responsible for the security of digital services is the companies and organisations providing them.

Citizens can contribute to information security through password management and keeping their applications updated. In the current global circumstances, digital trust and security are a team effort, with everyone having a responsibility to do their part in ensuring the safety of the digital environment. The efforts of public authorities contribute to everyone’s shared security, and it is great to see that people trust in them.

The Tietoevry Security Barometer 2022 (External link)

Late autumn winds keep November’s Cyber Weather chilly

This November’s cyber phenomena did little to mitigate the chill of the late autumn Cyber Weather. Reports of ransomware have increased both in Finland and around the world during the autumn. There have also been extortion scams centred around some new themes going around. On a more positive note, the Council of Europe approved the new NIS2 Directive, which will improve the EU’s cyber security in the coming years.

November Cyber Weather

Vulnerabilities

CVE: CVE-2022-23468, CVE-2022-23477, CVE-2022-23478, CVE-2022-23479, CVE-2022-23480, CVE-2022-23481, CVE-2022-23483, CVE-2022-23482, CVE-2022-23484, CVE-2022-23493
CVSS: -
What: Several critical vulnerabilities in the implementation of Microsoft Remote Desktop Protocol (RDP)
Product: Neutrinolabs xrdp versions up to 0.9.20
Fix: Update to version 0.9.21

CVE: CVE-2022-0730, CVE-2022-46169
CVSS: -
What: Arbitrary code execution vulnerabilities in Cacti
Product: Linux Debian Cacti web interface service
Fix: Update Cacti packages to versions 1.2.x and 1.3.x

CVE: CVE-2022-42475
CVSS: 9.3
What: Arbitrary code execution vulnerability
Product: Fortinet FortiOS operating system
Fix: Apply updates with the fix

CVE: CVE-2022-27518
CVSS: 9.8
What: Arbitrary code execution vulnerabilities
Product: Citrix Gateway and Citrix ADC
Fix: Apply updates with the fix

CVE: CVE-2022-31702, CVE-2022-31703, CVE-2022-31705.
CVSS: 9.8
What: Several critical vulnerabilities in VMware’s virtualisation software
Product: VMware vRealize Network Insight (vRNI), ESXi, Workstation Pro / Player (Workstation), Fusion Pro / Fusion (Fusion) and Cloud Foundation
Fix: Apply updates with the fix

CVE: -
CVSS: -
What: Updates fixing several vulnerabilities for Apple products
Product: Safari browser and iOS, iPadOS, macOS and tvOS operating systems
Fix: Update the products

Subscribe to the NCSC-FI’s newsletters or RSS feeds to be notified as soon as new information is published.