The National Cyber Security Centre Finland’s weekly review – 51/2023

Topics covered in this week’s review

• The criminals' toolbox includes many types of fraud
• Responsible learning with electronic tools
• Private email accounts targeted by cyber threat actors
• EU funding for different areas of the cyber security sector from the Digital Europe Programme
• Traficom is preparing a recommendation on the cybersecurity risk management measures of the NIS2 directive
• Have a peaceful and cyber-safe Christmas!

The criminals' toolbox includes many types of fraud

Various scam messages and phishing attempts are unfortunately common these days. This week, the National Cyber Security Centre Finland has received several reports of various scams too.

Criminals try to get access to people's online bank credentials using a variety of pretexts. Messages are sent in the name of banks and the post office as well as authorities, in which they try to entice the recipient to go to a page owned by criminals via a link. With a package delivery disruption or a problem in the online bank, they try to get the alarmed recipient to hand over their information on a scam website.

Scam pages look really genuine, as their appearance is often copied from real pages. Thus, it is important to pay attention to the website address. The addresses of scam pages try to imitate real pages, but you can recognise the difference. For example, they could try to imitate the website kyberturvallisuuskeskus.fi with the website kyberturvallisuuskeskus-fi.org.

You should therefore be careful with messages urging you to take action. You should avoid clicking on the links in the messages and instead go through the web pages of different parties. If the message talks about a problem with the online bank, do not click on the link, but log in to the online bank using, for example, the phone application.

Responsible learning with electronic tools

Information security skills are the trump card of the future. To familiarise yourself with technology, you can use many kinds of tools that have also surfaced on social media to learn new skills and challenge yourself. The skills learned and the equipment intended to increase them require responsible use.

Develop your skills while respecting your privacy

The electronic multipurpose tools that have appeared on social media and in the news have sparked a discussion about responsibility. For example, the pocket-sized Flipper Zero (External link) device, which has become a viral hit on social media, allows you to familiarize yourself with various radio frequency technologies. The device can be used to read information from RFID cards such as a gym card, or it can be used, for example, as an infrared remote control to control a television, sound system or air conditioner.

Devices acting as multipurpose tools are intended for legal use. You can use them to develop your own skills in tasks and exercises related to information security. When developing skills, it is important to remember that everyone has the right to privacy and practice must not take place at the expense of others. The user of the equipment is responsible for how and where the equipment is used. Hacking can be fun and educational, but the consequences of doing it wrong can be serious and far-reaching.

An open door does not allow you to walk in

If you have not received permission to test the system or use it, login attempts to the service or port scanning can be interpreted as data breach attempts. For example, logging into the company's www administration can be interpreted as a data breach, even if you have logged in with an unchanged default password.

You can practice white hat ethical hacking with your own devices or with permission, for example within the framework of companies' bug bounty programs. Such permission to test a product or service can be expressed, for example, in the ground rules for vulnerability coordination on the company's contact information pages. You can also ask for permission directly from the company.

Technology is at its best when it is used in a positive way. Develop, experiment and use your skills and tool kit with respect for others. The National Cyber Security Centre Finland wishes you fun, educational and responsible moments in learning!

Private email accounts targeted by cyber threat actors

In December, the United Kingdom reported phishing campaigns linked to the Star Blizzard cyber threat actor. Star Blizzard is also known as Callisto Group, TA446, COLDRIVER, TAG-53 and BlueCharlie. According to the report, targeted phishing campaigns linked to the actor have continued through 2023 and new targets have been identified in the United States and other NATO countries.

According to the National Cyber Security Centre NCSC-UK, Star Blizzard has been sending phishing messages mainly to the private email accounts of the targets. Microsoft researchers discovered that Star Blizzard utilizes several methods to mask real email sender addresses. The actor's phishing messages typically include password-protected PDF files or links to cloud-based file sharing services shared on LinkedIn.

Star Blizzard and other cyber threat actors can deliberately target private email accounts of individuals of interest with phishing campaigns to circumvent organisations' own security controls. The phenomenon is significant for the risk assessment of organisations.

Read more on the NCSC-UK (External link) and Microsoft (External link)websites.

EU funding for different areas of the cyber security sector from the Digital Europe Programme

The European Commission's Digital Europe funding program has announced new applications for the cyber security sector. The themes of the applications include the development of expertise and the promotion of artificial intelligence, quantum cryptography and cyber resilience regulations. The goal of many applications is to assemble an international multidisciplinary project consortium, which includes organisations participating in a common project idea, with complementary and supportive expertise. 

More information about the applications on our website .

Traficom is preparing a recommendation on the cybersecurity risk management measures of the NIS2 directive

Earlier in the week, we published a bulletin about the recommendation regarding cybersecurity risk management measures for the NIS2 directive being prepared by Traficom. The recommendation will have implementation examples and verification methods of risk management measures and will include references to the most common standards and frameworks.

In the preparation of the recommendation, the timetable for the drafting of the national law will be followed, and statements will be requested during the preparation. The recommendation will be published for everyone to use when the legislation is passed.

The basic cyber hygiene practices included in the recommendation will be published at the beginning of the year. Cyber hygiene practices describe what actions an organisation can take to protect itself from the most common internet threats.

Read the entire bulletin (in Finnish).

Have a peaceful and cyber-safe Christmas!

Another year has passed, and it's time to quiet down for Christmas. The National Cyber Security Centre Finland thanks everyone for the past year and for the information security breach notifications we received during the year. With their help, we have been able to maintain a current picture of cyber security in Finland in the past year. We wish you a very peaceful Christmas season and a cyber-safe New Year! The work for a more cyber-safe society will also continue in 2024. You can report data security breaches to us here as usual next year as well.