Front Page: NCSC-FI
Front Page: NCSC-FI
Menu

The National Cyber Security Centre Finland’s weekly review – 5/2023

Information security now!

This is the weekly review of the National Cyber Security Centre Finland (NCSC-FI) (reporting period 27 January–2 February 2023). The purpose of the weekly review is to share information about current cyber phenomena. The weekly review is intended for a wide audience, from cyber security specialists to regular citizens.

TLP:CLEAR

Topics covered in this week’s review

  • Media Literacy Week celebrated next week
  • First information security vouchers granted
  • Social media utilised in spear-phishing
  • Webcam vulnerabilities are a hot topic
  • Vulnerability: QNAP

Media Literacy Week celebrated next week

Participate in Media Literacy Week on 6–12 February 2023! Follow events and join the discussion on social media by using the hashtag #mediataitoviikko.

The aim of Media Literacy Week is to advance the media literacy skills of children and young people, as well as to support adults in media education. Media Literacy Week is coordinated by the National Audiovisual Institute (KAVI), and dozens of organisations participate in the planning and organisation of the event every year.

Learn more about Media Literacy Week (External link)

Improve your information security skills with our instructions

Information security competence is an important civic skill that goes hand in hand with other media skills: How well can you use different devices? How well can you search for and interpret information?

The National Cyber Security Centre Finland provides guidance for navigating the online world. On our website, you can find instructions for e.g. identifying scams and a toolkit for internet users.

How to protect yourself against online scams 

Netiquette - Toolkit for internet users

Learn information security skills together

‘Safe on the internet’ guides are suitable for children of primary school age and contain exercises that address loneliness, age limits and information security, among other topics. The guide for adults supports parents when their child is learning to navigate the internet safely. A new edition of the guides will be published next week, along with the first Swedish edition. The original guides were created and produced by the Brazilian information security authority CERT.

Download the ‘Safe on the internet’ guides for free from the website of the National Cyber Security Centre Finland. (In Finnish)

Save the date for Safer Internet Day 2023 which will take place on 7 February 2023. #SaferInternetDay #SID2023

Safer Internet Day (External link)

First information security vouchers granted

The application period for support for the development of information security, or the ‘information security voucher,’ opened in December. The amount applied for exceeded the amount of funding to be granted within two weeks of the launch of the application period.

Now, the first companies to apply for support have received Traficom’s grant decision. The first intalments of financial support will be paid soon into the accounts specified in the applications within one month of the grant decision.

We have received a large number of applications and their processing will take a while. The applications are reviewed thoroughly to ensure the applicants meet the criteria for receiving support. In some cases, applicants may be requested to provide additional information to complete the review. All in all, approximately 600 companies applied for support and the processing of applications is well under way.

Read more: Support for the development of information security granted to the first companies to accelerate the implementation of measures improving information security (External link)

Social media utilised in spear-phishing

An article published by the National Cyber Security Centre of the United Kingdom (NCSC-UK) depicts phishing attacks organised by multiple actors against targeted organisations and individuals. The article highlighted methods used in these attacks, including the collection of data through social media to prepare for attacks.

According to NCSC-UK, the targeted sectors included academia, defence, governmental organisations, NGOs and think tanks, as well as politicians, journalists and activists. The targets were carefully selected and the actors’ aim was to gain access to individual persons’ or organisations’ emails.

Many actors utilise social media to prepare for phishing attacks, collect information and approach their targets. Actors can impersonate well-known experts to approach their target and build trust. They can send the target messages to the target’s personal email, avoiding the technical security measures applied to company emails.

“Criminals know how to create believable phishing emails and are constantly developing their phishing techniques. A phishing message becomes more believable if the actor also approaches the target by phone, for example,” says Samuli Könönen, Information Security Expert from Traficom’s National Cyber Security Centre Finland.

Finally, the target is sent a malicious link that appears to be an interesting document or website. The target is prompted to log in using their email credentials, compromising the security of this information. A malicious link may seem harmless and direct the target to OneDrive, GoogleDrive, or another file-sharing platform. There have also been cases where the target has been invited to a Zoom call and the malicious link has been shared in the chat bar during the call.

After a successful phishing attack, the actor uses the stolen credentials to log in to the target’s email account and steals messages and attachments of interest. They can also set up mail-forwarding rules, allowing them to follow the target’s correspondence.

You can protect yourself against phishing by learning to identify the most typical phishing techniques. See the National Cyber Security Centre Finland’s instructions.

You can report spear-phishing campaigns to the National Cyber Security Centre Finland.

Further information NCSC-UK: SEABORGIUM and TA453 continue their respective spear-phishing campaigns against targets of interest (External link)

Webcam vulnerabilities are a hot topic

Last week, we reported about changes in the regulation of smart devices as well as webcam vulnerabilities.

Information security shortcomings, such as unsafe default settings or other vulnerabilities, have been found in some webcams widely sold in Finland. The topic was also covered by Ilta-Sanomat (External link) last week. Vulnerable webcams can reveal information to outsiders that is critical in terms of privacy and security, which is why users are rightly worried about the vulnerabilities of their devices. At the same time, this raises questions as to how to acquire and use webcams safely.

Consumers’ and organisations’ capacities and needs to ensure the security of their webcams are, understandably, at different levels. Anyone purchasing a webcam should avoid devices whose management password cannot be changed and whose video feed is transmitted online unencrypted and can be accessed through a certain URL.

More experienced users and organisations can make the use of webcams more secure by applying e.g. these measures:

  • Only use webcams in an isolated network intended for webcam use
  • Check how and from where the webcam network can be accessed, how the webcams are controlled and which other environments can be accessed through the webcam network
  • If necessary, check with the service provider how to restrict remote use
  • Monitor the webcam network traffic and report any security incidents
  • Analyse the visibility of the webcam network and its services on the public internet to detect fire wall irregularities and other vulnerabilities

Vulnerabilities

CVE: CVE-2022-27596
CVSS: 9.8
What: Vulnerabilities enable harmful SQL feeds
Product: QNAP network attached storages
Fix: Update the operating system to QuTS hero h5.0.1.2248 build 20221215 or newer / QTS 5.0.1.2234 build 20221201 or newer

Subscribe to the NCSC-FI’s newsletters or RSS feeds to be notified as soon as new information is published.