Skip to content
Front Page: NCSC-FI
Front Page: NCSC-FI
Go to SearchSearch
English
Menu

Weekly review of the National Cyber Security Centre Finland (NCSC-FI) - 19/2025

Information security now!

Published

This week, we talk about the updated Hyöky service and an upcoming webinar that will cover key questions to ask your software supplier.

Topics covered in this week’s review

TLP:CLEAR

The Hyöky service is being updated

On 8 May 2025, the National Cyber Security Centre Finland (NCSC-FI) held a webinar for its stakeholders on the Hyöky service. Hyöky is a free service provided by the NCSC-FI that helps organisations assess their attack surface.

The service offers regular situational awareness of an organisation’s exposure to cyber threats, including weaknesses and vulnerabilities, and their severity. Hyöky provides a comprehensive overview of the organisation’s attack surface, as well as information on new devices and services visible on the internet. The service also gives recommendations to help organisations proactively address identified issues. Through regular assessment and reporting cycles, organisations can track the effectiveness of their remediation efforts.

 

The Hyöky service is being updated in 2025, with the updated version scheduled for release to customers by the end of the year.

The NCSC-FI will provide more information and contact all current Hyöky users separately in autumn 2025.

What is an attack surface? 

An organisation’s cyber attack surface consists of the vulnerabilities and weaknesses in its systems that are exposed to the open Internet and can potentially be exploited by attackers. This includes public-facing web services, email servers, networked devices, APIs, and cloud environments. Attackers may exploit weaknesses such as misconfigured services, default credentials, or outdated software. Due to digitalisation, an organisation’s attack surface is constantly expanding and changing – even on a daily basis.

Key components of effective attack surface management include knowing your own environment, analysing and prioritising findings, remediating or mitigating vulnerabilities and continuously monitoring your systems.

  • Regularly scan your organisation’s network space to understand what is externally visible
  • Analyse scan results. Is there anything unexpected or missing? Check for known vulnerabilities
  • Prioritise and remediate or mitigate findings in order of importance
  • Continuously monitor your environment to detect any misuse

What is an attack surface? 

An organisation’s cyber attack surface consists of the vulnerabilities and weaknesses in its systems that are exposed to the open Internet and can potentially be exploited by attackers. This includes public-facing web services, email servers, networked devices, APIs, and cloud environments. Attackers may exploit weaknesses such as misconfigured services, default credentials, or outdated software. Due to digitalisation, an organisation’s attack surface is constantly expanding and changing – even on a daily basis.

Key components of effective attack surface management include knowing your own environment, analysing and prioritising findings, remediating or mitigating vulnerabilities and continuously monitoring your systems.

  • Regularly scan your organisation’s network space to understand what is externally visible
  • Analyse scan results. Is there anything unexpected or missing? Check for known vulnerabilities
  • Prioritise and remediate or mitigate findings in order of importance
  • Continuously monitor your environment to detect any misuse

April Cyber Weather report published 

April remained a moderate month in terms of the total number of observations, although some serious cases were reported. The county and municipal elections held during the month attracted some denial-of-service attacks targeting Finnish organisations, but their overall impact remained limited. Phishing and the security of edge devices were once again prominent themes this month.

One of the most significant positive developments in the field of cybersecurity was the entry into force of the NIS 2 Directive and the national Cybersecurity Act. On the other hand, uncertainty surrounding the continuation of the international CVE project caused some temporary concern.

In April's Cyber Weather report, we also take a closer look at the Top 5 threats, which are presented quarterly.

Read more about Cyber Weather here  (External link)(in Finnish).

  1. Be vigilant on the web – Information security tips now also in Finnish sign language

Staying alert online can save you a lot of trouble. The Be vigilant on the web campaign, launched in August 2024, helps people recognise the most common types of scams and provides tips on how to protect their personal information. We also explain what to do if, despite precautions, your money, online banking credentials, or payment card details end up in the hands of criminals.

Two informative video clips are now also available in Finnish sign language on the Traficom YouTube channel and the campaign website.

Staying alert online can save you a lot of trouble. The Be vigilant on the web campaign, launched in August 2024, helps people recognise the most common types of scams and provides tips on how to protect their personal information. We also explain what to do if, despite precautions, your money, online banking credentials, or payment card details end up in the hands of criminals.

Two informative video clips are now also available in Finnish sign language on the Traficom YouTube channel and the campaign website.

•    Protect your devices and accounts – information in Finnish sign language (External link)
•    Online, things aren't always what they seem – information in Finnish sign language (External link)


These tips will help you get started
•    Think before you click – Be cautious with links received via text message or email.
•    Never share your online banking credentials – Remember, your bank or authorities will never ask for them over the phone, by text message, or by email.
•    Keep your devices up to date – Install updates regularly. You can enable automatic updates to help with this.
•    Protect your sensitive information – Use a unique, strong password for each service. Enable multi-factor authentication whenever possible.

Read more on the Be vigilant on the web website (External link)

The Be vigilant on the web campaign has been produced by the Finnish Transport and Communications Agency Traficom, the Digital and Population Data Services Agency and the National Bureau of Investigation.

Recently reported scams

In this summary, we provide information about scams reported to the NCSC-FI during the past week.

Vulnerabilities

CVE: 8.1
CVSS: CVE-2025-27363
What: A zero-day vulnerability in the FreeType software component was patched as part of recent Android updates. There is evidence that the vulnerability has been actively exploited on Android devices.
Product: For example: The FreeType software component used in Android devices
Repair: Update to the latest version.
Read more: Android Security Bulletin—May 2025 (External link) 

For more general information about vulnerabilities and the terminology used, please see our Information Security Now! article ‘NCSC-FI vulnerability coordination in a nutshell’. (External link)