Front Page: NCSC-FI
Front Page: NCSC-FI
Menu

Information security now!

Microsoft will begin transitioning to Entra ID authentication methods in autumn 2025. Organisations are advised to start preparing well in advance. We also highlight the threat posed by the BadBox 2.0 malware, which can already be embedded in devices during manufacturing.

TLP:CLEAR

Malware may lurk in new devices – choose home electronics with care

Pre-infected Android smart devices have been detected on the Finnish consumer market. The issue primarily affects Android-based televisions, TV boxes and other endpoints commonly used in home networks. To enable malware installation, a backdoor has been embedded into these devices during the production phase – and it cannot be removed. If the manufacturer does not offer an official fix, the only secure option is to disconnect the device from the network.

A key threat in these cases is BadBox 2.0, a malware variant found especially in low-cost Android devices from lesser-known manufacturers. 

While the devices may appear to function normally, they are in fact part of a criminal infrastructure. The malware enables the device to be connected to a botnet, which can then be used for criminal purposes – for example, in denial-of-service (DoS) attacks.

What to do if you suspect your device is infected:

  1. Immediately disconnect the device from the network.
  2. Check for manufacturer-specific software updates.
  3. If no official fix or guidance is available from the manufacturer, the device must be taken to a proper electrical and electronic waste collection point, as the malware cannot be removed in this case.

Identifying an infected device can be challenging, but the following signs may help:

  • Your telecom operator notifies you of malware-related traffic from your internet connection.
  • The device does not have a known or trusted manufacturer.
  • The device redirects you to wrong websites or displays suspicious ads.

The NCSC-FI urges consumers to carefully consider the types of devices they bring into their homes. Products that are unbranded, cheap or poorly supported often carry hidden risks that are difficult for users to detect. When it comes to network-connected devices, security, software support and update capabilities are critical features.

Read more: Haittaohjelma voi lymyillä laitteessa jo ostovaiheessa – laitteet on poistettava käytöstä, jos valmistaja ei tarjoa korjausta

Organisations must migrate from legacy MFA and SSPR policies to new Entra ID authentication methods by 30 September 2025

Microsoft has announced that it will transition to new authentication methods in Entra ID by 30 September 2025. At that point, the legacy MFA (Multi-Factor Authentication) and SSPR (Self-Service Password Reset) policies will be retired. This change applies to all organisations, including Global Administrator accounts. Please ensure that your organisation has already enabled the new authentication methods in its Microsoft 365 subscription, or that plans for implementation are well under way.

What happens if you don’t migrate in time?

Once the legacy MFA and SSPR policies are retired on 30 September 2025, users may lose the ability to sign in or reset their passwords if the new authentication methods are not in place. This applies to regular users as well as administrators. Importantly, Global Admin accounts may lose access to the Microsoft 365 environment if authentication methods have not been defined in the new Authentication Methods Policy settings.

Recommendations

  • Migrate to the new Authentication Methods Policy well before 30 September 2025.
  • Use the Migration Wizard to support a secure and gradual transition.
  • The legacy settings will remain in effect during the transition, but will be fully retired after the deadline.

Summary

  • Deadline: 30 September 2025
  • Act early to avoid sign-in and management issues.
  • Ensure administrator accounts are also included in the migration.
  • A controlled migration using Microsoft’s recommended tools is strongly advised.

Read more:

Stay alert when using AI tools

Various artificial intelligence (AI) applications continue to grow in popularity. As an emerging technology, AI offers exciting possibilities – but caution is warranted, as not all associated risks are yet fully understood.

The rising use of free AI services has caught the attention of cybercriminals, and this trend has been exploited globally to spread malware. According to an article (External link) by cyber security firm Mandiant, cybercriminals have hosted malicious AI-themed websites as a means to distribute harmful software. These deceptive sites appear to offer legitimate AI tools, often advertised as generating videos or images. From the user’s perspective, the services seem to work normally – but instead of delivering the promised content, they provide a file containing malware. The phenomenon is particularly linked to the high demand for AI-based video generation. Criminals have promoted these malicious services through social media campaigns and search engine manipulation.

Read more: Ole valppaana tekoälyn kanssa

Recently reported scams

In this summary, we provide information about scams reported to the NCSC-FI during the past week.

WHAT TO DO IF YOU GET SCAMMED

Recognise online scams and protect yourself from them

Vulnerabilities

During the past week, two critical vulnerability advisories were published concerning widely used products. It is strongly recommended to apply the available security updates without delay.