Information security now!
This week, we’ll talk about the Direct Send feature in the Microsoft 365 environment, which criminals exploit to send spoofed phishing messages and learn about the Cyber weather in June. We’ll also talk about the Huijausinfo project by the Consumers’ Union of Finland in which the NCSC-FI has also participated.
Misused feature: Direct Send exposes Microsoft 365 environments to phishing
Earlier this week, the National Cyber Security Centre published a vulnerability bulletin about the Direct Send feature in Microsoft 365 environments, which criminals are exploiting to send spoofed phishing messages. The feature allows emails to be sent without authentication, making it an attractive channel for spoofing messages that appear to come from within the organization. Attackers only need the recipient’s email address and the organization’s so-called smart host address.
In a campaign that began in May 2025, more than 70 organizations have already been targeted, mainly in the United States. Emails are sent, for example, using PowerShell in a way that makes them appear to come from trusted internal users, even though they are actually from external sources. The messages are routed through Microsoft’s infrastructure, which is why many security mechanisms, such as DMARC and SPF, fail to detect the spoofing.
Organizations are advised to implement protective measures such as the 'Reject Direct Send' functionality in Exchange Online, a stricter DMARC policy, and quarantining of unauthenticated messages. Direct Send traffic should be monitored using email header information, behavioural signals, and suspicious sending paths.
June Cyber Weather report published
Cyber weather in June was mainly peaceful. The peak holiday season has also been reflected in the cyber security situation.
Although the early summer may have felt rainy or chilly to many, the period has been mostly calm and mild in terms of cyber weather. June Cyber Weather was no exception to this trend, although a few unfortunate incidents were once again observed.
Perhaps the most notable exception in June was the BadBox 2.0 malware that infected Android devices. Observations related to the malware increased rapidly after the beginning of June, rising to the top of reported incidents.
Phishing and scams have also clearly increased during the summer season. The incidents also include phenomena typical of the holiday season, such as CEO fraud.
Cyber weather in June also covers observations related to malware and scams made during the past quarter. In addition, we also cover sector-specific observations.
Have you already taken a look at Huijausinfo?
Criminals are continuously looking for ways to create more skilful scams. However, it is possible to stay safe online – as long as you learn to recognize the warning signs of scams. The Consumers’ Union of Finland site Huijausinfo offers reliable tips for safer internet use and advises what to do if a scam has already occurred.
The ‘Tunnista nettihuijaus’ guide can be used for self-study or to help advise others. With the new quiz, you can test whether you can recognize an online scam. On the Huijausinfo website, you can also find information about public lectures and webinars held across the country.
The National Cyber Security Centre at Traficom is participating in the Finnish Consumer Association's Huijausinfo project, which promotes the safety of everyday digital life by sharing tips on recognizing online scams and information about the activities of cybercriminals.