Weekly review of the National Cyber Security Centre Finland (NCSC-FI) - 42/2025

Windows 10 support ended on 14 October

On 14 October 2025, Microsoft ended official support for Windows 10, which is still widely used. The end of support means that the operating system will no longer receive security updates or official technical assistance. While Windows 10 will continue to function, using it increases security risks as new vulnerabilities will no longer be patched.

Version 22H2 is the final supported release of Windows 10. Some special editions, such as Windows 10 IoT Enterprise LTSC, will continue to receive support for a longer period according to the manufacturer’s defined lifecycle.

Microsoft offers the option to continue receiving security updates through the Extended Security Updates (ESU) programme. For consumers, this provides an additional year of security updates for a fee. Businesses and organisations can purchase extended support packages for several more years. In some European Economic Area countries, including Finland, the ESU programme may be available without an additional charge until October 2026.

Before support ends, users should ensure that their data is backed up and that their devices meet the hardware requirements for Windows 11. If upgrading is not possible, switching to another operating system may be an alternative.

The NCSC-FI recommends that unsupported operating systems no longer be used on internet-connected devices once official support has ended.

Instant payments and payee name verification took effect on 9 October 2025

The EU’s new Instant Payments Regulation (EU 2024/886) entered into force on 9 October 2025, requiring banks to offer real-time credit transfers to all customers across Europe. The Regulation aims to enable round-the-clock transfers and improve payment security. The ability to receive instant payments had to be in place by 9 January 2025, and from October onwards, banks must also be able to send them. At the same time, Verification of Payee (VoP) has been introduced. This mechanism checks before a payment is made that the name entered by the payer matches the account number (IBAN). If the name and account do not match, the system issues a warning, allowing the payer to correct the information before completing the transaction. This reduces erroneous payments and makes it harder for criminals to redirect funds to the wrong accounts.

From a security perspective, the VoP system has been designed so that it does not reveal the full name of the payee but only indicates whether the details match or not. This protects personal data and complies with EU data protection rules. From a cybersecurity standpoint, banks must ensure strong encryption, proper logging and incident management for communication channels. However, VoP does not prevent all scams — payments initiated through social engineering can still succeed.

Scam calls made in the name of the NCSC-FI

Traficom has become aware of cases in which criminals have called victims while posing as experts from the NCSC-FI. In these scam calls, the criminals have claimed, among other things, that the victims’ mobile phones are infected with viruses and that NCSC-FI experts will come to collect the devices. The callers have also asked victims to provide their online banking credentials and payment card details.

The NCSC-FI never asks for bank credentials, requests urgent money transfers or instructs anyone to install remote access software. If you receive a suspicious call, hang up and call our official customer service number. Be alert for signs of urgency or intimidation — fraudsters exploit panic, we do not. If someone comes to your home or office, ask to see their photo ID. Every employee of the NCSC-FI at Traficom has an official Traficom-issued ID card, and its details can be verified through our customer service if needed.

Read more about scam calls made in the name of the NCSC-FI in the Information Security Now! article (in Finnish). (External link)

InfoSec 2025 seminar at Cyber Security Nordic on 5 November

Traficom and the National Emergency Supply Agency will organise the Finnish InfoSec 2025 seminar in connection with the Cyber Security Nordic fair at the Helsinki Expo and Convention Centre on 5 November from 12.00 to 16.00. 

The theme of the seminar is protecting the digital society. The discussions will address, among other things, how we are preparing to safeguard the rapidly evolving digital environment and how we can ensure cyber secure solutions in both society and everyday life. The seminar will also provide insights into future cyber threats.

The keynote speaker of the InfoSec 2025 seminar is Deputy Head of Division Viktor Vorobei from the State Special Communications Service and Information Protection of Ukraine.

You are also welcome to visit the NCSC-FI stand to learn more about our free services for organisations, secure software development and the evolving regulation of the cybersecurity sector.

The Cyber Security Nordic fair is one of the largest cybersecurity events in the Nordic countries.

Digital Security Barometer 2025 published

The Digital and Population Data Services Agency (DVV) published the Digital Security Barometer 2025 on 8 October. According to the barometer, Finns’ trust in digital security has declined. Cyber attacks and online fraud are perceived as major threats, while the rapid development of artificial intelligence and its ability to process personal data are also causes for concern. However, trust in public authorities, the financial sector and one’s own employer remains high.

According to the barometer, 60 per cent of people in Finland are fairly or very concerned about cyber attacks and online fraud targeting society. Nevertheless, 51 per cent of respondents believe that Finland is well prepared to counter these threats. Two out of three respondents consider digital security to be at a higher level in Finland than in other EU countries.

The Digital and Population Data Services Agency organised a webinar on the results of the barometer, featuring experts from different sectors. The webinar also included representatives from the National Emergency Supply Agency, the NCSC-FI, the Ministry of Transport and Communications, and the Parliament of Finland, who discussed the overall state of cybersecurity in Finland.

Weekly malware review: Ranbyus

Ranbyus is a dangerous malware family designed to steal banking and login credentials. It originates from the Zbot family and primarily targets users in Ukraine and Eastern Europe. Ranbyus was one of the first malware strains to attack Java-based online banking applications. Also known as Fibbit, it was originally created to infiltrate the BIFIT iBank 2 system, a widely used online banking platform in CIS countries.

Ranbyus typically infects a computer either as a secondary payload delivered by another piece of malware or through an unnoticed download from a malicious website. Once activated, it collects usernames and passwords — especially from banking and financial service sites — and records keystrokes to steal additional information.

How to protect yourself from Ranbyus:

• Use antivirus protection. A reliable security programme can detect and remove the threat — perform a full system scan regularly.
• Be cautious with downloads. Do not download software from unknown websites or open suspicious attachments.
• Secure online banking. Use multi-factor authentication, monitor account activity and avoid banking from untrusted devices.
• Keep software up to date.
• Protect against keyloggers. Use virtual keyboards or password managers to prevent keystroke logging.
• Perform regular checks. Run antivirus scans and monitor active processes for signs of suspicious behaviour.
• While Ranbyus mainly targets users in Eastern Europe, its spying capabilities make it a threat to anyone handling sensitive financial information online.

Recently reported scams

In this summary, we provide information about scams reported to the NCSC-FI during the past week.