Front Page: NCSC-FI
Front Page: NCSC-FI

Information security now!

This is the weekly review of the National Cyber Security Centre Finland (NCSC-FI) (reporting period 3–9 February 2023). The purpose of the weekly review is to share information about current cyber phenomena. The weekly review is intended for a wide audience, from cyber security specialists to regular citizens.


Topics covered in this week’s review

  • You asked us about ransomware, we answer
  • OneNote phishing campaign spreading
  • New National Coordination Centre commences operation
  • Updated Cyber Weather report for January published
  • The NCSC-FI’s new article series on the cyber security of specific sector

You asked us about ransomware, we answer

Back in October last year, we asked representatives of organisations and companies to submit questions about ransomware as part of the European Cybersecurity Month. We ended up receiving a large number of good questions, due to which we have divided the answers into multiple themed sections.

OneNote phishing campaign spreading

If you receive a message saying that someone has shared a OneNote file with you without your request, always contact the sender to check what the message is about and whether they are the one who actually sent it.

In recent weeks, there has been a phishing campaign spreading online that utilises Microsoft OneNote. The campaign involves criminals using previously compromised email accounts to spread OneNote files that contain a link disguised as an Excel file. Clicking the link takes you to a spoofed login page designed to phish for your username and password. If you enter your username and password on the fake login page, the criminals will be able to sign in to your account and start using it to send out more phishing messages, for example.

Fake login pages are often very convincing. As such, we recommend always checking your browser’s address bar to make sure that you are actually signing in to the website that you think you are signing in to.

“What makes OneNote phishing especially devious is the fact that the messages often come from familiar users using a familiar service. That being said, there are signs that can help identify phishing attempts, such as strange message subjects, odd language or simply the fact that the sender does not usually share files using this service,” comments Information Security Specialist Antti Louko from the NCSC-FI.

The phishing messages are often sent out to persons whose addresses were found in the address book or email history of a compromised email account. Because of this, the recipient is often familiar with the sender. This coupled with the fact that the message comes from a real service can make the phishing attempt difficult to identify as such. As a general rule, you should always be wary of any files that someone shares with you without your request and contact the sender of a suspicious message to determine what the message is about and whether they actually sent the message.

A successful phishing attempt gives the attacker access to the victim’s email account and any files stored there. Often the compromised account is then used to send out more phishing messages to the victim’s contacts. In addition to this, the attacker may also steal data from the compromised account. Phishing is also used to breach organisations for the purpose of carrying out ransomware attacks. 


Kuva OneNote kalastelusta
An example image of OneNote phishing

New National Coordination Centre commences operation

The European Cybersecurity Industrial, Technology and Research Competence Centre’s National Coordination Centre officially commenced operation at the start of 2023 under the Finnish Transport and Communications Agency. The centre is part of the European Union’s Network of National Coordination Centres. 

Every EU Member State is to establish its own national coordination centre, with the EU Coordination Centre located in Bucharest acting as the overall coordinator of the Network. The Network of National Coordination Centres increases cooperation between the Member States. This cooperation reinforces the EU’s cyber security capacities and the competitiveness of the cyber security sector. The purpose of the EU-wide network is to improve national cyber security capacities, support cyber security research and accelerate technological development in the EU.

The five key duties of the newly established National Coordination Centre are: 

  1. Operating as a national contact point for the EU-wide network and Bucharest Competence Centre
  2. Developing cyber security industrial, technology and research cooperation
  3. Supporting national cyber security research and development
  4. Promoting participation in cross-border EU-funded projects
  5. Increasing knowledge and awareness of the work of National Coordination Centres and the cyber security community

Updated Cyber Weather report for January published

The NCSC-FI’s Cyber Weather report has been updated for 2023. Sporting a new look and featuring both new and familiar content, the report is now more distinctly aimed at organisations. The updated report is also designed to provide non-technical representatives of organisations with a clearer picture of notable cyber security phenomena. That being said, the needs of other readers have also been taken into account.

The purpose of the NCSC-FI’s updated Cyber Weather report is to provide more information in a more concise package. With the included references, the reader can explore the covered topics in greater detail via weekly reviews, news and instructions, for example. The accessibility and readability of the report has also been improved.

Tammikuun Kybersää

The NCSC-FI’s new article series on the cyber security of specific sectors

This year, we will start including sector-specific texts in our weekly reviews. These texts will focus on the cooperation between the NCSC-FI and organisations from sectors critical to security of supply as well as the observations made during and the results of this cooperation. 

The texts will make use of sector-specific analyses, national and international situation pictures and topics covered by sector-specific ISAC (Information Sharing and Analysis Centres) information sharing groups. More information on ISAC information sharing groups is available on our website here.

The texts will be published monthly as part of our Weekly Reviews. In the first text, to be published next week, we will be taking a look at cyber security in the healthcare and social welfare sector.

Subscribe to the NCSC-FI’s newsletters or RSS feeds to be notified as soon as new information is published.