Front Page: NCSC-FI
Front Page: NCSC-FI
Menu

Scammers phishing for email credentials with a Dropbox link

Over the past week, the NCSC-FI has once again received several reports of Microsoft 365 account hijacking. In the most recent wave of attacks, accounts have been hijacked with the help of a PDF file distributed via Dropbox. The names of the files have included long strings of numbers. The scam message notifying users of the shared file includes a link that leads to a phishing website asking for the victim’s username and password.  

If you make the mistake of clicking the link in the scam message and entering your email username and password on the website that opens up, your email account will be hijacked by criminals, who may use it for fraud and to send out more phishing messages, for example. Hijacked accounts have been used to send out as many as thousands of new phishing messages.

Prevent, report, react

  • The NCSC-FI urges all organisations using Microsoft 365 services to provide their employees with information about the threats posed by phishing messages.
  • One effective way of protecting against phishing is to make multi-factor authentication mandatory for your organisation’s users. 
  • We also recommend that organisations internally review whether their users need to be able to install software directly as part of their Microsoft 365 subscription.
  • In some cases, criminals have installed an eM Client on a breached account that is utilised for sending phishing messages from the account. The existence of the application in an environment where it is not usually used could be a sign of a data breach.
  • If you suspect a message that you received to be a phishing message, you should report it to your organisation’s IT support. You can also report phishing messages and their links to the NCSC-FI. The NCSC-FI will investigate the link and report any malicious links to the website administrator.

Read more about prevention and mitigation measures

The National Cyber Security Centre Finland’s weekly review – 04/2024

The National Cyber Security Centre Finland’s weekly review – 08/2024

Text message scam themed around vehicle tax phishing for bank credentials

The Finnish Transport and Communications Agency Traficom is warning people about scam messages sent under its name (bulletin in Finnish) (External link). The scam message claims that the recipient has not paid their vehicle tax. The message is a phishing message designed to get you to click on the included link and hand your bank credentials over to criminals.

Follow these steps

  • Do not click on links included in email or text messages.  
  • Do not access services via links or search engine results. What you should do instead is enter the address of the website in its entirety in the browser address bar. 
  • Save the addresses of important services as browser bookmarks or favourites, which provide a secure way of accessing the services in future.
  • If you have entered your credit card information or bank credentials on a website, you may have become the victim of fraud. If this is the case, you should first contact your own bank and then submit a police report. Attempted fraud should be reported as well.

Cyber attacks moving to the cloud

As a result of the ongoing cloud transformation, cyber attacks are also moving to the cloud. The operations of both cyber criminals and state actors are also increasingly targeting organisations’ cloud environments. Instead of exploiting vulnerabilities, the attacks carried out as part of these operations focus on hijacking working user accounts or stealing and exploiting authentication tokens.

Read our recent article for more information (in Finnish): Kyberhyökkäykset siirtyvät pilveen - Näin suojaudut ja raportoit Kyberturvallisuuskeskukselle (‘Cyber attacks moving to the cloud – Here’s how to protect yourself and report attacks to the NCSC-FI

AI becoming an increasingly important element of future information security solutions

There is currently a great deal of discussion going on about artificial intelligence and the utilisation thereof in the promotion of cyber security. Many industries are already using various AI-based information security solutions. Where are we currently at in terms of the development and use of such solutions? What kinds of developments can we expect to see in the future? What kinds of opportunities does AI present for the development of information security overall?

These are some of the questions explored in the new report on AI-based cyber security solutions prepared by Traficom and the National Emergency Supply Agency.

In addition to providing an overview of the current situation and examining future trends, the report offers practical instructions regarding an effective process for developing AI applications and the worst pitfalls. With the help of the report, organisations can improve their own understanding of and know-how in the utilisation of AI to improve information security.

You can read the report here (in Finnish)

February Cyber Weather report published

The cyber weather in February was characterised by rains. Microsoft 365 accounts continued to be hijacked in February as well. Hacktivists also continued their denial-of-service attacks, with a large number of Finnish organisations suffering attacks at the start of the month.

Glimpses of light in February included SMS Sender IDs protected against scams, of which there are now over 80. Each protected SMS Sender ID reduces criminals’ ways of impersonating authorities and companies. Meanwhile, the long-term trends section of the report takes a look at the increasingly rapid exploitation of vulnerabilities.

February Cyber Weather report

Information Security Trailblazer award given out at the Tietoturva 2024 information security seminar

The Tietoturva 2024 information security seminar organised by the Finnish Transport and Communications Agency Traficom and the National Emergency Supply Agency was held in Helsinki on 13 March 2024. The event focused on examining the future of information security and cyber security from the perspectives of AI and quantum technology, among others.

The seminar also included the award ceremony of this year’s Information Security Trailblazer award. This year, the award recognised the cooperation carried out by Finnish telecommunications operators and public authorities in preventing international scam calls and messages. The recognition was awarded to DNA Oyj, Elisa Oyj, the National Bureau of Investigation, the Finnish Transport and Communications Agency Traficom, Länsilinkki Oy, Setera Communications Oy, Suomen Numerot NUMPAC Oy, Telia Finland Oyj and Ålands Telekommunikation Ab.

A recording of the event will soon be published on Traficom’s YouTube channel (External link)

The seminar was attended by a total of over 2,200 people on-site and remotely. Thank you to all attendees! We hope to see you again at the Tietoturva 2025 seminar next March. 

Suvi Lampila (SSH Fellow, SSH Communications Security Oyj) esitelmöimässä lavalla aiheesta Quantum-safe journey - migrating to post-quantum cryptography
Suvi Lampila (SSH Fellow, SSH Communications Security Oyj) talked about the massive challenges that developing quantum computing presents for information security.
Traficomin Kyberturvallisuuskeskuksen asiantuntijat esittelevät keskuksen palveluita seminaarikävijälle.
Our experts provided attendees with information about the services of Traficom’s NCSC-FI.

Vulnerabilities

CVE: CVE-2023-48788
CVSS: 9.3
What: Critical vulnerability in a Fortinet product
Product: FortiClient Endpoint Management Server
Fix: Software update
Fortinet’s bulletin (External link)

ABOUT THE WEEKLY REVIEW

This is the weekly review of the National Cyber Security Centre Finland (NCSC-FI) (reporting period 8–14 March 2024). The purpose of the weekly review is to share information about current cyber phenomena. The weekly review is intended for a wide audience, from cyber security specialists to regular citizens.