National Cyber Security Centre's weekly review – 28/2024

Investigation into City of Helsinki data breach case continues

The City of Helsinki has continued to investigate the data breach discovered at the end of April, in cooperation with various parties. On 8 July, Helsinki communicated that it had provided further information on the case to the Data Protection Ombudsman. Currently, the city's estimate of the victims of the data leak is 96,700 learners and their guardians (External link). In addition to this, the data leak is estimated to have affected city employees and others, which Helsinki has already disclosed in a previous bulletin (External link).

Investigating a large-scale data breach like this takes time for any organisation, even with the help of service providers and authorities. Traficom's National Cyber Security Centre has been actively cooperating with the city on the case. There are many lessons to be learned from this case, and Helsinki's open way of communicating the reasons behind the incidents sets an example for organisations.

• Identify what services and devices are available to your organisation on the public network.
• Maintain a list of devices and services and prioritise their maintenance, updates and regular security checks.
• Monitor equipment and services using technical methods and keep logs to make it easier to investigate deviations afterwards.
• Ensure that devices and services at the network interface are behind multi-factor authentication.
• Use information security service providers to help you if your own resources are not sufficient. Preparedness is likely to be cheaper than a large-scale security breach.
• Communicate openly and proactively internally and externally about incidents as new information becomes available. Limited communication raises more questions, while openness inspires confidence in an organisation's ability to manage incidents.
• Keep a low threshold for contacting service providers and authorities if you spot a deviation.

The City of Helsinki is by no means the only organisation in Finland that has been targeted by attackers because of remotely connected devices or services. Over the past year, several organisations have even fallen victim to ransomware due to poorly protected devices or services.

“Hopefully, the numerous recent critical vulnerabilities and the example of the Helsinki incident have activated domestic organisations to map and update even more actively critical devices and services operating at the edge of the network,” says Matias Mesiä, an information security expert at Traficom's National Cyber Security Centre.

Safety Investigation Authorities investigates the case

The Government decided to set up an investigation team to investigate the incident of the Helsinki data breach and leak. This is the first time that a major cyber security incident has triggered an investigation into the incident.

“The investigation will examine, among other things, the background to the incident, how security was ensured, how management, control and audit activities were carried out, and how communication and aftercare of the data breach targets were carried out. The security investigation is not being conducted to allocate legal liability so it will not address questions of fault, liability or damages,” according to a bulletin (External link) issued by the Ministry of Justice.. 

June cyber weather also sees glimpse of sunshine

June was a calmer month on many cyber fronts than in previous months. On the other hand, phishing messages and phishing of Microsoft 365 user accounts, for example, continued. Even in the summer, it's good to remember to keep your organisation secure.

The past month was calmer than previous months in terms of data breaches and leaks, malware and vulnerabilities. There were also only moderate reports of DoS attacks during June. On the other hand, in terms of scams and phishing, for example, various phishing messages continued. In June, for example, we saw scam tax refund messages in the name of the tax authorities. Cyber criminals often use topical themes in their scam attempts.

June's cyber weather also includes updated quarterly statistics and sector purchases. This month, we take a longer-term look at the future of cyber regulation.

Come to the international brokerage event in Helsinki 10–11 September 2024

The Finnish Transport and Communications Agency Traficom and its National Coordination Centre (NCC-FI) together with its partners North European Cybersecurity Cluster (NECC), Business Finland and the University of Jyväskylä welcome you to an international partnership event on calls for cyber funding. The event will be held in Helsinki on 10 and 11 September 2024 at Team Finland house. Due to the international nature of the event, the main language will be English. Admission is free of charge.

The two-day event will focus on the current Digital Europe and Horizon Europe cyber calls. The event will feature presentations by industry experts and panel discussions. It will also provide an opportunity to present your own project ideas, hear other people's presentations, find partners and network more widely.

What: International brokerage event

Where: Team Finland house, Helsinki 

When: 10–11 September 2024

Recently reported scams

In this summary, we provide information about scams reported to the NCSC-FI during the past week.