National Cyber Security Centre's weekly review – 30/2024

Topics covered in this week’s review

• CrowdStrike update caused significant outages worldwide
• Social media accounts in scammers' sights
• New smart devices have to comply with information security requirements starting 1 August 2025
• Recently reported scams

CrowdStrike update caused significant outages worldwide

An update to the CrowdStrike security product led to a disruption on Friday 19 July, causing Windows devices using that particular product not to start up. We published an Information Security Now! article about it on Friday morning.

The disruption caused outages in several services globally, impacting payments, air traffic, trains, health care and media houses, among others. Some organisations in Finland were also impacted either directly or indirectly through the supply chain.

The incident has been described as one of the worst IT outages in history, and Microsoft (External link) has estimated that around 8.5 million computers around the world were affected. Although most of the services could be restored within a few hours, this incident demonstrates the extent of how organisations' cyber incidents can impact the everyday lives of private individuals as well.

Although there is no suspicion of criminal activity behind the incident, opportunistic actors have tried to exploit the uncertainty caused by the situation. There have been reports abroad of scammers pretending to represent CrowdStrike, attempting to phish data and spread malicious software that they claimed to fix the issues caused by the update. So far, the National Cyber Security Centre has been made aware of one malicious email sent on the pretext of the incident.

When incidents occur, the best thing to do is follow communications and updates from known and trusted actors. It is especially important to be mindful of links and downloadable files if they are not from a familiar source.

Social media accounts in scammers' sights

Social media is a valuable platform for all kinds of criminal activity. Many of us have surely encountered all kinds of fraudulent advertisements/posts, fake accounts and phishing attempts on different social media platforms. Scams involve a risk of financial loss or accounts ending up in criminals' hands. In recent times, the National Cyber Security Centre has received reports of breaches to Facebook and Instagram accounts as a result of successful phishing. Be sure to check the authenticity of messages before responding to them.

Phishing messages

Peoples' login details for Instagram or other social media services may be phished with notifications of fake login attempts. The recipient of the message is notified of suspicious login attempts and asked to log in to their account with the link in the message. In truth, the link leads to a phishing site that imitates the appearance of the real login page.

Checking message details

Even if the subject line of a message might cause you to panic and want to act quickly, do not let the sense of urgency cloud your critical thinking. To spot any phishing messages, you should always make sure that a message is authentic by checking a few things.

1. Sender's email address

The sender's email address could reveal the scam. An address might appear legitimate when skimmed quickly, but it will include typos since the actual address is already reserved for the real service provider. The address may also be something completely different, but the sender field will have something that matches the real provider.

2. Typos and inconsistent content

Legitimate service providers are careful about the quality of their communications, and sometimes cybercriminals do not meet that same standard in their scam messages. Messages might include typos, or their contents might be very inconsistent. So, read all incoming messages carefully and try to detect possible errors to avoid scams.

3. Suspicious attachments and links

Messages can contain suspicious attachments or links. Cybercriminals may add attachments to messages that, in the worst-case scenario, can include something like malware. Try to avoid opening attachments if you are unsure of the contents of the file or the sender of the message. Avoid clicking on links in messages if you are similarly unsure.

Breached Facebook accounts

Scam messages can also come from completely familiar accounts. The National Cyber Security Centre has received notifications of breaches to people's Facebook accounts for a long while now. Scam campaigns are run from breached accounts by sending lottery-type scam messages to the contacts of those accounts.

In such messages, you might be asked to enter your phone number to participate in a fake lottery. After giving your number, you would receive a confirmation code, and the scammer would ask you to enter the code in the chat. In reality, that message is a two-step authentication code that allows the scammer to reset the account password and take control of your account.

If you get a suspicious-seeming message from a contact on social media and you’re not sure if it is authentic, you should check by asking the person on some other channel.

Account details

You can improve the security of your accounts when you:

1. Use a strong password.

2. Use a unique password for each service.

3. Enable two-step authentication.

To read more about using social media safely, check out our Security Now article with tips on staying safe on social media (External link).

New smart devices have to comply with information security requirements starting 1 August 2025

Stores may carry devices with poor security features. The National Cyber Security Centre has observed that the security of current devices is often compromised by weak default passwords, inadequate encryption and the lack of software updates. Many devices do not even have an update mechanism, and updates often stop before the end of the device lifecycle.

The EU has addressed this problem with regulation on information security requirements for smart devices. With this regulation, devices that do not comply with information security requirements can be withdrawn from sale. The intended deadline for the information security requirements was 1 August 2024. The European Commission has postponed the deadline by one year until 1 August 2025 to allow more time for the preparation of technical standards to meet the information security requirements. Standards specifying the requirements of the regulation on a technical level were circulated for comments in early summer and adopted without objection. The standards also include an example of how to meet the requirements. The standards aim to help interpret and apply the requirements in practice, but the requirements can also be met by other means than those indicated in the standards.

Different actors should start preparing for the regulation by integrating information security requirements into product requirements. It is up to manufacturers to ensure that their products meet all relevant requirements. Importers and sellers are also responsible for ensuring that only compliant devices are being sold. Traficom will monitor compliance with the new requirements after a transition period, and non-compliant devices can be withdrawn from the market. The regulation adopted under the Radio Equipment Directive does not concern the provision of updates, but the next piece of regulation, which will cover that gap, is already being prepared.

Read more:

New EU information security requirements for wireless devices improve the protection of privacy, prevent fraud and protect communications networks (External link)

Regulation makes smart devices more secure (External link)

Also check out the checklist for smart consumers at älyäostoksiin.fi (External link)

Recently reported scams

In this summary, we provide information about scams reported to NCSC-FI during the past week.