National Cyber Security Centre's weekly review – 38/2024

Topics covered in this week’s review

• Autumn weather for denial-of-service attacks 
• Busy first year for the Hyöky service 
• Practise managing cyber situations – free of charge! 

Finland performs well in the ITU Cybersecurity Index

Autumn weather for denial-of-service attacks

The National Cyber Security Centre (NCSC-FI) has recently received an increasing number of reports of denial-of-service (DoS) attacks. The increase in activity in autumn is typical of many forms of cybercrime. However, no DoS attacks by the hacktivist group NoName057(16) have been detected in Finland since July. The NCSC-FI also actively encourages organisations to report any out-of-the-ordinary DoS attack traffic that they detect. Similarities can be found between a number of different cases, which can be used to form a shared picture of the situation. 

Carpet bombing has been a recent phenomenon in some reports. This means that, instead of one or a few servers being attacked, a larger proportion of the target organisation's network addresses are targeted. The attack method may target unprotected parts of the organisation's network that could affect servers or services. Preventing attacks on the entire network address space is often more challenging than attacks on individual addresses. A tip for organisations this autumn is to look at what services on their own network addresses are protected, and what are not.

DoS attacks have been reported in various sectors this autumn, with the highest traffic volumes exceeding 100Gbps. The impacts have been mild, but organisations should keep an eye on DNS attacks as a phenomenon. Application level attacks by hacktivists and now the new wave of carpet bombing are good examples of how attackers are evolving their tactics. Attackers often aim to disrupt the availability of online services and thus gain visibility for their own activities. 

The Hyöky service was launched a year ago at Kuntamarkkinnat. Naturally, the first target group for the service was Finnish municipalities. Municipalities of less than 20,000 inhabitants remain the largest user group. 

During 2024, the target group will be extended to other public administration organisations. The service has been of particular interest to operators in the education, social welfare and healthcare sectors, but also to governmental organisations. The aim is to launch a business pilot in autumn 2024, especially for organisations in the energy and water supply sectors. 

The NCSC-FI is mapping the entire attack surface of Finland. National attack service mapping is performed on IP addresses that are part of the network area: 93.190.98.0/24. The report generated by the service gives organisations in the selected target groups a view of their own attack surface and the gaps and remediation recommendations identified there. The mapping of the whole of Finland is also used for wider activities within the remit of the NCSC-FI, such as situational awareness and incident monitoring.

The free-of-charge service aims to provide a low-threshold first step into cyber services. With the help of Hyöky, organisations can better proactively take care of their basic cyber hygiene, or at least get the basics right.

The purpose of attack surface mapping is to identify the entire attack surface of an organisation visible to public data networks, including those services that have been forgotten and removed from active maintenance. The mapping reports can also serve as input for more in-depth and targeted vulnerability assessments of critical systems that client organisations can procure from service providers.

For more information and subscription instructions on the Hyöky service, visit hyöky.fi. If your organisation is not yet included in the target groups or if you would like to ask more about Hyöky, please send an email to hyoky@traficom.fi.

Practise managing cyber situations – free of charge!

The Future of Cybersecurity in Kymenlaakso project is organising two free table-top cyber training days for businesses in October. On both days – Thursday 10 and Wednesday 16 October – there will be a possibility to practise cyber-evasion situations both in the morning from 9 a.m and in the afternoon from 12 noon.

The practice will be conducted online and there will be two types of exercises: one for SMEs and one for sole traders and micro-enterprises.

The practice for SMEs will last 3 hours and the one for sole traders and micro-enterprises 2 hours.

Link for signing up: https://www.lyyti.fi/reg/kyberharjoitus (in Finnish)

Kyberasema is part of Digiasema Kymenlaakso, which brings together private and public services and training that support digitalisation in companies in Kymenlaakso.

Kyberasema supports the cyber and information security capabilities of companies in the Kymenlaakso region with a wide range of services, such as training and cyber exercises.

The Kyberasema website can be found at: https://digiasema.fi/kyberasema/ (in Finnish)

Kyberasema can also be found on LinkedIn under ‘Kyberasema

Practise managing cyber situations – free of charge!

The Future of Cybersecurity in Kymenlaakso project is organising two free table-top cyber training days for businesses in October. On both days – Thursday 10 and Wednesday 16 October – there will be a possibility to practise cyber-evasion situations both in the morning from 9 a.m and in the afternoon from 12 noon.

The practice will be conducted online and there will be two types of exercises: one for SMEs and one for sole traders and micro-enterprises.

The practice for SMEs will last 3 hours and the one for sole traders and micro-enterprises 2 hours.

Link for signing up: https://www.lyyti.fi/reg/kyberharjoitus (in Finnish)

Kyberasema is part of Digiasema Kymenlaakso, which brings together private and public services and training that support digitalisation in companies in Kymenlaakso.

Kyberasema supports the cyber and information security capabilities of companies in the Kymenlaakso region with a wide range of services, such as training and cyber exercises.

The Kyberasema website can be found at: https://digiasema.fi/kyberasema/ (in Finnish)

Kyberasema can also be found on LinkedIn under ‘Kyberasema

Kyberasema is produced by the Future of Cybersecurity in Kymenlaakso and CyberCare Kymi projects, which are funded through the Regional Council of Kymenlaakso from the European Union's Just Transition Fund (JTF).

Finland performs well in the ITU Cybersecurity Index

Finland scored a perfect 100 points in the International Telecommunication Union (ITU) Cybersecurity Index, ranking at Tier 1. The report ranks 46 countries at Tier 1, the highest of the five tiers. This tier is reserved for exemplary countries that have demonstrated strong commitment to all five cyber security areas compared in the index.

The ITU Global Cybersecurity Index 2024 (GCI 2024) assesses national efforts in five areas that reflect countries' commitment to cyber security: legal, technical, organisational, capacity building and cooperation. The GCI 2024 Index uses a new five-step analysis that allows the index to focus more on countries' progress in cyber security commitments and their impact.

More on the ITU's Cybersecurity Index: https://www.itu.int/en/ITU-D/Cybersecurity/Pages/global-cybersecurity-index.aspx  (External link)

Recently reported scams

In this summary, we provide information about scams reported to the NCSC-FI during the past week

Vulnerabilities

CVE: CVE-2024-45496, CVE-2024-7387
CVSS: 9.9
What: Red Hat OpenShift Container Platform 4: critical vulnerabilities
Product: Red Hat OpenShift Container Platform 4
Repair: Restrictive measures offered by the manufacturer

More information: https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus_21/2024 (in Finnish)
 

CVE: CVE-2024-38812, CVE-2024-38813 
CVSS: 9.8
What: Critical vulnerabilities in the VMware vCenter Server
Product: VMware vCenter Server
Repair: Update to repaired version
More information: https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus_22/2024 (in Finnish)

For more general information about vulnerabilities and the terminology used, please see our Information Security Now! from our article ‘NCSC-FI vulnerability coordination in a nutshell’. (External link)