Information security now!
This week, we report on denial-of-service (DoS) attacks that are pestering organisations and their customers. We also look at the recently published national cybersecurity strategy.
In the worst case, a DoS attack can mean that a citizen cannot access the online service they want
DoS attacks have been in the news in the Finnish media this week. During the autumn, Traficom's National Cyber Security Centre (NCSC-FI) has received more reports of DoS attacks than before. In the majority of reports, the attack has not affected the availability of the targeted service. This autumn, cases brought to the attention of NCSC-FI have highlighted the so-called carpet bombing technique.
What are DoS attacks? What is carpet bombing? How to protect against such attacks?
The police sent warning messages to tens of thousands of Finns
Last Saturday, 5 October, tens of thousands of Finns received a warning message from the police. The text messages told the recipient that they were at increased risk of being targeted by criminals.
The warning messages are based on a database that the police have got hold of from criminals. The lists include the names of Finns, their telephone numbers and, for some people, their date of birth.
The police are also aware that people on the list have already been targeted by various scams. The scans have been carried out at least by telephone and the callers have spoken fluent Finnish. The criminal benefit to them has been millions of euros. The police are not yet sure where the criminals got hold of the information in the database.
The police point out that neither public authorities nor banks ask for people's bank details or online banking credentials. If you have disclosed your credentials, contact your bank immediately. You should also report the matter to the authorities.
National cybersecurity strategy published
On Thursday 10 October, the Government approved a decision-in-principle on a renewed national cybersecurity strategy. The strategy covers the next decade from 2024 to 2035.
The national cybersecurity strategy sets out key national objectives and policies to address the challenges of the cyber environment. An implementation plan for the strategy is currently being prepared, which will define the strategy's measures and timetable in more concrete terms than at the strategic level.
The previous cybersecurity strategy dates back to 2019, after which both the Finnish security environment and the cyber security landscape have changed significantly.
The key theme of the strategy is cybersecurity as part of overall security. New elements of the strategy are response and countermeasures, which are contained in the four pillars outlining the strategic objectives. The other pillars are based on cooperation, preparedness, knowledge, technology and research, development, and innovation.
Did you know that the first national cybersecurity strategy published in 2013 outlined the creation of the NCSC-FI to produce and maintain a consolidated cybersecurity snapshot.
September’s cyber weather 2024
In September, organisations and citizens were particularly plagued by DoS attacks, phishing and various scam messages.
In the early autumn, the NCSC-FI was more actively notified about DoS attacks than ever before. Nordea, among others, has reported that recent disruptions were partly caused by DoS attacks. Recent DoS attacks have made particular use of carpet bombing techniques. Hactivists are constantly developing their attack methods, which means that organisations also need to prepare for DoS attacks in different ways.
During September, a high level of M365 account phishing was observed, particularly in relation to Dropbox. The NCSC-FI has received reports of numerous data breaches of M365 accounts as a result of Dropbox phishing.
The wave of Traficom SMS message scams seen in recent months also emerged on the police’s fraud radar. According to the police, in September alone, the total criminal benefit from scams amounted to more than EUR 560,000. The registration of Traficom's Sender ID came into force at the end of September, and is expected to lead to a decrease in SMS message scams in the name of Traficom.
Anyone sending SMS messages to citizens can protect their SMS Sender ID and ensure that no other party can use the same alphanumeric sender ID to send SMS messages to Finnish subscriber numbers. The registration of SMS Sender IDs can be applied for from Traficom.
September's cyber weather also includes updated quarterly statistics and sector purchases. In the longer term, we will look at consumer security, in particular through the cyber security literacy of children and young people.
Vulnerabilities
CVE: CVE-2024-9463
CVSS: 9.9
What: The vulnerability allows an attacker to gain access to firewall administrator accounts and expose sensitive information such as usernames, plain-language passwords and PAN-OS firewall API keys.
Product: Palo Alto Networks Expedition migration tool versions preceding 1.2.96
Repair: Palo Alto Networks has released Expedition version 1.2.96, which fixes these vulnerabilities. Palo Alto recommends that all usernames, passwords and API keys handled by Expedition are changed after the update. Palo Alto Networks also proposes to limit access to the Expedition network to authorised users to minimise the risk of exposure.
Read more: Critical vulnerabilities in Palo Alto Networks Expedition
About the weekly review
This is the weekly review of the National Cyber Security Centre Finland (reporting period 04–10 October 2024). The purpose of the weekly review is to share information about current cyber phenomena. The weekly review is intended for a wide audience, from cybersecurity specialists to regular citizens.