National Cyber Security Centre's weekly review – 42/2024

Ensure the information security of network devices at home now!

The security of the network devices of households has been a topic of discussion recently. The botnets used by criminals in different online attacks are built by using malware that hijacks hundreds or thousands of network devices of individual consumers to the botnets. You can avoid becoming part of a botnet by protecting your devices carefully. The denial-of-service attacks that have disrupted the bank services of Finns over the past few months have also been carried out using the same botnets.

On Wednesday, the National Cyber Security Centre updated its guideline "Home network and router security (External link)". With the new update, the guideline also specifies how the router is connected in the right way and how the factory settings can be corrected to make them safer. These instructions help you to 

• connect the network cables correctly
• remove the possibility of controlling the router remotely outside your own network
• change the default password
• enable the device to update automatically
• and many other things that protect your own network from criminals’ attempts to break into it. 

The Hyöky service expands to companies critical for security of supply

Companies that are critical from the point of view of society’s functioning can now participate in the company pilot of the Hyöky service. In the first phase, the service is offered especially to water supply and energy companies and to ports. Previously, municipalities and other organisations in public administration have been able to subscribe to the Hyöky service.

Hyöky, or national attack surface mapping for improving cyber security, is a service that enables the organisation to get specific information on its attack surface that is visible online. The National Cyber Security Centre of the Transport and Communications Agency Traficom is mapping the entire attack surface of Finland, and organisations can through the service subscribe to an overview of the observations concerning their own organisation. The observations are presented in reports that provide an organisation-specific situation picture, explain what the possible deficiencies are and recommend remedies.

Hyöky helps the company to identify its entire attack surface that is visible on the internet, including services that have been forgotten and are no longer actively maintained. Identifying the attack surface is important so that the company can prevent cyber threats and take care of its cyber hygiene. Knowing the attack surface also speeds up responding when new threats emerge.

Attack surface mapping makes it easier for a company to target and also procure more in-depth vulnerability assessments of critical systems from service providers. From the point of view of obtaining a comprehensive situation picture, it is advisable to take advantage of both attack surface mapping and vulnerability assessments.

The National Cyber Security Centre implements a pilot for companies critical for security of supply together with the National Emergency Supply Agency. The companies that will be included in the pilot (water services, energy and ports) can participate free of charge. As the number of participants in the pilot is limited, the organisers reserve the right to select the participants, if necessary. To be able to participate in the company pilot, the company must subscribe to the service through the subscription channel available at hyöky.fi (External link).

More information and instructions for subscribing to the Hyöky service can be found online at hyöky.fi. If your organisation does not yet belong into any of the mentioned target groups or you want to ask more about the Hyöky company pilot, you can get in touch with your contact person at the National Emergency Supply Agency or the National Cyber Security Centre or send an email to hyoky@traficom.fi .

Recently reported scams

In this summary, we provide information about scams reported to the NCSC-FI during the past week.