National Cyber Security Centre's weekly review – 43/2024

Denial-of-service attacks and vulnerable home devices

This autumn, the National Cyber Security Centre (NCSC-FI) has received more reports of denial-of-service (DoS) attacks than ever before. Organisations from sectors such as finance, transport and government have been reporting their findings since the summer. Over the last two weeks, however, the number of reports has started to fall slightly.

DoS attacks can have a momentary impact or knock-on effects on other services in the targeted organisation. For example, an organisation’s remote connections or internal services may be slowed or disrupted during an attack

DoS attacks against Finnish organisations will continue to be relatively common in the near future. However, the majority of attacks will not have a significant impact on the operations of organisations or on services provided to customers and consumers, for example.

DoS attacks and the technologies and tactics used are constantly evolving. This requires organisations to assess the risks associated with DoS attacks and take the necessary protective measures. It is worth noting that protection against so-called volumetric attacks alone is not enough. It is essential that the organisation identifies what services it has on the public network, and whether all the necessary components have been checked and protected against application-level attacks. Attackers are constantly evolving so, with regard to DoS attacks, organisations need to review theirs defences at regular intervals.

Your home device isn’t part of the DoS attacks, is it?

On 2 October 2024, Cloudflare reported a world record of up to 3.8 Tbps of DoS attacks. A large proportion of the attack traffic reported by Cloudflare belonged to hacked ASUS network devices. Cloudflare refers to vulnerability CVE-2024-3080, which allows an attacker to gain access to ASUS home routers.

Vulnerable devices include popular ASUS network devices, which are also available in Finland. This vulnerability was already announced in summer 2024.

Vulnerabilities have also been found to have been exploited in Finland and disruptive traffic has been detected. Devices in a network should always be kept up to date in terms of data security. Home devices used for DoS attacks or other more serious cyber attacks are a good reminder of this.

It is becoming increasingly difficult for domestic services to protect themselves from DoS attacks when the attack traffic comes, for example, from consumer connections. Consumers are often the ones who actually use the services. In this case, the defensive measure against a DoS attack cannot be to block those domestic addresses. Make sure you keep your device up to date in terms of security and read the NCSC-FI's guidelines from cover to cover! The importance of automatic updates and correct user actions is underlined in secure use.

Preparing for billing fraud by requesting billing information

The NCSC-FI has received several reports of billing fraud schemes targeting Finnish organisations. Billing fraud is prepared by sending emails to organisations asking them about their open invoices from another organisation. Open invoices are requested to be sent in PDF format to criminals. 

The criminals’ aim is to get hold of open invoices and information about who they have been talking to. Once the invoices are received, criminals can modify them. The aim is to divert the payments to accounts managed by the criminals. In addition to forging genuine invoices, criminals may also ask you to pay a completely fake invoice.

Completion of support for data security development

During August 2024, the Finnish Transport and Communications Agency Traficom granted a total appropriation of EUR 6 million to support the development of information security. Traficom launched a call for applications for support for the development of information security on 1 December 2022. The aid was granted to a total of 313 companies vital to society. Grants awarded ranged from EUR 371 to EUR 100,000.

Of the companies that received a positive decision to receive support, 96% are small or medium-sized companies and 4% are large companies. Most of the aid, around EUR 5.1 million (85%), was granted to small and medium-sized companies. About EUR 0.9 million (15%) was granted to large companies. The aid was widely distributed to companies located in different regions.

A total of 771 companies applied for the information security development support, and ultimately 40% received it. A total of approximately EUR 20 million was applied for, more than three times the amount allocated for granting the appropriation.

NCSC-FI participates in the Cyber Security Nordic event!

Adjustment of regulation in the cybersecurity sector? Come and meet us at Cyber Security Nordic in Helsinki on 29-30 October. You can find us at stand L1C.

Also listen to the presentation by Anssi Kärkkäinen, Director General of the National Cyber Security Centre, "Cyber Sovereignty: Shaping the Future of Security and Collaboration" on Wednesday 30 October from 2.00 to 2.20 p.m.

Recently reported scams

In this summary, we provide information about scams reported to the NCSC-FI during the past week.

Vulnerabilities

CVE: CVE-2024-47575
CVSS: 9.8
What: Critical and actively exploited vulnerability in FortiManager products 
Product: FortiManager and FortiManager Cloud, multiple versions Repair: Patch, further information in the vulnerability bulletin  (External link).