Information security now!
This week we cover topics such as ransomware, reporting and the cyber weather.
Preparedness and reporting in the fight against ransomware
Ransomware is a threat to organisations of all sizes and sectors. Financially motivated criminals carry out attacks opportunistically so attack preparedness is important for all organisations. With basic security measures, organisations can prevent a large proportion of ransomware attacks.
The key protection measures against ransomware attacks are keeping systems up to date, using multi-factor authentication and backing up.
The importance of knowing your environment
An up-to-date understanding of the systems you use enables both the building of update processes and the monitoring of the systems in use. The speed of implementation of critical updates is now more important than ever. For example, Microsoft's annual digital security report mentions that the window of opportunity for critical patches has been reduced to just 24–48 hours, as exploit attempts start almost as soon as a vulnerability becomes public.
A focus on testing and practice
Testing and practice are also an essential part of organisational preparedness. It makes more sense to plan and practise in advance, both for restoring backups and for operations and communication in the event of a ransomware attack. That way, an organisation can be better prepared to face a potential crisis. For help, see the National Cyber Security Centre (NCSC-FI) guidelines and the exercise service. Read also the NCSC-FI's related guidance for management.
Also report to the NCSC-FI
It is also important to report cases of ransomware to the NCSC-FI. We help organisations to cope with the situation and advise on necessary measures. We also continuously collect up-to-date information on the cyber security situation in Finland, and much of our situational awareness is based on reports from Finnish organisations. The information we receive allows us to alert other organisations. It is in all our interests to have as much information as possible about ransomware attacks. A cyber-secure Finland is built through cooperation.
A checklist for reporting to the NCSC-FI:
- Make your first report as soon as possible. More information can be provided later as the situation becomes clearer.
- Description of the situation and timeline of events
- Impact on your own organisation
- Measures taken and known solutions
- Known Indicators of Compromise (IoC)
Usefulness of information (whether the incident can be discussed with the service provider, whether a crime has been reported, whether information can be shared between security authorities)
When in doubt, share rather than not sharing. Even small data breaches can be significant for overall cybersecurity in Finland, when taken together.
Wide range of reports
The NCSC-FI receives about 300–400 reports of different security breaches every week.
The reporter may be a citizen who has received a scam message or a company that is reporting the detection of malware. Sometimes, the reporter is directed to report their findings or problems to another authority, for example.
Sometimes, cases are reported that are not immediately clear to the experts investigating them. The NCSC-FI has received reports this year with the subject "Facebook account hijacked" without contact details or other additional information. There's no need to spend a huge amount of time on these types of reports, but interesting and recurring reports do stick in the mind.
A mystery began to unfold in autumn 2024, when similar reports mentioned a school assignment. At educational institutions, there was an exercise where a citizen, a student, had his or her social media account hijacked and the actions to take in such a situation were reviewed. Naturally, some of the students also reported this to the NCSC-FI! The national cyber security situational picture produced by the NCSC-FI is based on reports from citizens and organisations. For similar school assignments, we hope to see a reference to a practice or school exercise in the future. Thank you to each and every one of you who submitted reports. On an annual level, the NCSC-FI receives about 20,000 reports. You can report a data breach here (external link)
October Cyber Weather 2024
October saw grey clouds in the Cyber Weather, as incident reports to the NCSC-FI increased following the calmer weather of the early autumn.
As in the previous month, the number of denial-of-service (DoS) attacks, especially against the banking sector, continued to rise in October.
The Cyber Weather again addresses the five most important threats in the short term. The field of long-term threats focuses on cybersecurity in industrial automation. This time, the report exceptionally publishes the third-quarter's statistics on DoS attacks.
Read October’s Cyber Weather here!
Recently reported scams
In this summary, we provide information about scams reported to the NCSC-FI during the past week.
Vulnerabilities
CVE: Useita
CVE: Several
CVSS: 9.8
What: Several repair patches for Ivanti products
Product: Several
Fix: Update your products
CVE: Several
CVSS: 9.8
What: Several repair patches for Microsoft products
Product: Several
Fix: Update your products
About the weekly review
This is the weekly review of the National Cyber Security Centre Finland (reporting period 8 November–14 November 2024). The purpose of the weekly review is to share information about current cyber phenomena. The weekly review is intended for a wide audience, from cybersecurity specialists to regular citizens.