Information security now!
This week, we cover phishing for Steam credentials, CEO fraud and managing the risk of software dependencies. We end with news from the Disobey event.
Steam credentials being targeted by criminals
The NCSC-FI has received a report of Finnish-language phishing spreading on the gaming platform Steam. Steam users are being approached with a CS2 shooter tournament theme using already compromised credentials. Do not enter your credentials on unknown or suspicious sites as they may end up in the hands of criminals.
The messages come from hacked Steam user friends’ accounts and ask the recipient to enter a CS2 tournament via a link sent by the scammer. The link leads to a site where it is possible to log in using Steam credentials, but in reality this allows the scammer to take over the victim's Steam account. Detecting the scam is challenging because the messages are written in very credible Finnish and come from familiar accounts.
Cases have revealed that the Steam Guard authentication used to manage the game service account has been transferred to a scammer and the cosmetic items (skins) on the game account have been stolen, i.e., transferred to the Steam account managed by the scammer. In the worst case, the financial loss can be very high, as in-game purchases can cost thousands of euros.
Pay close attention to the sites you are logging in to and be wary of messages that contain a link to sites you are not familiar with. If your credentials are compromised, contact Steam Support to regain control of your account. Also make a report of an offence to the police.
CEO fraud increasingly credible
The NSCS-FI has received several reports of so-called CEO fraud where the perpetrator poses as a high-level executive in the victim's organisation. The scams use outlook.com email addresses, which are mainly in the form firstname.lastname[at]organisation or web address[at]outlook[.]com (for example: eino.example.example.fi[at]outlook[.]com). The messages are written in good Finnish and often address the recipient by their first name.
The scam starts with a message asking the recipient for a favour and asking them to respond by email because of the situation. If the victim responds to the message, the scammer asks them to purchase gift cards for the organisation as corporate gifts.
Do you know what your software really contains?
Software dependency management is a critical part of a company's cybersecurity. Third-party components and libraries speed up software development, but can also introduce vulnerabilities that expose the entire system to cyber threats.
Risk management should start by mapping all third-party components and libraries in use and reading their licensing terms. This provides a basis for secure development work and helps in preparing for potential risks. The Software Bill of Materials (SBOM) is a useful tool to systematically track dependencies in software and assess their security.
Continuous testing with automated tools is a key part of security practices These tools can be used to identify and fix vulnerabilities before they become a significant threat. This proactive approach ensures the security of the software throughout its life-cycle.
Effective dependency risk management requires commitment and close cooperation between the different departments in an organisation. Collaboration helps in sharing best practices and developing common approaches that improve the information security of the whole organisation.
Read more: Managing the risk of software dependencies – why make it a part of your everyday work? (External link) (in Finnish)
NCSC-FI interests hackers at Disobey
Traficom's NCSC-FI was a prominent participant in the Disobey hacker event on 14 and 15 February. Our experts designed a hacking challenge for Disobey visitors, which included tricking an AI chatbot and – in homage to the early days of hacker culture – hacking into phone systems to find clues. "After this, I’ll always remember the Traficom switchboard number," exclaimed one visitor who solved the challenge.
The challenge recalled the long history of the Finnish Transport and Communication Agency Traficom as a provider of effective analogue and digital connectivity. Gamification was also used to illustrate what the work of the different experts at NCSC-FI entails. The white hat hacker attitude was particularly highlighted. It is needed, for example, to test, evaluate and monitor the security of products, systems and encryption technologies.
In addition to the challenge, visitors had the opportunity to learn about the NCSC-FI’s activities and receive mentoring from cybersecurity experts The mentoring offered support with issues such as career development or cybersecurity skills development.
Recently reported scams
In this summary, we provide information about scams reported to the NCSC-FI during the past week.
Vulnerabilities
CVE: CVE-2025-0108
CVSS: 7.8
What: Serious vulnerability in Palo Alto's PAN-OS system
Product: Palo Alto PAN-OS system
Repair: Update available
Read more: Serious vulnerability in Palo Alto's PAN-OS system (in Finnish)
ABOUT THE WEEKLY REVIEW
This is the weekly review of the National Cyber Security Centre Finland (reporting period 14–20 February 2025). The purpose of the weekly review is to share information about current cyber phenomena. The weekly review is intended for a wide audience, from cybersecurity specialists to regular citizens.