Weekly review of the National Cyber Security Centre Finland (NCSC-FI) - 12/2025

How to identify genuine websites and authorities – avoid online scams

Online scams where criminals pose as banks, authorities, or online shops to obtain personal information are becoming increasingly common. According to the police (External link) Finns lost over 84 million euros to online scams last year – a 70 per cent increase from the previous year. 

We have published a guide explaining how to ensure that the website you are using is genuine and that the sender of a message is who they claim to be. Below are some key takeaways, and you can read the full guide here: How to identify genuine websites and authorities – avoid online scams  (External link) 

Finnish InfoSec 2025 seminar organised by Traficom and the National Emergency Supply Agency attracted a record audience

Traficom and the National Emergency Supply Agency annually organise a one-day cybersecurity seminar covering current themes in cyber security and digital security of supply. This year’s event, held on 12 March, drew a record audience of 3,350 participants from Finland and abroad. 

The theme of the 2025 seminar was protecting the digital society. 
The event was opened by the Minister of Transport and Communications Lulu Ranne. Keynote speakers included the Deputy Director-General Emmanuel Naëgelen of the French Cybersecurity Agency (ANSSI) sharing insights on the impact of technology on national security and Chief Analyst John Hultquist of Google Threat Intelligence discussing current cyber threats and attacks. Other presentations covered ransomware trends, vulnerabilities in digital societies, influence operations, and cyber threats in the space sector.

Panel discussions focused on organisational cybersecurity culture and challenges in the CISO role. The event highlighted the importance of foresight, collaboration, and new solutions in combating evolving cyber threats.

During the event, the recipient of the 2025 Information Security Trailblazer award was announced. This year, the award was given to Chief Senior Specialist Kimmo Rousku from the Digital and Population Data Services Agency for exemplary and long-term contributions to the development of Finland’s cyber security and digital security.

A recording of the event has been published on Traficom's YouTube channel (External link).
View the programme and speakers on the Finnish InfoSec seminar website (External link). 

1. AiTM phishing techniques increasingly used in M365 data breaches

Phishing for Microsoft M365 credentials has been rampant in recent years. Various phishing tactics have led to numerous M365 account breaches. One method, adversary-in-the-middle (AiTM) phishing, which bypasses multi-factor authentication, has become increasingly common. Microsoft  (External link)reported that AiTM attacks increased by 146 per cent in 2024, and the trend has also been observed in Finland.

The NCSC-FI has published a guide on detecting and preventing AiTM attacks. This week, we updated the guide with log analysis tips to detect AiTM phishing and breaches, as well as security settings and rules to prevent data breaches.

Read the guide   AiTM (adversary-in-the-middle) attacks and their prevention  (External link) 

See also our guidance on Entra ID settings published last week (in Finnish): 
Updates in Entra ID settings - When did you last check your M365 Entra ID settings? (External link)