Information security now!
Last year, fewer cases of ransomware were detected than in the previous year, but the number of reports increased towards the end of the year. This week we also warn about scammers interested in cryptocurrencies.
Growth in ransomware at the end of the year
2024 was a quieter year in Finland for ransomware than previous years. Towards the end of the year, however, detections and reports of such malware increased, indicating that ransomware remains an ongoing threat.
Akira ransomware was also the most reported ransomware last year and was particularly active in the early part of the year. For the rest of the year, no clear spike was observed for any particular ransomware.
Ransomware is available cheaply on the dark web and is being exploited by a growing number of differently motivated actors. While financial motives continue to be the main motivation behind ransomware attacks, the data that is stolen from the targets also plays a significant role in the breaches.
Cryptocurrency investments attract scammers
Cryptocurrency investment services have also recently attracted the attention of scammers. Significant amounts of money are tied up in various cryptocurrencies, which criminals try to obtain through scams. Users of crypto investment services have had their accounts hacked and large sums of money stolen.
Scammers have been sending messages that have been faked to look like official maintenance messages. The scam messages claim that the victim's account is somehow being exploited, or an attempt is being made to hack into or disable the multi-factor authentication that is linked to the account. For example: “We have received a request to unbind your 2FA. If this wasn’t you, call this number.” As with scams in general, the scammer tries to create a sense of urgency and scare the victim into being careless.
On the phone, scammers pose as investment service representatives and try to gain the victim’s trust in order to install a remote access program on their computer. The remote access given to the scammer helps him or her to steal the cryptocurrency funds on the computer.
Be on your guard against scams. Multi-factor authentication should be implemented whenever possible. You should not use the same passwords across multiple services. Create a hard-to-guess unique password for each service.
Think about what devices you connect to your computer
In late 2024, we received a report of a flash drive ordered from a low-cost online store with malware pre-installed on it.
USB sticks, hard drives and other storage devices bought from cheap or unreliable online stores can be faulty, counterfeit, of poor quality or even contain malware. Poor-quality devices also do not store data as well as higher quality storage media and the data and files on them can be damaged or even lost. Of course, the above also applies to all kinds of other devices that are connected to computers.
You should buy a USB stick or storage device from a well-known and trustworthy seller, such as an established brick-and-mortar store, an official online store or directly from the manufacturer. When shopping online, favour online shops in EU countries. Online shops and retailers in the EU are generally reliable and abide by EU regulations with respect to, for example, consumer protection, data security and privacy laws.
Coming: Software Security 2025 webinar 11 February
The Cyber Resilience Act (CRA) is a regulatory framework due to enter into force in 2027, which aims to improve the security of products placed on the EU market so that they are less vulnerable.
What does CRA mean in practice and will the coming regulation affect your organisation?
Join our Software Security 2025 – Businesses and Regulation webinar on Tue 11 February from 1.00 to 4.30 p.m. The webinar will give you concrete tools to help you prepare and case studies of how companies have integrated regulation and software security into their operations.
Recently reported scams
In this summary, we provide information about scams reported to the NCSC-FI during the past week.
Vulnerabilities
CVE: CVE-2024-40762 (CVSS 7.1), CVE-2024-53704 (CVSS 8.2), CVE-2024-53705 (CVSS 6.5), CVE-2024-53706 (CVSS 7.8)
What: SonicWall released updates for critical vulnerabilities in firewalls
Product: The vulnerability applies to SonicWall Gen 6, Gen 6.5, Gen 7 and TZ80 firewall products.
Fix: Upgrading a vulnerable software version to the latest version offered by the manufacturer.
For more information, see the vulnerability bulletin 1/2025 (in Finnish).
CVE: CVE-2025-0282
(CVSS: 9.0) and CVE-2025-0283 (CVSS: 7.0)
What:
Product: The vulnerability applies to Ivanti Connect Secure, Ivanti Policy Secure and ZTA Gateway products.
Fix: Update devices with a vulnerable software version to the latest software version provided by the manufacturer without delay. The update is available via the Ivanti download portal.
For more information, see the vulnerability bulletin 2/2025 (in Finnish).
ABOUT THE WEEKLY REVIEW
This is the weekly review of the National Cyber Security Centre Finland (reporting period 3–9 January 2025). The purpose of the weekly review is to share information about current cyber phenomena. The weekly review is intended for a wide audience, from cybersecurity specialists to regular citizens.