Information security phenomena in 2014
The number of scam campaigns increased in Finland, the basic structures of the internet were shaken, and the threat posed by targeted attacks continued to grow
Web users were extensively affected by the information security problems of 2014. The problems consisted of a wide range of threats posed by the cyber world. Basic users in Finland were plagued by online scams. Globally, targeted attacks appeared in a totally new kind of scale. Vulnerabilities related to traffic encryption had the most wide-stretching impact on all web users. The most significant vulnerability was the Heartbleed vulnerability in the OpenSSL library.
During several months, consumers were troubled by a scam campaign related to bank identifiers. The campaign began in the spring of 2014. "Thanks to close cooperation between authorities and businesses, we managed to reduce financial loss to a significant extent when the scam websites were quickly identified and removed from the web. The experiences prove the importance of coordination and encourage to cooperate in the future as well", says Kirsi Karlamaa, Director of the National Cyber Security Centre at the Finnish Communications Regulatory Authority (FICORA).
The impacts of the targeted attacks, which received plenty of publicity, were also seen in Finland. "During 2014, we informed of targeted attacks at least twice as much as we did in 2013. This trend seems to be permanent and it is expanding to concern an increasing number of players. Awareness of the threat and the impacts of targeted attacks is still a problem in organisations because attacks differ from ordinary malware in terms of both detecting them and reacting to them", continues Karlamaa.
When examining individual incidents, the most significant one is the Heartbleed vulnerability in the Open SSL encryption library. At the same time, vulnerability research concerning other encryption libraries increased as well. Some alarming vulnerabilities were detected in them during the year.
"People can make snap judgements and start questioning the reliability of encryptions and information security. The phenomenon does prove how vulnerable information security can be. On the other hand, systematic tests enable that problems can be located and fixed. The impact may very well be totally opposite. As the probable result, the information security and tolerance of encryption solutions are improved", predicts Karlamaa.
Although there have been several different types of information security threats also against information networks in Finland, Finnish users and players have managed to keep network devices clean, which is also indicated by success in international comparisons. "Cyber threats do not follow national boundaries. Therefore, the success in comparisons proves that Finland, as a whole, is one of the top countries in the world with regard to cyber security.
Antti Kiuru, Head of FICORA's National Cyber Security Centre, tel. +358 295 390 559
A more extensive annual report by FICORA's National Cyber Security Centre will be published at the end of January.