Cyber and shopping: Caveat emptor

The article discusses the risks associated with online and physical shopping, highlighting how tech giants and cybercriminals can access personal data and credit card details. It emphasizes the importance of privacy and cybersecurity in shopping and offers tips to avoid being hacked, such as being cautious of shoulder surfing, checking ATMs for skimmers, using credit cards over debit cards, and using contactless payment apps. The article also advises using a VPN to protect Wi-Fi privacy and being vigilant against phishing attempts.

Cyber security’s cool, calm investigator

Mikko Röntynen, head of F-Secure's B2B Product Marketing Division, combines his passion for technology with a commitment to societal good. His role involves translating technical jargon into customer-friendly messaging and incorporating market insights into product decisions. Known for his calm demeanor and effective communication, Mikko enjoys engaging with customers and partners at events. His personal interests include sports and maintaining his grandfather's house. The article highlights his ability to balance management with hands-on involvement and his knack for understanding customer needs.

Cyber attack powerlessness in the energy industry?

Cyber attacks against Critical National Infrastructure organizations, such as those in the energy industry, have been on the rise, with various adversaries including criminal profiteers and nation-states. Sophisticated tools have become more accessible after data breaches like Shadow Brokers and Vault7. Notable ransomware campaigns include CryptoLocker, CryptoWall, TeslaCrypt, and LockerGoga, which affected Norsk Hydro but not its renewable energy arm. APT groups continue to target CNI networks for espionage and political leverage, with nine significant threats identified, including Operation Sharpshooter and malware like BlackEnergy and TRITON/TRISIS. Employees are often the weakest link, with phishing emails being a common attack vector. Despite the challenges, organizations have counter-measures available, such as the VUCA framework and technologies like endpoint detection and response (EDR) solutions. F-Secure's Sami Ruohonen advises energy sector companies to review their cybersecurity standards and implement the latest technologies to detect and respond to advanced threats.

Norsk Hydro: LockerGoga encrypts everything, F-Secure researchers say

Norsk Hydro, a Norwegian aluminum producer, experienced a significant cyber attack affecting its IT systems and operations. The attack was attributed to the ransomware LockerGoga, which encrypts files and disrupts network connections. The incident prompted an investigation by IT staff, Norway’s National Security Authority, military intelligence, and external cybersecurity partners. The attack highlights the vulnerabilities in the manufacturing sector, particularly the challenges of integrating legacy systems with modern cybersecurity measures. Expert Tom Van de Wiele from F-Secure emphasized the potential for both opportunistic and targeted attacks, including the possibility of state-affiliated actors.

Forging fresh cyber security talent

Data breaches and phishing attacks are increasingly common, with cyber criminals targeting unsuspecting users and company employees. F-Secure, a Finnish cyber security company, is addressing the shortage of cyber security experts through its academies in Denmark, Finland, and the UK. Donato Capitella, Principal Security Consultant, explains their training methods, which include simulating real end-to-end attacks to teach recruits how to infiltrate networks. The training involves using phishing emails with malicious payloads to establish control and reach core servers behind firewalls.

Breaking things makes the world a better place

The article discusses a cyber security workshop held at the Disobey event in Helsinki, led by F-Secure's team, including Laura Kankaala and Christine Bejerasco. The workshop, part of the 'Future Female' initiative, aimed to teach participants about cyber security by simulating attacks and defenses. The exercise involved a scenario where a healthcare service provider, UltraTerve, needed to secure its systems for government accreditation. The workshop emphasized understanding attackers' perspectives to improve defenses and highlighted the importance of considering human factors in security. The event also served as a talent scouting opportunity for F-Secure.