Language switcher

You are here

In December, a significant security vulnerability was resolved on the website of a quick loan provider

The Information System Authority (RIA) registered 149 cyber incidents in December. The damage was mainly caused by ransom attacks and invoice fraud. Among other things, the experts helped to remove a security vulnerability that would have made it possible to take out quick loans on behalf of a stranger.

Last summer, RIA’s experts discovered a security vulnerability on a couple of dozen Estonian websites that did not check the validity and signature of certificates when authenticating using an ID-card, and in December, a similar security vulnerability was discovered on a website of a company providing quick loans. This vulnerability made it theoretically possible to take out quick loans on behalf of a stranger.

‘We informed the company of the vulnerability and helped to eliminate it quickly. To our knowledge, the security vulnerability was not exploited, which was also confirmed by the quick loan provider,’ said Tõnu Tammer, Head of the Incident Response Department (CERT-EE). ‘A person cannot do anything to protect themselves against vulnerabilities like this – everything is up to the service provider. A properly configured website prevents users from being abused in this way. Deficiencies can also be tracked faster if service providers log and filter queries on the website,’ Tammer suggested.

RIA also updated the Web Server Configuration Guide. All companies using public authentication services should review their web server settings and make sure to follow the latest guidelines. The new guidelines can be found in the portal www.id.ee.

In December, three Estonian companies announced that they had fallen victim to a ransom attack. In two cases, data and systems were accessed through the Windows Remote Desktop Protocol, and in the third case, through another remote connection.

A company operating in Tartu reported invoice fraud. The criminals monitored the email exchange between the company and its partner and intervened when the invoice was paid. The fraudsters presenting themselves as suppliers sent an invoice to the company operating in Tartu and asked to make the transfer to a new bank account. Unfortunately, the invoice recipient did not suspect anything and the company paid 3,400 euros to the fraudsters.

Many phishing emails were sent in the last month of the year. Emails were sent on behalf of Omniva requesting payment for the parcel received. The emails contained a link to a website controlled by fraudsters, asking the visitors to enter their bank card information. At the end of the month, fraudulent letters were sent on behalf of SEB in an attempt to gain access to the internet bank user IDs and Smart-ID PINs of bank customers. PIN2 is not needed to update your information. In general, remember that the PIN2 is equivalent to a signature.

Last year, the Incident Response Department (CERT-EE) of RIA registered nearly 2,800 cyber incidents where the confidentiality, integrity, or availability of the data or systems was compromised. A year earlier, there were about 3,200 such cases, which is 400 more. The RIA cyber security yearbook reviewing the Estonian cyberspace will be published in spring.

 

Seiko Kuik
Press Officer of the Information System Authority
5851 7028

More news on the same subject

12.01.2021

Trends and observations in the cyberspace Q4 2020

A successful cyber attack on public authorities showed that no one is fully protected in cyberspace

Situation

12.01.2021

The last quarter of 2020 was distinguished by attacks against the IT infrastructure of Estonia

12.01.2021 – The main topic of the cyberspace review of the 4th quarter of 2020 by the Information System Authority (RIA) is successful cyber-attacks against state institutions, which showed that nobody is completely safe in the cyberspace.