Language switcher

You are here

Large-scale denial-of-service attacks have ended

According to the assessment of the Information System Authority (RIA), the denial-of-service attacks that began on 21 April concluded by the evening of 25 April. The purpose of the denial-of-service attacks was to disrupt the operation of 13 websites, but due to the countermeasures applied, the effect of the attacks was insignificant.

According to the incident handling department of RIA (CERT-EE), more than two billion malicious queries were made to the websites of state authorities and companies related to the state. ‘During peak moments, we detected up to 11,000 malicious ‘users’ aiming to cripple the operation of the website per each regular user,’ said Tõnu Tammer, head of CERT-EE.

A large part of the attacks was dispersed with the help of various solutions and kept away from the websites they were targeting, which means visitors of the websites may not have even noticed the attacks. ‘Some solutions protecting the websites had to be reconfigured or, figuratively speaking, placed in front of the websites. That is why users occasionally experienced non-responsive websites. However, those were isolated, fairly short-term interruptions,’ Tammer specified.

According to the head of CERT-EE, the goal of the hackers responsible for the attacks is to get fame and create fear. ‘As soon as the attacks began, the attackers started to boast on their social media network (Telegram) and depict the attacks as more serious than they actually were to cause fear and confusion in people. With its reputation of a strong e-government, Estonia is also an attractive target for cyber attackers, as attacking us is a good way to market yourself,’ he explained. The state’s tendency to talk about what is happening in cyberspace as openly and early as possible reduces the impact of the activities of hackers on the Estonian people. ‘Of course, there are things we cannot talk about because it could help the hackers, but openness and clarity hinder the effects of attacks.’

There are well-known international cases where more technically complex and high-impact cyber-attacks are being attempted under the guise of such attacks. ‘We paid very close attention to detect whether the denial-of-service attacks were being used to divert our attention. Based on the information currently available, I can say that the denial-of-service attacks were not a cover for other kinds of cyber attacks,’ said Tammer.
Currently, it seems like the attacker has moved on to target other countries or organisations outside of Estonia. However, according to RIA, it is possible that the attacks will reoccur soon. ‘Unfortunately, as we saw from the example of the Czech Republic, the attacks reoccurred after a while. We have considered this possibility in Estonia and the additional investment in cyber security has already prepared us better for such attacks,’ said Tammer.

  • 2.25 billion malicious queries to block websites
  • Thirteen websites
  • More than ten DDoS attacks aimed at blocking the data communication channel, which would have affected the availability of services more broadly

Seiko Kuik
Press Officer of the Information System Authority

More news on the same subject

21.04.2022

DDoS attacks against state websites had no significant effect

21.4.2022 – From 4 p.m. this evening, the security incident management organisation (CERT-EE) of the Information System Authority (RIA) identified distributed denial-of-service (DDoS) attacks against state websites. The attacks caused short-term interruptions in the accessibility of some websites, but had no significant effects.

07.04.2022

Trends and Challenges in Cyber Security – Q1 2022

7.04.2022 – Russian aggression in Ukraine – is it also a cyber war? Estonia is increasing its resilience in the cyber space. A new wave of hacktivism. The CEO fraud scheme is back, but without much success.