Language switcher

You are here

The last quarter of 2020 was distinguished by attacks against the IT infrastructure of Estonia

The main topic of the cyberspace review of the 4th quarter of 2020 by the Information System Authority (RIA) is successful cyber-attacks against state institutions, which showed that nobody is completely safe in the cyberspace. 

In November, the Information System Authority (RIA) identified attacks on Estonian state IT infrastructure with similar pattern in three different cases. The cyber-attacks targeted the servers of the Ministry of Economic Affairs and Communications, the Ministry of Social Affairs, and the Ministry of Foreign Affairs. The three attacks shared a similar pattern: the servers hosting the websites were attacked in an attempt to exploit vulnerabilities in their configuration.

According to the Lauri Aasmann, Director of Cyber Security of RIA, criminals are always looking for new ways and security vulnerabilities to attack systems. ‘If, for example, a system was secure a year ago, it does not mean that all is well and nothing needs to be done with it. Technologies evolve very fast, allowing for more possibilities to abuse them. New vulnerabilities are discovered almost every week, and the attacks that have taken place prove that criminals are actually exploiting them. This is why continuous and systemic investments into cyber security are necessary, along with preparing a crisis management plan in case an attack should still take place,’ Aasmann emphasised. He added that even though efficient cyber security may seem expensive, bothersome, and sometimes overstated, it does continue to be more and more important, because in the end it is cheaper to prevent problems than to deal with the damages.

In the last quarter, the Information System Authority also received several reports of attempts to extort money from companies with denial-of-service attacks. Companies received letters in which criminals threatened to organise a denial-of-service attack if the company did not pay the ransom. These attacks are part of a global string of blackmails which began to spread in August and reached Estonia in autumn. Criminals want to earn quick profit by it. The effects of the attacks seen in Estonia was different: in some cases, the attack resulted in disruptions which affected the website of the company and lasted only a few minutes; however, the attack which had the biggest impact (the parent company of a bank operating in Estonia was attacked) rendered a bank’s payment terminals inoperable for a few hours during peak hours, which prevented or postponed transactions worth millions of euros in the region.

CERT-EE continues to receive notices every month of ransomware attacks, which are mostly organised using network connections left open for the Remote Desktop Protocol (RDP). As many as three-quarters of the ransomware incidents reported to us in 2020 were definitely or most likely committed using the RDP. This is why we still urge everyone to make the servers and computers of their organisation inaccessible from the whole Internet.
The full version of the cyberspace review of the 4th quarter of 2020 provides more information about the topics covered above and gives an overview of the Revised Directive on Security of Network and Information Systems (NIS 2.0).
 

Kertu Kärk
Head of the Communication Department
5850 9665
kertu.kark [at] ria.ee

More news on the same subject

22.03.2021

From July, Gert Auväärt will become the director of the Cyber Security Branch of the Information System Authority

22.03.2021 – On 15 July, Gert Auväärt, Deputy Permanent Representative of the Mission of Estonia to the UN, will become the director of the Cyber Security Branch.

25.01.2021

In December, a significant security vulnerability was resolved on the website of a quick loan provider

25.01.2021 – The Information System Authority (RIA) registered 149 cyber incidents in December. The damage was mainly caused by ransom attacks and invoice fraud. Among other things, the experts helped to remove a security vulnerability that would have made it possible to take out quick loans on behalf of a stranger.