Language switcher

You are here

The last quarter of 2020 was distinguished by attacks against the IT infrastructure of Estonia

The main topic of the cyberspace review of the 4th quarter of 2020 by the Information System Authority (RIA) is successful cyber-attacks against state institutions, which showed that nobody is completely safe in the cyberspace. 

In November, the Information System Authority (RIA) identified attacks on Estonian state IT infrastructure with similar pattern in three different cases. The cyber-attacks targeted the servers of the Ministry of Economic Affairs and Communications, the Ministry of Social Affairs, and the Ministry of Foreign Affairs. The three attacks shared a similar pattern: the servers hosting the websites were attacked in an attempt to exploit vulnerabilities in their configuration.

According to the Lauri Aasmann, Director of Cyber Security of RIA, criminals are always looking for new ways and security vulnerabilities to attack systems. ‘If, for example, a system was secure a year ago, it does not mean that all is well and nothing needs to be done with it. Technologies evolve very fast, allowing for more possibilities to abuse them. New vulnerabilities are discovered almost every week, and the attacks that have taken place prove that criminals are actually exploiting them. This is why continuous and systemic investments into cyber security are necessary, along with preparing a crisis management plan in case an attack should still take place,’ Aasmann emphasised. He added that even though efficient cyber security may seem expensive, bothersome, and sometimes overstated, it does continue to be more and more important, because in the end it is cheaper to prevent problems than to deal with the damages.

In the last quarter, the Information System Authority also received several reports of attempts to extort money from companies with denial-of-service attacks. Companies received letters in which criminals threatened to organise a denial-of-service attack if the company did not pay the ransom. These attacks are part of a global string of blackmails which began to spread in August and reached Estonia in autumn. Criminals want to earn quick profit by it. The effects of the attacks seen in Estonia was different: in some cases, the attack resulted in disruptions which affected the website of the company and lasted only a few minutes; however, the attack which had the biggest impact (the parent company of a bank operating in Estonia was attacked) rendered a bank’s payment terminals inoperable for a few hours during peak hours, which prevented or postponed transactions worth millions of euros in the region.

CERT-EE continues to receive notices every month of ransomware attacks, which are mostly organised using network connections left open for the Remote Desktop Protocol (RDP). As many as three-quarters of the ransomware incidents reported to us in 2020 were definitely or most likely committed using the RDP. This is why we still urge everyone to make the servers and computers of their organisation inaccessible from the whole Internet.
The full version of the cyberspace review of the 4th quarter of 2020 provides more information about the topics covered above and gives an overview of the Revised Directive on Security of Network and Information Systems (NIS 2.0).

Kertu Kärk
Head of the Communication Department
5850 9665

More news on the same subject


Trends and observations in the cyberspace Q4 2020

A successful cyber attack on public authorities showed that no one is fully protected in cyberspace



November 2020 in the Estonian cyberspace: attacks on government networks and DDoS attacks for extortion

15.12.2020 – The most serious cyber incidents in November were attacks on the networks of Estonian state agencies: criminals gained access to the servers of three ministries to a certain extent. Last month, the Information System Authority (RIA) was also notified of denial-of-service attacks (DDoS) in an attempt to extort money from companies and financial institutions.