Language switcher

You are here

The new yearbook of the Information System Authority (RIA) on cyber security summarises the most influential incidents in cyber space

In its most recent yearbook on cyber security, the Information System Authority (RIA) talks about the record number of phishing reports, denial-of-service attacks, and Emotet malware and cyber attacks against Estonian ministries that took place last year. In addition to incidents, you can read about the effect that COVID-19 had on Estonian cyber space, RIA’s larger role in elections, and the new information security standards of Estonia, as well as the most important developments in international cyber cooperation. The yearbook is available on the website of RIA (PDF).

‘Corona crisis also affected the cyber space. For a start, we saw how criminals took advantage of the fears and ignorance of the public to make a profit with fraudulent and phishing e-mails. As normal life came to a standstill, a large part of daily activities switched to digital solutions and we could see how many companies and organisations were not ready for it – for example, attackers could access the data of certain companies because their remote desktops were not configured correctly,’ explains Märt Hiietamm, the Head of the Analysis and Prevention Department of RIA. ‘No domain is immune to cyber attacks. This means that every individual, each company, and organisation must constantly work on their cyber security. This is the only way forward.’

CERT-EE, the Cyber Security Department of RIA, registered 2,722 incidents with an impact last year. The past twelve months were characterised by phishing for bank and e-mail account data, distributed denial-of-service attacks (DDoS) with blackmail, and previously unknown security vulnerabilities. Although the number of fraudulent cases increased, the number of major loss events decreased. According to the information available to RIA, the single largest loss last year was over 41,000 euros. This amount was transferred by a partner of a company from Viljandi to the bank account of fraudsters. At the start of this year, there was an attempt to commit invoice fraud. If this had been successful, it would have caused record damages of about 900,000 euros. Due to the attentiveness of employees, the criminals did not receive the payments.

The yearbook also includes information about the new Estonian information security standards and the activities of EU CyberNet led by RIA in building a Cyber Security Knowledge Hub in the Dominican Republic. It also talks about the role of RIA in elections and the new EU Centre of Excellence in Cyber Crime. Raul Rikk, the National Cyber Security Policy Director, writes about guaranteeing the security of 5G networks; Oskar Gross, the Head of the Cyber Crime Unit at the Estonian Central Criminal Police, talks about maintaining cyber security; and Heli Tiirmaa-Klaar, the Director for Cyber Diplomacy Department of the Estonian Ministry of Foreign Affairs, describes how Estonia became a pioneer of cyber diplomacy.

‘The idea behind the RIA yearbook is to provide the reader with a comprehensive understanding of the current cyber security level in Estonia; it has compiled chapters on a wide variety of fascinating topics, as well as good advice to people responsible for cyber security,’ states Märt Hiietamm.

Previous yearbooks are available on the website of RIA at https://www.ria.ee/et/ametist/uuringud-analuusid-ulevaated.html.
 

Seiko Kuik
Press Officer of the Information System Authority
5851 7028
seiko.kuik [at] ria.ee

More news on the same subject

30.07.2021

Further explanation of the Information System Authority (RIA) on data theft

People whose document photo was illegally downloaded do not have to get a new document or a new photo. The incident has no impact on ID-cards, Mobile-ID, Smart-ID or e-services.

28.07.2021

The Police and Border Guard Board and the Information System Authority stopped the illegal downloading of data

28.7.2021 – Experts of the Information System Authority (RIA) have stopped the mass downloading of document photos from the identity documents database. The downloading was made possible via a security vulnerability in the photo transfer service managed by RIA. The police have detained a suspect and initiated criminal proceedings to establish the circumstances of the incident.