Language switcher

You are here

November 2020 in the Estonian cyberspace: attacks on government networks and DDoS attacks for extortion

The most serious cyber incidents in November were attacks on the networks of Estonian state agencies: criminals gained access to the servers of three ministries to a certain extent. Last month, the Information System Authority (RIA) was also notified of denial-of-service attacks (DDoS) in an attempt to extort money from companies and financial institutions.

We wrote about the attacks on the servers of the administrative fields of the Ministry of Economic Affairs and Communications and the Ministry of Social Affairs and the server of the Ministry of Foreign Affairs in our press release. RIA assisted the authorities affected by the attack and identified how the attack was organised. In all three attacks, the server hosting the websites was attacked. In one case, the attackers managed to access the servers in the administration field. In the other two cases, they were unable to get past the web server. RIA initiated supervision proceedings, the Data Protection Inspectorate initiated its own proceedings, and the Central Criminal Police initiated criminal proceedings in connection with obtaining illegal access to the systems.

Last month, a DDoS attack was carried out on an Estonian company and financial institutions. At the beginning of the attack, the criminals sent a blackmail letter, demanding money to stop the attacks. Both companies have appropriate safeguards in place, so the impact of the attacks was minimal. If your company is hit by a denial-of-service attack or you receive a blackmail letter, let us know at cert@cert.ee.

In November, a company offering a cryptocurrency trading platform registered in Estonia announced that a large amount of Bitcoin and Ethereum cryptocurrencies had been stolen from them due to the platform’s security vulnerabilities.

The effect of the Emotet malware, which reached Estonian computer users in autumn, can still be seen in winter. Last month, 150 infected devices were reported to RIA. Malware can be installed in Emotet-infected devices, which can, in turn, steal and encrypt data. The real damage caused by Emotet attacks will be revealed much later, when the criminals have found out which companies or institutions they were able to hack with their malware.

Activities to improve cybersecurity in Estonia

In connection with the attacks on the servers of Estonian state agencies identified in November, which took advantage of critical vulnerabilities in web servers, CERT-EE prepared recommendations for vital and important service providers to prevent such incidents.

Together with the seniors’ university programme, the Information System Authority organised a two-part virtual workshop on cybersecurity. Based on the workshop, a two-part Russian-language training video has also been completed, which can be found here and here.

In early November, the Information System Authority published a guide on how to safely set up your own or your family member’s smartphone. These tips can be found here.

Seiko Kuik
Press Officer of the Information System Authority
5851 7028
seiko.kuik@ria.ee
 

More news on the same subject

12.01.2021

Trends and observations in the cyberspace Q4 2020

A successful cyber attack on public authorities showed that no one is fully protected in cyberspace

Situation

12.01.2021

The last quarter of 2020 was distinguished by attacks against the IT infrastructure of Estonia

12.01.2021 – The main topic of the cyberspace review of the 4th quarter of 2020 by the Information System Authority (RIA) is successful cyber-attacks against state institutions, which showed that nobody is completely safe in the cyberspace.