Language switcher

You are here

RIA’s cyberspace analysis: attempted attacks against public authorities continue

According to the Information System Authority (RIA), in the first quarter, the security of the cyberspace was affected by the vulnerabilities of the Microsoft email server, attempts to access the servers of public authorities, and denial-of-service attacks and extortion in connection with those attacks.

In the first months of the year, attempts to attack public authorities continued. The attackers used the same pattern which was used in the autumn of 2020 for compromising several public authorities and ministries, by identifying security gaps in the servers through scanning, uploading attack codes, and thereby gaining access to the servers. Two companies which are providing cloud services and software for numerous public sector authorities, including ministries and local governments, reported attacks with such a pattern.

The companies affected have now fixed the critical errors, notified their clients, and cooperated with RIA’s Incident Response Department (CERT-EE) which has offered public authorities an opportunity to check their websites by using the same tool which was used by the offenders. The aim of this is to fix any errors before they are detected by the attackers.

In the beginning of March, Microsoft announced that it had identified and fixed several different vulnerabilities in its email server software that allowed an attacker to gain access to emails, passwords, and administrator privileges on servers. According to Microsoft, more than 60,000 clients were affected, and CERT-EE identified eighty vulnerable servers in Estonia.

‘In spite of the repeated informing and explaining work, however, follow-up monitoring showed that only a third of all owners of services had made the required improvements and fixed their security gaps within a week. When a vulnerability has been announced, it is necessary to act very quickly and fix the security gaps – otherwise, there is a real risk of being beaten by the offenders and the device being compromised,’ explained Märt Hiietamm, Head of the Analysis and Prevention Department of RIA.

Denial-of-service attacks, which began to spread last year and which are launched with an aim of blackmailing the targeted companies, continued in the beginning of the year. Several companies have fallen victim to repeat attacks and received new extortion letters, requesting a ransom for stopping the attack. ‘To our knowledge, no Estonian companies have obeyed the offenders so far and several companies have improved their preparedness to cope with DoS attacks even further after the first attacks,’ noted Marju Hendre, Chief Analyst of the Analysis and Prevention Department.

The Incident Response Department of RIA (CERT-EE) registered 642 incidents with an impact within the three months. Read more about the trends and incidents in the cyberspace on the overview of the first quarter which can be found on RIA’s website: https://www.ria.ee/et/uudised/trendid-ja-tahelepanekud-kuberruumis-i-kva....

 

Seiko Kuik
Press Officer of the Information System Authority
5851 7028
seiko.kuik [at] ria.ee
 

More news on the same subject

28.04.2021

The new yearbook of the Information System Authority (RIA) on cyber security summarises the most influential incidents in cyber space

28.04.2021 – In its most recent yearbook on cyber security, the Information System Authority (RIA) talks about the record number of phishing reports, denial-of-service attacks, and Emotet malware and cyber attacks against Estonian ministries that took place last year. In addition to incidents, you can read about the effect that COVID-19 had on Estonian cyber space, RIA’s larger role in elections, and the new information security standards of Estonia, as well as the most important developments in international cyber cooperation. The yearbook is available on the website of RIA (PDF).