RIA yearbook: Cyber criminals took advantage of COVID-19 fears

State's Information System Authority (RIA).
State's Information System Authority (RIA). Source: Nelli Pello/RIA

The Estonian Information System Authority (RIA) says in its recently published cyber security yearbook that cyber criminals have been keen to exploit people's coronavirus fears.

The yearbook (link in Estonian) talks about record number of phishing, distributed denial-of-service (DDoS) attacks, Emotet malware and cyber attacks on ministries in 2020.

In addition to the incidents, the yearbook also touches on the impact of COVID-19 on Estonian cyberspace, the greater role of RIA in the elections, the new Estonian information security standard and the most important developments in international cyber cooperation.

"The coronavirus crisis also affected what was happening in cyberspace. First, we saw that criminals took advantage of people's fears and ignorance to make a profit from fraudulent and phishing e-mails. As normal life came to a standstill, much of life moved to a digital solution, and it was felt that many companies and institutions were not ready for it at the time - for example, scammers gained access to some companies' data because teleworking solutions were not set up correctly," Mart Hiietamm, head of the analysis and prevention department at RIA, said.

Hiietamm added that there are no areas that could not be affected by cyber incidents. "This means that every person, company and institution must constantly contribute to their own protection in cyberspace. It simply cannot be any other way," he added.

The CERT-EE unit responsible for the management of security incidents at RIA registered 2,722 incidents last year. The year was marked by bank and e-mail account phishing, DDoS attacks involving blackmail and hitherto unknown security vulnerabilities. Although there were more frauds last year, there were fewer large losses. 

To RIA's knowledge, the largest one-off loss last year was over €41,000, which a partner of a Viljandi-based company transferred to a scammer's account. At the beginning of this year, there was an attempt at invoice fraud, which, if successful, would have broken the loss records with approximately €900,000. Thanks to the attention of the employees, no payments were made to the fraudulent account.

Among other things, readers can learn about the new Estonian information security standard and how RIA-led EU CyberNet is setting up a cyber security center of excellence in the Dominican Republic. The role of RIA in the elections and the future EU Cyber Security Competence Center are also discussed.

Raul Rikk, the cyber security policy chief of Estonia, writes about ensuring the security of 5G networks, Oskar Gross, head of the Central Criminal Police's cyber crimes department, discusses maintaining cyber security, and Heli Tiirmaa-Klaar, Estonia' special envoy on cyber security, explains how Estonia has become a pioneer of cyber diplomacy.

"The idea of the RIA cyber security yearbook is to give the reader a broad snapshot of the level of cyber security in Estonia, with interesting reading for everyone as well as good recommendations for those responsible for cyber security collected between its covers," Hiietamm said.


Follow ERR News on Facebook and Twitter and never miss an update!

Editor: Kristjan Kallaste

Hea lugeja, näeme et kasutate vanemat brauseri versiooni või vähelevinud brauserit.

Parema ja terviklikuma kasutajakogemuse tagamiseks soovitame alla laadida uusim versioon mõnest meie toetatud brauserist: