The Estonian Information System Authority (RIA) registered 202 impactful cyber incidents in October, more than in any other month so far this year.
No impactful attacks against election technology or systems affecting the vote were detected before or during the local government elections. The election period was calm in terms of cyber incidents, according to RIA.
In October, distributed denial-of-service (DDoS) attacks continued against schools and educational services. Consistent attacks were registered against a vocational education establishment in Tallinn from the end of September until mid-October.
In the morning of October 18, a DDoS attack lasting close to one hour was carried out against a school in central Estonia. From 11:30 a.m. to 2:40 p.m. on October 20, several attempts at flooding the server of a school in southern Estonia were made and a three-minute attack was carried out on the afternoon of the same day against the Moodle learning platform managed by the Education and Youth Board. The attacks or attempted attacks are often carried out by students, according to RIA.
RIA was informed of two ransomware attacks in October. One of them affected a large company, which managed to restore most of its workstations with the help of data backup. The second attack was targeted against an Estonian producer and seller of chemical products. The ransomware encrypted the files on the company's server, halting the business' work for some time.
In addition to ransomware, criminals have also used other means to try to extort money from entrepreneurs.
A small car repair company informed RIA that its financial software and database had been erased from the company's server, disrupting the provision of service. The attacker left a note on the computer with instructions on how they are to be contacted in order for the company's data to be stored in exchange for payment and how the business was to act if it wanted to prevent further leaks.
An enormous number of phishing emails are being sent in the cyber space. The account of an employee of a hospital was compromised after the employee had left their data on a phishing website and her account was used for sending thousands of phishing emails requesting contact data from their recipients. In addition to attempts to obtain people's account details, phishing emails trying to gain access to people's bank account details are also continuously registered.
The number of emails containing malware also increased in October. For example, an email seemingly sent by the Estonian Chamber of Commerce and Industry was being sent around with the subject "Quote needed". If the recipient opened a file attached with the email, malicious software was launched.
Editor: Kristjan Kallaste