Number of impactful cyberattacks up by a quarter on year in Estonia
Estonia's Information System Authority (RIA) registered over 3,000 cyberattacks that had an impact last year, up by a quarter since the year before. Both politically motivated denial of service attacks and scams targeting companies and individuals hit new records.
All types of cyberattack have become more common since Russia's invasion of Ukraine, while dedicated denial of service (DDoS) attacks have done so the most, targeting public sector, financial, transport and media sector sites and e-services.
Gert Auväärt, acting deputy director of RIA, said that attackers probe companies' and organizations' networks, looking for vulnerabilities.
A major cyberattack hit the Delfi news portal, rendering it unreachable for a time last year.
"This does not mean we were hit just once. We're experiencing them [attacks] almost daily. We have simply improved our systems to a point where smaller attacks have no effect on us," said Mari-Liis Rüütsalu, CEO of operator Ekspress Grupp.
One of the year's more serious cyberattacks took place last September when train tickets went off sale for almost 24 hours. Auväärt said that the effect of cyberattacks has clearly grown.
"And we're talking across sectors, including critical infrastructure where the main goal is to sow fear and send a political message. A cyberattack is a kind of extension of foreign policy," he said.
Next to that, traditional cybercrime aimed at making money is alive and well too. Last year, criminals conned people in Estonia out of at least €8.3 million. People trust the government and agencies, which the criminals are quick to exploit.
"The scammers are resourceful. They talk to people pretending to be the police, banks and other organizations to defraud people and involve them in various schemes," said Vjatšeslav Milenin, head of the severe crimes unit of the North Prefecture.
He said that the tools used by cyber criminals remain largely the same because they work. RIA recommends using different passwords for work, school and home accounts as a first precaution. However, companies should make more of an effort to improve cybersecurity.
"It is understandable when businesses are concentrating on their main activity – making money or creating something – and it's difficult to prioritize cybersecurity. But failing to do so might end up jeopardizing that main activity," Auväärt remarked.
He also urged companies that come under ransomware attack not to pay, even if that means having to restore systems from scratch.
--
Follow ERR News on Facebook and Twitter and never miss an update!
Editor: Marko Tooming, Marcus Turovski