RIA: Number of cyber incidents in September slightly above annual average

State's Information System Authority (RIA).
State's Information System Authority (RIA). Source: Nelli Pello/RIA

The Information System Authority (RIA) registered 275 cyber incidents in September, which is slightly above the annual average in Estonia but nonetheless lower on year.

Compared with the summer months, fewer bank-related phishing emails were registered in September, but phishing emails and websites nonetheless remain a significant problem in Estonian cyberspace, RIA said.

For example, University of Tartu email addresses were targeted by a wave of phishing emails last month. In these emails, victims ere sent a laconic Estonian-language message that their inbox will soon be full. Over 30 users entered their account details on the phishing website and, in turn, many of these accounts started sending out spam emails themselves.

RIA emphasized that the impact of compromising such email accounts can occur with a significant delay, when criminals work through the contents of retrieved messages and find information about potential new targets.

Last month, the authority was informed of another scam attempt made via a compromised email account in which a transfer of €112,000 was directed to a bank account controlled by the scammers. According to the authority, the targeted company, which operates in the transport sector, was able to halt the transfer and retrieve the money with the help of the bank.

A service failure occurred in the internal network of East-Tallinn Central Hospital (ITKH) last month that hindered its functioning to such an extent that the hospital was forced to temporarily switch to a paper-based regime. The hospital's emergency room likewise switched to an emergency regime. The incident was caused by a human error made when installing a new network device and normal operations were restored in less than two hours.

Emergency calls disrupted for 20-minute period

On the night between Sept. 24 and 25, for a period of 20 minutes, there were disturbances in communication with the emergency call center (Alarm Centre) due to a call distribution software failure. Upon encountering problems, the Alarm Centre immediately informed the Ministry of the Interior's IT and Development Centre, which manages the software, and the latter began working on resolving the issue.

During the failure, rescue organizers could not hear the caller in the calls that reach them, while callers were also unable to hear the rescue organizer. This happened late at night, when the call load is lighter, and 26 people called emergency services during the affected period. The Alarm Centre called each of them back, and, to the best of their knowledge, none of the callers was left without aid.

On Sept. 16, between 2:27-9:44 a.m., users were unable to use RIA's authentication service TARA due to a technical failure. As a result, users were unable to log into state e-services, including eesti.ee, with any kind of authentication tools. The failure was caused by a certification update in the system, disrupting the use of TARA customers, which include some 60 public e-services.

Smart-ID recognized by RIA

At the beginning of September, RIA and Smart-ID authentication service provider SK ID Solutions entered into a contract allowing Smart-ID to also be used as a form of authentication when accessing public e-services.

According to the authority, this is an important development in the central authentication service offered by RIA and used by over 60 public sector institutions or those responsible for public law functions. This service enables authentication via ID card, Mobil-ID, bank links and the eID tools of EU member states, and, beginning this week, Smart-ID as well. Previously, Smart-ID had predominantly been in use in private sector services and limited public e-services, including the services of the Tax and Customs Board (MTA) and the commercial register.

Prior to the introduction of Smart-ID, an expert group assessed that the service meets the "high" level of of electronic personal identification. This means that Smart-ID has been assessed as equivalent to the ID card and Mobile-ID.

In 2018, Smart-ID was recognized as a Qualified Signature Creation Device (QSCD) level service, which is the highest possible level available in the EU.


Download the ERR News app for Android and iOS now and never miss an update!

Editor: Aili Vahtla

Hea lugeja, näeme et kasutate vanemat brauseri versiooni või vähelevinud brauserit.

Parema ja terviklikuma kasutajakogemuse tagamiseks soovitame alla laadida uusim versioon mõnest meie toetatud brauserist: