In Estonia, the State Information System Authority (RIA) identified 439 impactful cyber incidents in February, marking the highest figure in the last year. There were 383 impactful incidents in January, the highest in six months. The difference with the first few months of the previous year is twofold.

An impactful incident means that criminals were successful in defrauding someone, taking down a website or breaking into a system.

"Two things stand out. Phishing, specifically through emails and messages, encouraging people to click and enter their passwords or PIN codes, thereby losing information or money. And the second thing is more straightforward scams through Facebook, including quite a lot on Facebook Marketplace, where people also fall victim to swindlers," explained Märt Hiietamm, head of RIA's analysis and prevention department.

In 2023, more than half of the impactful incidents, 1,722, were phishing attacks. In the first two months of this year, there have been 530 such incidents, more than three times higher than the year before.

"People of different ages are targeted. It's not just specific sectors. A very competent young IT person, simply tired and expecting a package, receives a message from DHL and ends up clicking on it – it can happen like that," Hiietamm admitted.

Money is also extorted from entrepreneurs through ransomware attacks, in which company files and systems are effectively held hostage. To regain access to the data, a payment is required. Unfortunately, few such cases come to public attention because entrepreneurs are embarrassed. However, it should be discussed.

"When data and systems are encrypted, that's the final stage of a cyberattack. But how the attacker reached the company's systems is always the most interesting part and actually where we can apply different defenses. But again, this information needs to be shared," said Jürgen Erm, CEO of Cybers/Security Software.

"Thanks to such public sharing, you're actually protecting other companies; they can take your experience into account. And broadly, if we think about the interests our neighboring country might have in damaging Estonia's IT systems, then collectively, we're on the same side of the frontline," he added.

Estonia's eastern neighbor is interested in conducting denial-of-service attacks to take down nationally important services. The attacker targets a website and artificially creates a situation as if a large number of people are trying to access it at once. The page cannot handle the suddenly increased load and becomes inaccessible.

All experts predict an increase in denial-of-service attacks.

"Attackers learn. They attack in a more targeted, smarter way, combining different methods. And they are dangerous in that, at some point, under the cover of these attacks, they might break into organizations' or companies' information systems, leading to data breaches and compromised security. That's the bigger threat," said Margus Vaino, head of cybersecurity at Telia.

The most frequent targets are information and communication companies. Telia also sees attack attempts both against its clients' networks and its own.

"We are rather able to fend off denial-of-service attacks, but we definitely cannot protect against targeted attacks, hacking. And here, the role of each company's information security manager or IT people is very important," Vaino said.

If a company thinks it's fairly well protected in terms of cybersecurity, this is tested with ethical hacking, asking specialists to attack their systems to find weak points. Cybers is one of the companies that offer such a service.

"There hasn't been a case where our attackers couldn't get access to a company. That's a common denominator there," Erm said, admitting that no one is fully protected.

"In cybersecurity, you can minimize risk, you cannot completely eliminate it."

Estonia has learned to better withstand attacks, and such cyber readiness is one of our advantages over other Western countries, believes cybersecurity expert Adrian Venables, cybersecurity program director at Tallinn University of Technology and former navy officer. Concern would arise if Russia started doing the same as in Ukraine, for example, knocking out the electric grid.

"Currently, we see service blocking, temporary attacks, our usual way of life being hindered. But if our adversaries want to destroy our infrastructure, then it takes cyberattacks to the next level," he said.

Although such a change would be very serious, he does not believe something like that will happen soon, as NATO's umbrella extends over cyberspace as well.

"In my opinion, we shouldn't worry too much because NATO has said it can interpret a sufficiently serious cyberattack as equivalent to a physical attack," Venables noted.

--

Follow ERR News on Facebook and Twitter and never miss an update!