In February, 347 phishing pages and 349 scam websites, mainly designed to steal bank details and other user data, were discovered. Most of the damage was caused by investment fraud, with the biggest losses of recent months amounting to tens of thousands of euros.
In most cases, scammers promise the victims a very low-risk and high-yield investment on a cryptocurrency platform. People are often repeatedly asked to make contributions and shown how their investments keep growing. If a victim wants to withdraw a larger amount, this is no longer possible. Read more about investment fraud in this article in the itvaatlik.ee portal (in Estonian).
The Incident Response Department of RIA (CERT-EE) restricts access to scam and phishing sites, informs web hosts about them, and shares information with its international partners. Information about malicious websites can be sent to [email protected].
Major cyber incidents
In terms of high-impact cyber incidents, the monthly overview of RIA highlights disruptions in the operation of Mobile-ID. In the afternoon of 3 February, the Mobile-ID service of Elisa was interrupted for an hour due to an error in the system change process and the Mobile-ID of Telia was down for about 45 minutes in the evening of 24 February.
The services of the IT and Development Centre of the Ministry of the Interior experienced disruptions twice. Around midday on 19 February, the emergency number 112 and the SOS2 emergency call handling system were disrupted, resulting in unusually long wait times for some emergency calls. In the morning of 20 February, the border control information system PIKO and the automatic border control gates were down for an hour. This was due to failed system changes and upgrades.
On 11 February, criminals used ransomware to encrypt data in a video surveillance server of a company in Tallinn. The system was penetrated through a remote desktop application (RDP) protected by a weak password. Additional security measures such as a VPN, two-factor authentication, etc. should definitely be used for remote desktop. You can read more about these in the RIA threat assessment (in Estonian) and in an article in our Yearbook.
RIA's blog helps to avoid cyber threats
In February, RIA published recommendations for the safe use of the Signal messaging app (in Estonian) in its blog, where it also drew the attention of readers to the risk that the passwords of accounts of employees of companies and institutions (in Estonian) might be stolen. Additionaly, RIA reminded computer users that Microsoft will end support for Windows 10 in October, and explained the risks involved and proposed different workarounds (in Estonian).
RIA’s monthly overview also includes a description of what was happening elsewhere in cyberspace: Russian hackers used a 7-Zip vulnerability to launch a malware campaign against Ukraine; the online store of the electronics manufacturer Casio had the credit card details of its customers stolen; a chain of blood centres in New York was hit by a ransomware attack; Kaspersky’s products were banned from Australian public institutions; and a report on the security risks of the DeepSeek-R1 artificial intelligence tool was published.
