In November, the Information System Authority (RIA) identified attacks on Estonian state IT infrastructure with similar pattern in three different cases. The cyber-attacks targeted the servers of the Ministry of Economic Affairs and Communications, the Ministry of Social Affairs, and the Ministry of Foreign Affairs. The three attacks shared a similar pattern: the servers hosting the websites were attacked in an attempt to exploit vulnerabilities in their configuration.
According to the Lauri Aasmann, Director of Cyber Security of RIA, criminals are always looking for new ways and security vulnerabilities to attack systems. ‘If, for example, a system was secure a year ago, it does not mean that all is well and nothing needs to be done with it. Technologies evolve very fast, allowing for more possibilities to abuse them. New vulnerabilities are discovered almost every week, and the attacks that have taken place prove that criminals are actually exploiting them. This is why continuous and systemic investments into cyber security are necessary, along with preparing a crisis management plan in case an attack should still take place,’ Aasmann emphasised. He added that even though efficient cyber security may seem expensive, bothersome, and sometimes overstated, it does continue to be more and more important, because in the end it is cheaper to prevent problems than to deal with the damages.
In the last quarter, the Information System Authority also received several reports of attempts to extort money from companies with denial-of-service attacks. Companies received letters in which criminals threatened to organise a denial-of-service attack if the company did not pay the ransom. These attacks are part of a global string of blackmails which began to spread in August and reached Estonia in autumn. Criminals want to earn quick profit by it. The effects of the attacks seen in Estonia was different: in some cases, the attack resulted in disruptions which affected the website of the company and lasted only a few minutes; however, the attack which had the biggest impact (the parent company of a bank operating in Estonia was attacked) rendered a bank’s payment terminals inoperable for a few hours during peak hours, which prevented or postponed transactions worth millions of euros in the region.
CERT-EE continues to receive notices every month of ransomware attacks, which are mostly organised using network connections left open for the Remote Desktop Protocol (RDP). As many as three-quarters of the ransomware incidents reported to us in 2020 were definitely or most likely committed using the RDP. This is why we still urge everyone to make the servers and computers of their organisation inaccessible from the whole Internet.
The full version of the cyberspace review of the 4th quarter of 2020 provides more information about the topics covered above and gives an overview of the Revised Directive on Security of Network and Information Systems (NIS 2.0).
Kertu Kärk
Head of the Communication Department
