The RIA monthly summary indicates that in March, several websites experienced service disruptions due to technical issues. For example, the draft legislation information system (eelnoud.valitsus.ee) of the Government Office, and the websites oiguskantsler.ee, aki.ee, prokuratuur.ee, rik.ee, konkurentsiamet.ee, and vanglateenistus.ee, which are managed by the Centre of Registers and Information Systems (RIK), were unavailable.
On 9 and 10 March, there were technical difficulties with the automatic border control gates (ABC gates) at Tallinn Airport. As a software error caused problems at the gates with the detection of document chips and biometric verification, passengers were directed to manual passport control.
On 16 March, disruptions occurred in the digital prescription service. Pharmacies were not able to sell medicines or medical devices on the basis of prescriptions issued on that date.
On the night of 19 March, the maintenance partner of Estonian Railways Ltd carried out a scheduled restart of its servers. Following this, a fault occurred in the traffic control systems, and traffic controllers at the Baltic Station were unable to manage the trains. The problem was resolved at around 9.30 a.m. Train services across Estonia returned to normal at 2 p.m.
On 25 March, when the Defence Forces issued a nationwide alert regarding a drone threat, neither the mailbox nor the document view opened in the Estonian app. Instead, users were shown an error message relating to VPNs. Due to a sudden surge in traffic and queries, security measures were triggered, blocking some of the queries.
In March, phishing emails were circulated that appeared to have been sent on behalf of LHV Pank. The emails stated that it was time to update data and that to do so, the recipient needed to log in via the link provided in the email and confirm the accuracy of the data with their signature. The link in the email led to a phishing page designed to steal the login details of the user. Various scam websites spread last month, mimicking state agencies and media portals, attempting to lure victims into transferring their money to an investment platform. You can read more about how this scheme works and how to recognise scam ads on the RIA blog.
In mid-March, it became clear that a group with links to Iran had begun retaliating in cyberspace for the attacks that had hit the country. The US company Stryker, one of the largest manufacturers of medical devices, was chosen as the target. As a result of the attack, the operations of the company were severely disrupted. Although this particular attack targeted a US medical company, other countries and sectors, including in Estonia, are also potentially at risk due to the attack vector used. You can read more about the attack and our recommendations in the risk assessment.
