TALLINN - While phishing attempts dominated as usual among the cyber incidents recorded by the Estonian Information System Authority (RIA) in July, there were also denial-of-service attacks against government websites, a cyber attack on a hospital, and numerous incidents related to fake ads and scams on Facebook Marketplace.
CERT-EE, the incident response department of RIA, recorded 269 impact incidents in July, slightly more than the average for the last six months. As part of automatic monitoring, 529 devices infected with malware were also found, about half the average number for the first months of the year.
In recent months, fake advertisements have been placed on the Facebook Marketplace platform in which various products are offered for sale 10-20 times cheaper than the market price. The products shown in the ads are most often household appliances or electronics products, the ads are written in broken Estonian and contain suspicious links.
In addition, scam attempts continue whereby the scammer claims to be interested in a product listed by a seller, but says that he doesn't have time to collect the product himself and wants to have it collected by a courier. If the seller agrees, they will be sent a link, ostensibly from a courier company, requesting confirmation of delivery. In the process, the victim is asked to enter their bank card details, and if the victim does so, their bank account will be emptied.
RIA advises everyone to be very careful when entering one's data and making payments on Facebook Marketplace and in other similar environments.
In early July, a healthcare institution in Estonia notified CERT-EE of a cyberattack. Data concerning the day-to-day operations and administrative activities of the institution had been deleted from the file server, but patients' health data remained intact. Fortunately, the hospital had proper backup copies in place and all the data was restored.
RIA described the case in question as a clear example of the importance of regular backups and how much damage they can prevent. In recent years, RIA has been actively involved in the monitoring of healthcare institutions to ensure cyber security compliance and thus the continued availability of critical services.
The number of denial-of-service attacks has been stable in recent months. Among other things, an attempt was made in July to attack the name servers of the Ministry of Foreign Affairs and RIA, the sais.ee school admissions application information system and the website of the Tallinn-based NATO Cooperative Cyber Defense Center of Excellence. In said cases services were only disrupted for a short period of time or the attacks had no effect at all.