Number of impactful cyber incidents in Estonia nearly doubled on year

  • 2025-02-04
  • BNS/TBT Staff

TALLINN - According to the Information System Authority (RIA), Estonia experienced 6,515 impactful cyber incidents last year, nearly twice as many as in 2023, as revealed in the newly released cybersecurity yearbook.

Two-thirds of these incidents involved phishing and scam websites, with 4,224 cases detected, 2.5 times more than the year before.

RIA's incident resolution department, CERT-EE, works to restrict access to malicious sites, notifies web hosts, and shares information with international partners. However, cybercriminals continuously create new fake sites, making it essential for people to stay informed about scams, such as through the portal itvaatlik.ee, and to warn friends and family.

The number of fraud cases with registered financial losses increased by 14 percent to 624 last year. According to the Police and Border Guard Board, Estonians lost nearly eight million euros to scams in 2023, an average of 22,000 euros per day. The largest losses came from investment fraud, totaling 4.8 million euros, and banking fraud, 2.3 million euros. At the end of the year, Estonian companies faced a wave of invoice fraud, with some losses reaching hundreds of thousands of euros.

Cybercrime is becoming increasingly international and organized, making it difficult to combat. However, the cybersecurity yearbook also highlights several success stories from the past year. Estonian police played a key role in Operation PhishOFF, an international law enforcement effort that dismantled a phishing platform with nearly one million victims. Additionally, the Estonian Internal Security Service (ISS) and the Central Criminal Police identified three Russian military intelligence officers behind cyberattacks targeting Estonian state institutions.

There were 637 service disruptions recorded last year. Many were caused not by malicious attacks but by device failures, software bugs, or update errors. RIA emphasizes the importance of software updates, as 2023 set a record for discovered security vulnerabilities, exceeding 40,000. Thanks to technological advancements, attackers are exploiting vulnerabilities faster than ever.

CERT-EE continuously scans Estonia's cyberspace for vulnerable systems. In 2023, it sent notifications to 2,427 website and device owners about security risks, while last year, that number rose to 7,955. The majority of alerts, 2,462, concerned vulnerabilities in the Wordpress content management system and its plugins, while 263 involved the Magento e-commerce platform.

Among politically motivated cyberattacks, distributed denial-of-service (DDoS) attacks remain the most prominent in Estonia. These attacks flood state institutions and businesses with excessive traffic to disrupt their online services. The number of such attacks surged following Russia's full-scale invasion of Ukraine, from 75 incidents in 2021 to 580 in 2024.

In previous years, Estonian government and corporate web servers hosting e-services were the primary targets of DDoS attacks. However, last year, name servers, which help users access websites, became a key target. Fortunately, Estonia has improved its defenses, reducing the impact of such attacks. Even when successful, most disruptions result only in slower services or brief outages.

The doubling of data breaches is an alarming trend. A total of 68 breaches were recorded last year, with the most significant involving the theft of data from nearly 700,000 customers of Apotheka, Apotheka Beauty, and Pet City. Data breaches pose a significant risk, as stolen information can be exploited for future cyberattacks, phishing scams, and fraud.

Other topics covered in the yearbook include cybersecurity in Estonian schools, RIA's efforts to improve public cyber awareness, EU cybersecurity initiatives, developments in e-voting, and much more.

The full cybersecurity yearbook is available in Estonian on the RIA website for reading and download.