Russia was the source of most cyber threats last year

  • 2024-02-20
  • LETA/TBT Staff

RIGA - Last year, the situation in Latvian cyberspace continued to remain stable and the intensity of attacks, similarly to the previous year, was variable - they were carried out in waves, and in most cases the source of the cyber threat was Russia, the Constitutional Protection Bureau (SAB) pointed out in its annual activity report for last year.

At the individual level, the most common are various financial schemes, hacking of users' social network accounts to gain control over them, and attempts to defraud by sending email or SMS invitations to open links or attachments to obtain users' private information or access to their accounts. Messages are sent on behalf of public authorities, couriers and streaming service providers.

Often, people are defrauded because the fraudsters' schemes appear plausible, including websites designed to spoof access data that look very similar to their originals, according to the SAB.

As in the past, attempts by fraudsters to communicate with senior government officials have also been detected, this time with the Prime Minister of Latvia.

Such manipulative activities have been taking place regularly recently and are directed not specifically against Latvia, but against European countries in general. This is one of the ways in which Russia is expanding its foreign policy activities by discrediting representatives of other countries, the report says.

Within its competence, the SAB regularly informs and warns senior government officials of these risks.

Manipulative measures are mostly of a high quality and targeted, so that sometimes the crooks succeed in achieving them. By receiving early information about suspicious attempts to communicate with senior public officials, the SAB can provide support in such situations.

Assuming that the likelihood of encounters with various manipulative activities, the SAB urges people to be vigilant to avoid them as much as possible.

In the Latvian cyberspace, the regular activities of hacktivists supporting Russia's aggressive policies continued, and in the past period, denial of service (DDoS) attacks targeting state institutions, critical state infrastructure, including financial, transport and communications institutions, as well as various companies, were carried out with varying intensity. Observation of DDoS attacks shows that even if the number of attacks has decreased at times, the intensity of attacks has increased.

In general, they have been successfully repelled and have not caused any lasting disruption to the operation of exposed systems.

Over the past period, there has been a trend towards more and more cyber actors in unfriendly countries using private devices such as Wi-Fi access and Internet of Things (IoT) devices to carry out attacks. In addition to cyber-attacks on state industrial facilities and public institutions, individuals themselves can also be harmed by gaining access to their bank accounts and the like.

To minimise such risks, it is advisable to change default passwords and install regular updates.

The trend towards cyber-attacks against software development companies has also been documented. By gaining access to the computer networks of these companies, attackers further try to gain access to the computer networks of their customers, as these companies often have access to these as well. IT companies need to pay close attention to their computer networks, regularly update software and remove unnecessary servers.

In turn, customers should ensure that IT companies can only access certain servers that are not connected to the institution's overall computer network. Two-factor authentication should be introduced as far as possible.

It was concluded that research should be carried out before attacks to look for weaknesses in the digital victim. Well-protected systems are less likely to be attacked as it is more time-consuming. In Latvia, internet users are encouraged to use the DNS Firewall developed by and as a free active protection tool, where fraudulent links are quickly added.