A year of advanced threats and global tensions: Estonia’s cybersecurity scene in 2023

Article content

Last year, Estonia’s cybersecurity scene was heavily tested, with the Estonian State Information Authority (RIA) documenting 3,314 cyber incidents that impacted their annual assessment. The report details the growing complexity of threats Estonia faces, including an uptick in DDoS attacks and sophisticated phishing efforts, while reflecting on the nation’s ongoing efforts to bolster its cyber defences.


A year of unrelenting cyber storms

2023 witnessed an alarming surge in Distributed Denial-of-Service (DDoS) attacks, with Estonia grappling with a staggering 484 incidents – 182 more than the previous year. These attacks aimed to cripple critical digital services by flooding servers with excessive requests. A notable case targeted Ridango, disrupting the state-owned Elron train service’s ticket sales system for nearly a day.

Ransomware attacks also emerged as a grave concern, targeting diverse sectors, from healthcare to manufacturing. The Asper Biogene data breach was a particularly high-profile incident where the medical and personal data of approximately 10,000 individuals was compromised. This breach occurred when attackers, exploiting weaknesses in cyber hygiene, illegally accessed and downloaded sensitive information from the genetic testing company’s systems.

Global tensions ripple through cyberspace.

Exacerbating the cyber threats faced by the nation were the ripple effects of global crises, including Russia’s aggression in Ukraine and the Hamas-Israel military conflict. As Gert Auväärt, RIA’s Director of Cyber Security, stated, “Besides Russia’s continuing aggression in Ukraine, 2023 brought an outbreak and escalation of the military conflict between Hamas and Israel. We saw – and will continue to witness – a growth in ideological ‘hacktivism’ expressed in denial-of-service attacks against the government, financial, transport, and media sectors.”

Among others, one incident points to the far-reaching impact of these global tensions. In November, as Estonia grappled with a cold snap, cyberattacks targeting Israeli-made heating controllers disrupted the Estonian district heating network, demonstrating the vulnerability of local infrastructure to digital threats from distant conflicts.

Furthermore, the cyber threats of 2023 exhibited an advanced level of sophistication. For one, DDoS attackers engaged in dual-phase operations, initially probing defences with short attacks followed by more aggressive and sustained assaults. Many of which were, again, politically motivated, linked to Estonia’s support for Ukraine and the imposition of sanctions against Russia.

8.3M euros lost to fraud

The report also revealed a sharp increase in cyber fraud, inflicting financial damages of at least 8.3 million euros, with telephone fraud alone accounting for 3 million euros. This uptick signalled a strategic shift in cybercriminal tactics targeting individuals and corporate organisations. Prevalent schemes included sophisticated phishing emails, deceptive calls pretending to be from trusted authorities, and complex Business Email Compromise (BEC) attacks.

Meanwhile, cybercrime has transitioned from bare, deceptive acts to highly organised, sophisticated operations. Using cutting-edge technologies like AI and machine learning, criminals fine-tuned traditional fraudulent methods while innovating new strategies to exploit their targets effectively. The rise of BEC schemes further complicated the threat scene, where fraudsters executed carefully orchestrated plans to redirect corporate funds.

Proactive defence: Estonia’s cyber resilience strategy

Taking a proactive stance, Estonia reinforced its cybersecurity defences with several key initiatives. The RIA’s Red Team, established to test and enhance the security of information systems, engaged in sophisticated simulations, including phishing emails and physical penetration testing, to uncover vulnerabilities within governmental and corporate infrastructures. This proactive approach proved critical in preempting potential cyberattacks and ensuring the resilience of vital services.

Likewise, the RIA Red Team’s services were offered to government departments and companies aiming to fortify their cyber defences. Over the past year, the team conducted phishing attempts targeting more than 14,000 individuals across central and local government bodies and the private sector, revealing a 30% susceptibility rate among recipients. This, in turn, reiterated the need for continuous cybersecurity awareness and risk mitigation.

Complementing its security measures, Estonia launched comprehensive prevention campaigns to enhance cybersecurity awareness among businesses and the general populace. Additionally, implementing the Estonian Information Security Standard (E-ITS) across approximately 3,500 organisations highlighted a systematic approach to safeguarding the nation’s digital ecosystem.

The global cyber battlefield

As for the broader view, international cyberspace in 2023 was heavily influenced by geopolitical tensions, particularly Russia’s invasion of Ukraine and the escalating conflict between Israel and Hamas. These tensions manifested in a range of cyber activities, from state-sponsored groups engaging in espionage to widespread ransomware attacks disrupting critical infrastructure and businesses globally.

At the same time, the cybercrime scene continued to evolve, with financial motives driving sophisticated schemes like BEC attacks and ransomware campaigns. Notably, attacks on crypto trading platforms showcased the intersection of cybercrime and state funding, while hacktivism sparked DDoS attacks against various sectors in countries engaged in geopolitical disputes.

Ransomware attacks remained a significant threat, with the Lockbit group’s attack on the UK’s Royal Mail disrupting international mail services. At the same time, data breaches posed a serious concern, with T-Mobile admitting a leak affecting 37 million customers and the UK Electoral Commission’s data breach revealing the vulnerability of personal information.

The year, we also witnessed a collaborative international push to enhance cybersecurity measures, focusing on dismantling cyberespionage tools. Alongside these efforts, there was a unified movement toward strengthening cybersecurity protocols, which included restrictions on applications like TikTok on government devices.

Cyberspace in 2024

According to the report, the cyberspace scene in 2024 will be reshaped by two major forces: the pivotal role of artificial intelligence (AI) in cybersecurity and the enduring impact of geopolitical tensions on cyber activities.

AI is emerging as a double-edged sword, with its capabilities being harnessed by both defenders and adversaries. While security experts race to develop innovative AI-driven solutions to outsmart emerging threats, cybercriminals leverage AI to craft increasingly sophisticated cyber attacks.

Concurrently, the persistent geopolitical tensions between Russia and Ukraine, coupled with the escalating Israel-Hamas conflict, continue to cast a long shadow over the global cybersecurity domain. These crises are poised to influence cyber activities on a broader scale, with potential implications for high-stakes events like the European Parliament elections slated for June 2024.


Visit us physically or virtually

We host impactful events both in our centre and online for government institutions, companies, and media. You’ll get an overview of e-Estonia’s best practices and build links to leading IT-service providers and state experts to support your digitalisation plans.

Questions? Have a chat with us.

Call us: +372 6273157 (business hours only)

Find us

The Briefing Centre is conveniently located just 2 minutes drive from the airport and 10 to 15 minutes drive from the city centre.

You will find us on a ground floor of Valukoja 8, central entrance behind the statue of Mr Ernst Julius Öpik. Photo of the central entrance.

Valukoja 8
11415 Tallinn, Estonia