“Last year will go down in history as the year of security vulnerabilities, wherein in the race against time and criminals, we had to learn some painful lessons. However, all experiences are useful and must be shared,” says Gert Auväärt, Director of the Cyber Security Branch of the Information System Authority (RIA) in the latest yearbook published by the Information System Authority titled Cyber Security in Estonia 2022.
The Information System Authority (RIA) is the government office that coordinates the development, implementation, and administration of the state’s IT infrastructures, ensures the interoperability of the information system across the public and private sectors, manages the nation’s cyber security realm and organises related activities.
Cyber Security in Estonia 2022 focuses on Estonia and international cyberspace’s cyber failures, wins, lessons, and 2022 to-comes.
The year of vulnerabilities
While the Information System Authority believes that 2022 would be a grand sequel to 2021 in terms of cyber vulnerabilities, 2021 earned itself the title of ‘the year of major security vulnerabilities.’ Aside from the year coming to an end with the global ‘IT earthquake’ – the Log4j zero-day vulnerability, which’s dreadful impact remains to be seen, Estonia also had its fair share of in-state cyber warfare.
Leading the pack of major cyber security incidents that shook Estonia was the RIA’s security vulnerability that gave an Estonia-based attacker the opportunity to illegally download nearly 300,000 document photos from the identity documents’ database. The incident was quickly detected, and the security vulnerability was patched. Thankfully, with the swift cooperation between the police, CERT-EE, and the Prosecutor’s Office, the criminal was caught within a few days, and the downloaded data was confiscated. This is one of the 2,237 incidents with an impact that rocked Estonia’s cyberspace in 2021.
Incidents and notifications in 2021
73,826 automated security vulnerability notifications were received in 2021 compared to 55,635 in 2020. Of the 2,237 incidents with impact in 2021, Denial-of-Service attacks held the top position with 47 incidents, while data leaks followed closely behind with 43 incidents. There were also 30 documented ransomware-related cases, lower than the 2020s 33 incidents. Phishing had the highest number of incidents with 775 recorded cases, increasing from 711 in 2020. It is noted that the number of notifications for phishing is much higher.
- Incidents with an impact – 2,237
- Automated security vulnerability notifications – 73,826
- Automated infection notifications – 14,332
- Number of reports – 20,077
Bounty for white-hat hackers
Given the illegal downloading of document photos and similar incidents stemming from security vulnerabilities, the Information System Authority is now working on a model that would allow state agencies to work with good hackers and reward them for discovering potential vulnerabilities. Similar strategies are already being used in several countries, including the US, the United Kingdom, France, and Finland.
“The state alone cannot identify all the bottlenecks in our e-state, so cooperation with the community is essential,” says Gert. However, the reward will only be paid if the hackers follow the stipulated rules and regulations. The first successful contract with an expert white-hat hacker is hoped to be perfected this spring.
2.8 million euros lost to fraudsters
The Information System Authority made it known that there was a 20% increase in financial fraud reports from the previous year in which Estonian people and companies lost money. This happens only to be a minimal figure since victims primarily reported to the police. According to the police, within the first ten months of 2021, 2.8 million euros was lost this way. The most common frauds:
- Cryptocurrency fraud – ranging from a few hundred euros to almost 100,000 euros
- Invoice fraud – largest known amount lost was 35,000 euros
- Investment fraud through dating apps
- Phishing and phone call scams
The year’s two major invoice frauds involving several million euros and 900,000 euros were thankfully intercepted due to appropriate protection measures and staff awareness. Seeing as cryptocurrency is fast becoming a popular fraud medium, a bill regulating the field in Estonia is now expected to be approved this spring.
Ransomware attacks in Estonia and the international cyberspace
Reported ransomware attacks reduced from 33 incidents in 2020 to 30 in 2021. While this might seem like a relatively low figure, it should not be taken with levity given the severity of the impact of most ransomware attacks and the fact that they almost always result in huge losses.
Meanwhile, globally, ransomware has now become a cyber epidemic. On May 7, 2021, US energy company Colonial Pipeline, whose 9,000-kilometre pipeline is used to transport nearly half of the fuel used on the entire east coast of the United States, suffered ransomware cyberattack instigated by the Russia-linked cybercrime group DarkSide. This led to the pipeline being shut down for almost a week, crippling fuel delivery and causing severe fuel shortage. Colonial Pipeline was forced to pay a 75 bitcoins (4.4 million dollars) ransom to restore the systems.
The US Federal Bureau of Investigation (FBI) later managed to recover 2.3 million dollars of the sum paid to the criminals. JBS, the largest meat processor in the world, software company Kaseya, and the Irish healthcare system, also experienced similar operation-crippling ransomware attacks.
How to stay protected against ransomware attacks
The Information System Authority suggests that prevention is always better. Here are some rules they gave to prevent getting infected with malware and mitigate the consequences:
- Use the latest software version and make sure all updates are installed,
- Make regular backups,
- Restrict the rights of system users,
- Train your employees on cyber threats
In the instance of falling victim, RIA advises not to pay the criminals as it motivates them to continue their criminal activities. Also, the ransom payment does not guarantee the release or return of the systems or data. Finally, the RIA wants you to know that “if you fall victim to a ransomware attack, let us know at firstname.lastname@example.org.”
Estonia’s ever-improving cyberspace
According to RIA, it seems Estonia’s size, the state’s language environment, and the steady improvement of the people’s cyber hygiene contribute a great deal to the country’s relatively low ransomware attacks compared with other countries’ quite substantial incidents. Notably, data from Statistics Estonia show a significant improvement in the level of cyber hygiene of the Estonian population in the last three years across all age groups.
Estonia remains the only country in the world where nationwide internet voting is possible. During 2021’s local elections, 46.9% of all votes cast were i-voting compared to 31.7% in 2017. Alongside the i-voting, votes were also cast on paper, counted by hand, stored in information systems, and transmitted to the public digitally. While there were some functional errors, no malicious activity that could have impacted the elections and results was identified.
Local and international cyberspace 2022: what to expect
- More critical vulnerabilities to be revealed stemming from Log4j’s zero-day vulnerability
- Preparation for possible incidents caused by Estonia’s legacy systems
- Continuous tussles with people who always fail to patch vulnerabilities swiftly
- Phishing to remain dominant
- Ransomware epidemic to continue raging
- RIA’s response speed and capacity to increase
You can read the latest yearbook published by the Information System Authority titled Cyber Security in Estonia 2022 here.
Co-author and postgraduate student