Estonia saw a record number of cyber attacks in 2022

Article content

The Estonian Information System Authority (RIA) recently released its annual report on Estonia’s cyber security. The report provides an overview of Estonia’s escalating cyber threats in 2022, including those from malicious state actors. To conclude –  huge steps have been taken to strengthen cyber defences, but more must be done to protect Estonia’s digital infrastructure. As Gert Auväärt, the Director of Cyber Security of RIA, emphasises in the foreword, cyber security is unachievable without the awareness and action of all organisations and individuals.

4 times the DoS

The report revealed that even though there were no attacks with more serious consequences on Estonia’s services and systems, it is not because criminals did not make attempts. Because they, in fact, did. 2022 was characterised by unprecedented denial-of-service (DoS) attacks, primarily carried out by pro-Kremlin hacktivists and groups.

27,115 reports were submitted to the Computer Emergency Response Team (CERT-EE), a unit of RIA, of which 2,672 were incidents with impact. The waves of the DoS attacks were the likes of which had not been seen before. There were 302 DoS attacks, a fourfold increase compared to the previous year. Not surprisingly, according to Cloudflare, Estonia ranked seventh globally for application layer denial-of-service attacks in Q2 2022.

The report noted that the favourite targets of the attackers were, as expected, state systems and portals such as,,,,, and However, learning institutions, the transport sector and media companies were not left out.

Ukraine: A gallant warrior

As the report highlights, “on 24 February 2022, Russia launched a full-scale war against Ukraine. In addition to kinetic warfare, Ukrainian governmental authorities, critical infrastructure, local governments, the security and defence sector, and companies were also targeted in cyberspace.”

Among others, the Russian military intelligence launched a cyber attack against the KA-SAT satellite, which disrupted satellite communications not only in Ukraine but also in France, Germany, Italy, and Poland. The Ukrainian energy sector was equally targeted with a malware called Industroyer2 designed to attack industrial control systems. At the same time, friends and supporters of Ukraine, including Estonia, became targets of attacks.

However, it was noted that Ukraine maintains its critical services despite Russia’s cyber attacks. And thanks to the resilience and help from allies, the nation weathered over 4,500 cyber attacks in 2022 — compared to 800 in 2020—with minimal disruption.

Fewer ransomware attacks

While there was an increase in ransomware attacks in most other parts of the world, the case was different for Estonia. The number of ransomware attacks on Estonian organisations and individuals decreased from 30 in 2021 to 21 in 2022. However, these attacks were no less dangerous. 

Though most victims had backups of their data, ransomware disrupted operations, recovery was difficult and time-consuming, and the costs of downtime and interrupted customer service were significant. In several cases, attackers gained access via improperly secured remote desktop protocol (RDP) connections. Likewise, weak passwords and other poor cyber hygiene practices further provided easy access.

To defend against ransomware, CERT-EE recommends:

  • Not paying ransoms, as this encourages attacks and does not guarantee data recovery
  • Reporting attacks to CERT-EE for help responding
  • Following cyber security basics like using strong passwords, enabling two-factor authentication, limiting RDP access, patching software, and monitoring systems

Bolstering defences

For better protection against attacks, to prevent threats, to improve its monitoring capabilities, and to respond swiftly when the need arises, RIA implemented several initiatives, introduced additional layers of protection to state systems, developed innovative tools, and developed innovative tools and upgraded existing ones. Below are some of them.

  • Red Team

To identify and address vulnerabilities before criminals exploit them, CERT-EE established a ‘Red Team.’ The team regularly challenges and tries to break through the security of the Information System Authority, which CERT-EE is part of. This ‘continuous red teaming’ (CRT) helps the Authority strengthen its defences, and plans are ongoing to extend the service to other government agencies.

  • IT-consciousness campaigns

RIA ran two major cyber security awareness and hygiene campaigns. The summer campaign targeted Russian speakers, airing a radio show and launching complementary outreach. Nearly 45,000 listeners tuned in weekly, and over 90% of the target audience saw campaign materials.

The Kontrolli üle! (Check Again!) campaign ran in the autumn and reached nearly 80% of Estonians via TV, radio, print, and online ads. And the Authority intends to continue awareness-raising initiatives well-tailored to diverse groups. 

  • E-learning and testing platform

The Information System Authority is set to launch a new cyber security e-learning platform and test for public sector employees. The platform aims to strengthen cyber hygiene by covering major topics like phishing, scams, Wi-Fi security, and real-life examples of cyber threats. After completing the course, users take a test and receive feedback on their test results, which will be used to build tailed cyber security awareness training that suits the employees’ needs. 

  • The enforcement of E-ITS

Estonia’s new cyber security standard, E-ITS, took effect in January and is required of about 3,500 Estonian organisations. It aims to improve cyber security by compelling a wider range of public and private sector entities to map assets and risks, implement stronger safeguards and adopt concrete preparation and response measures in case of cyber attacks.

  • A unique cyber reserve

Also, a national cyber reserve which brings together competent IT experts voluntarily was established in 2022 to respond to major cyber incidents in the event of such. The first exercise of the reserve was resolving a simulated ransomware attack on Estonia’s largest hospital.

By underscoring the seriousness of cyber threats and detailing defences in place and still needed, RIA’s Cyber Security in Estonia 2023 report is a call to action. Cyber security depends on the awareness and actions of all — and remains vital to ensuring Estonia’s freedom, independence, and security, especially in the current times. 


Visit us physically or virtually

We host impactful events both in our centre and online for government institutions, companies, and media. You’ll get an overview of e-Estonia’s best practices and build links to leading IT-service providers and state experts to support your digitalisation plans.

Questions? Have a chat with us.

Call us: +372 6273157 (Monday to Friday, 9:00-16:30 Estonian time)
Regarding e-Residency, visit their official webpage.

Find us

The Briefing Centre is conveniently located just a 2-minute drive from the airport and 15- to 20-minute drive from the city centre.

You will find us on the ground floor of Valukoja 8, at the central entrance behind the statue of Mr Ernst Julius Öpik. We will meet the delegation at the building’s reception. Kindly note that a booking is required to visit us.

Valukoja 8
11415 Tallinn, Estonia