Press release: The new yearbook introduces the work of RIA and the events of 2019 in Estonian cyberspace

The yearbook describes the role of the departments of the Information System Authority (RIA) in the e-state and gives an overview of cyber incidents of 2019 in Estonia.

Press release
8 May 2020

The new yearbook introduces the work of RIA and the events of 2019 in Estonian cyberspace

The yearbook describes the role of the departments of the Information System Authority (RIA) in the e-state and gives an overview of cyber incidents of 2019 in Estonia.

‘Last year was full of changes for the Information System Authority. A large part of our management changed, creating an essentially new mindset for the authority. New people mean new ideas and new directions to boost the e-state. So far, our annual summaries have focused on cybersecurity, but in the new book, we cover all of RIA’s areas of activity and the authority’s future plans as well as discuss cyber attacks and prevention thereof,’ said Margus Noormaa, Director General of RIA.

The book introduces the current and future tasks of RIA’s departments. ‘In cooperation with the Ministry of Social Affairs and other partners, RIA is developing a consent service that would open up the Estonian data economy and provide momentum for personal medicine,’ Noormaa brought an example. Among other things, the book features information about the state network, DigiDoc4 software, protection of critical information infrastructure, and CERT-EE.

In the Estonian cyberspace, 2019 was the year of phishing, as the frequency of phishing data from users and the number of websites created for this purpose doubled. Last year, RIA’s Incident Response Department (CERT-EE) received almost 25,000 notifications of cyber incidents. More than 3,000 among those caused disruptions in the confidentiality, integrity, or availability of information or systems.

The yearbook of the Information System Authority is available on RIA’s website. Excerpts from the yearbook on cybersecurity (starting from page 32):

Stolen account data

In addition to phishing letters and sites created to steal money, phishing campaigns that stole account data also did a lot of damage. A simple e-mail that warns you that your mailbox is full or asks you to change your password can, at first glance, give criminals easy access to your personal messages and the ability to spread their phishing e-mails further. However, there is often a long-term plan behind such account data breaches – to look up the agency’s business partners in the e-mails, to intervene in e-mail conversations, and to send an e-mail at the right time stating that the bank account for payment has changed. Last year, we repeatedly saw phishing scams that could be prevented with multi-level authentication. Employees from local governments, at least three of Estonia’s largest universities, hospitals, as well as smaller institutions such as a fuel company and a road maintenance company have fallen victim to such phishing. Eliminating the consequences of incidents and determining the extent of information leaks is often complicated by the fact that information security teams (if there are any) or service providers do not have enough logs to determine which e-mail accounts were compromised and to what extent. Proper management of logs is essential if the authority is to understand what type of information has been stolen.

Bec schemes are waiting for new data

The biggest impact in 2018 was caused by financial fraud initiated through compromised e-mail accounts (business e-mail compromise or BEC schemes), which caused at least 600,000 euros in damage to Estonian companies. In 2019, we also paid attention to these incidents, but fortunately we learned about significantly less damage. As far as we know, the largest amount transferred to the wrong bank account due to fraud was 112,000 euros. That time, the company recovered the lost amount thanks to cooperation between banks. It is important to note that BEC schemes can affect anyone and any Estonian company cooperating with a foreign partner may lose data (and then money) as a result of phishing account data.

In most cases, the victims were importers of certain products (tools, tyre products, industrial equipment, medical equipment, etc.) and the amounts lost ranged from 1,000 euros to 70,000 euros. However, we have also heard of several cases that were discovered by attentive accountants or managers and where no damage was suffered. We were also informed of situations where foreign business partners of Estonian companies suffered losses due to similar schemes. Therefore, it is important that Estonian companies that have managed to avoid the account data leakage incident also inform their foreign partners, who may become the next target of fraudsters.

Significant service interruptions

In 2019, we wrote in the Cybersecurity Yearbook: ‘Maintaining cybersecurity in Estonia requires constant effort and vigilance from business and government leaders. Updates and security standards are important and it is also vital to invest time and money in updates and standards. To avoid significant cyber incidents in the future, this work needs to be done.’ In 2019, we saw significant service interruptions that could have had a far-reaching impact on the people of Estonia: a software error left the Emergency Response Centre’s phones silent for 20 minutes in September; due to the unnoticed breakage of the state network cables, the digital prescription and the state portal were inaccessible for hours in November; then, the digital prescription was again inaccessible in December due to the maintenance of aging systems. The transfer of Mobile-ID to new systems cut off this method of authentication and signing for 24 hours in May; the population register, the national authentication service, the new version of X-tee, etc. also suffered failures. The Estonian people are so used to digital services that it is necessary to invest in their availability, check the continuity of operations, test systems, improve procedures, and test again. Service interruptions in 2019 were mostly caused by human error, administrative errors, or natural causes, but vulnerable systems can also fail due to malicious people and threats with public connections who do not care about our safety or health.

Keep reading similar articles
Press release: RIA has published a comprehensive compendium “Cyber Security in Estonia 2020”

The Estonian Information System Authority (RIA) has compiled a comprehensive overview of cyber security in Estonia.

Information System Authority / By Seiko Kuik, Press Officer, Estonian Information System Authority
EU CyberNet Club Special – French EU Presidency

On 6 January 2022, EU CyberNet introduced a new event series – EU CyberNet Club Special, which looks at upcoming Council of the European Union Presidencies every six months.

By Silja-Madli Ossip, Policy Officer, EU CyberNet
The second EU CyberNet Annual Conference studied the implications of Building Cyber Capacities in the Digital Decade

The second EU CyberNet Annual Conference: Building Cyber Capacities in the Digital Decade took place on 28 October as a hybrid event at The EGG Brussels with a transmission to a Europe-wide audience. The conference took stock of and reflected on the implications of the various developments in EU cyber capacity building while bridging cybersecurity and digitalisation.

By EU CyberNet team
EU CyberNet in collaboration with the Organization of American States (OAS) is assisting Costa Rica and Jamaica in defining cyber threats against critical national infrastructure

EU CyberNet in collaboration with the Organization of American States (OAS) is assisting Costa Rica and Jamaica in defining cyber threats against critical national infrastructure as part of the larger effort by these countries to review and implement their National Cyber Security Strategies.

By Liina Areng, Regional Programme Lead, EU CyberNet
EU CyberNet work in Dominican Republic, first national cybersecurity exercise “Cyber llamas”

EU CyberNet participates in the first national cyber exercise of Dominican Republic “Cyber llamas” and our Advisory Group visits the site of future Latin America and the Caribbean Cyber Competence Centre in the framework of a feasibility study.

By Liina Areng, Regional Programme Lead, EU CyberNet
EU Member States welcome the implementation of EU CyberNet: Council Conclusions on EU’s Cybersecurity Strategy for the Digital Decade

The Council of the EU welcomes in its Conclusions the establishment and implementation of the EU CyberNet in order to increase cyber resilience and capacities worldwide. The Conclusions provide guidance to support partner countries in tackling the growing challenge of malicious cyber activities.

By EU CyberNet team