Accessibility

Press release: The new yearbook introduces the work of RIA and the events of 2019 in Estonian cyberspace

The yearbook describes the role of the departments of the Information System Authority (RIA) in the e-state and gives an overview of cyber incidents of 2019 in Estonia.

INFORMATION SYSTEM AUTHORITY
Press release
8 May 2020

The new yearbook introduces the work of RIA and the events of 2019 in Estonian cyberspace

The yearbook describes the role of the departments of the Information System Authority (RIA) in the e-state and gives an overview of cyber incidents of 2019 in Estonia.

‘Last year was full of changes for the Information System Authority. A large part of our management changed, creating an essentially new mindset for the authority. New people mean new ideas and new directions to boost the e-state. So far, our annual summaries have focused on cybersecurity, but in the new book, we cover all of RIA’s areas of activity and the authority’s future plans as well as discuss cyber attacks and prevention thereof,’ said Margus Noormaa, Director General of RIA.

The book introduces the current and future tasks of RIA’s departments. ‘In cooperation with the Ministry of Social Affairs and other partners, RIA is developing a consent service that would open up the Estonian data economy and provide momentum for personal medicine,’ Noormaa brought an example. Among other things, the book features information about the state network, DigiDoc4 software, protection of critical information infrastructure, and CERT-EE.

In the Estonian cyberspace, 2019 was the year of phishing, as the frequency of phishing data from users and the number of websites created for this purpose doubled. Last year, RIA’s Incident Response Department (CERT-EE) received almost 25,000 notifications of cyber incidents. More than 3,000 among those caused disruptions in the confidentiality, integrity, or availability of information or systems.

The yearbook of the Information System Authority is available on RIA’s website. Excerpts from the yearbook on cybersecurity (starting from page 32):

Stolen account data

In addition to phishing letters and sites created to steal money, phishing campaigns that stole account data also did a lot of damage. A simple e-mail that warns you that your mailbox is full or asks you to change your password can, at first glance, give criminals easy access to your personal messages and the ability to spread their phishing e-mails further. However, there is often a long-term plan behind such account data breaches – to look up the agency’s business partners in the e-mails, to intervene in e-mail conversations, and to send an e-mail at the right time stating that the bank account for payment has changed. Last year, we repeatedly saw phishing scams that could be prevented with multi-level authentication. Employees from local governments, at least three of Estonia’s largest universities, hospitals, as well as smaller institutions such as a fuel company and a road maintenance company have fallen victim to such phishing. Eliminating the consequences of incidents and determining the extent of information leaks is often complicated by the fact that information security teams (if there are any) or service providers do not have enough logs to determine which e-mail accounts were compromised and to what extent. Proper management of logs is essential if the authority is to understand what type of information has been stolen.

Bec schemes are waiting for new data

The biggest impact in 2018 was caused by financial fraud initiated through compromised e-mail accounts (business e-mail compromise or BEC schemes), which caused at least 600,000 euros in damage to Estonian companies. In 2019, we also paid attention to these incidents, but fortunately we learned about significantly less damage. As far as we know, the largest amount transferred to the wrong bank account due to fraud was 112,000 euros. That time, the company recovered the lost amount thanks to cooperation between banks. It is important to note that BEC schemes can affect anyone and any Estonian company cooperating with a foreign partner may lose data (and then money) as a result of phishing account data.

In most cases, the victims were importers of certain products (tools, tyre products, industrial equipment, medical equipment, etc.) and the amounts lost ranged from 1,000 euros to 70,000 euros. However, we have also heard of several cases that were discovered by attentive accountants or managers and where no damage was suffered. We were also informed of situations where foreign business partners of Estonian companies suffered losses due to similar schemes. Therefore, it is important that Estonian companies that have managed to avoid the account data leakage incident also inform their foreign partners, who may become the next target of fraudsters.

Significant service interruptions

In 2019, we wrote in the Cybersecurity Yearbook: ‘Maintaining cybersecurity in Estonia requires constant effort and vigilance from business and government leaders. Updates and security standards are important and it is also vital to invest time and money in updates and standards. To avoid significant cyber incidents in the future, this work needs to be done.’ In 2019, we saw significant service interruptions that could have had a far-reaching impact on the people of Estonia: a software error left the Emergency Response Centre’s phones silent for 20 minutes in September; due to the unnoticed breakage of the state network cables, the digital prescription and the state portal were inaccessible for hours in November; then, the digital prescription was again inaccessible in December due to the maintenance of aging systems. The transfer of Mobile-ID to new systems cut off this method of authentication and signing for 24 hours in May; the population register, the national authentication service, the new version of X-tee, etc. also suffered failures. The Estonian people are so used to digital services that it is necessary to invest in their availability, check the continuity of operations, test systems, improve procedures, and test again. Service interruptions in 2019 were mostly caused by human error, administrative errors, or natural causes, but vulnerable systems can also fail due to malicious people and threats with public connections who do not care about our safety or health.



Keep reading similar articles
EU CyberNet Summer School 2024 in Review: Advancing Cybersecurity

The EU CyberNet Summer School 2024, held in Lisbon, focused on enhancing the cybersecurity capabilities of experts. Over three days, participants engaged in intensive discussions, hands-on exercises, and collaborative activities aimed at strengthening the resilience of critical infrastructures, with a particular emphasis on the maritime sector.

EU CyberNet External Cyber Capacity Building training

On 26-28 April, EU CyberNet held its EU External Cyber Capacity Building training for the Western Balkans, Eastern Partnership and Southern Neighbourhood delegations in Istanbul.

By Lauri Aasmann, Training and Services Lead, EU CyberNet
Press release: RIA has published a comprehensive compendium “Cyber Security in Estonia 2020”

The Estonian Information System Authority (RIA) has compiled a comprehensive overview of cyber security in Estonia.

Information System Authority / By Seiko Kuik, Press Officer, Estonian Information System Authority
EU CyberNet Highlights the Importance of Integrating Artificial Intelligence into National Cybersecurity Strategies

EU CyberNet Director Liina Areng and LAC4 Policy Expert César Moliné Rodríguez participated this week at the GFCE LAC Regional Meeting and GFCE Annual Meeting 2024. The GFCE LAC Regional Meeting was focusing this year on the identification of cyber capacity building needs in relation to the adoption of new technologies and AI.

Participants’ Reflection on Their Experience at the EU CyberNet Summer School 2024

The EU CyberNet Summer School 2024, held in Lisbon from 21st to 23rd August 2024, brought together a diverse group of cybersecurity professionals, each with unique motivations and insights. As they reflect on their experiences, they take stock on their drive to enhance their knowledge, the importance of being part of the EU CyberNet Expert Pool and their views on the most pressing issues in cybersecurity today.

EU CyberNet Summer School 2024 Day 3 Wrap-Up: Hands-On Learning

The final day of the EU CyberNet Summer School 2024 was focusing on the cybersecurity challenges specific to the maritime sector and putting theory in practice with a deeper understanding of the strategies needed to protect critical infrastructures against evolving cyber threats.