The year 2022 is considered the most challenging cyber threat-wise and most intensive in the history of Cert.lv IT security incident prevention institution, as confirmed by representatives.
Last year the number of incidents registered and processesed by Cert.lv increased by 40% when compared with 2021.
Cert.lv also reports that efforts to study state IT infrastructure for vulnerabilities has increased seven times and the total number of cyber attacks has quadrupled.
In most cases Russia was the source of these cyber threats. The biggest and most tangible activities of Russian aggressive regime’s supporting ‘hacktivists’ were DDoS attacks. The most serious of them were performed on state information systems and critical infrastructure. Attacks were performed in attempts to acquire information to secure political, military or economic advantages and to prepare future cyber attacks.
Russia’s aggressive war in Ukraine has undeniably demonstrated attempts to employ cyber operations not only for information acquisition purposes, but also to support military operations. Increased activity of cyber attackers was observed even before Russia’s invasion of Ukraine. This takes the shape of information acquisition attempts by performing data-mining of Latvia’s IT resources. As the war in Ukraine started, there was also an increase of attempts to hack Latvia’s infrastructure. In May these attacks were expanded by DDoS attacks.
In response to society’s and politicians’ invitation to demolish the Soviet victory monument in Victory Park, Killnet and other aggressive hacktivist groups supporting Russia intensified DDoS attacks on Latvia’s infrastructure.
Those expansive, these attacks were classified as hooliganism and failed to cause any tangible harm.
Some exceptions included organisations that are not usually the targets for DDoS attacks. Their protection and readiness to oppose such attacks is generally low. This includes, for example, Ziedot.lv platform, which helped gather funding for the demolition of the monument in Victory Park and gather donatins for support of Ukraine.
IT resources of state institutions and critical infrastructure generally have high protection. Latvian State Radio and Television Centre, Tet LLC and Cert.lv cooperate to oppose DDoS attacks. Successful coordinatin of the defence strategy helps prepare infrastructure to deflect such attacks.
In the closing months of 2022 Russian cyber activists expanded DDoS attacks with reports about hacked websites and leaked data posted on various Telegram channels. Published information attracted residents’ attention, but only one of the publicly mentioned attacks was successful (on the e-mail account of the State Labour Inspectorate). In other cases, the leaked information was nothing more than publicly accessible documents.
In parallel to DDoS attacks in Latvia’s cyber space were carroed out as part of various cyber operations by Russian security services – Whispergate, Ghostwriter, Gamaredon and Turla. Attackers organised targeted phishing attacks with text appropriately prepared for the recipient, as well as attacks on supply chains targeting providers of public administration and critical infrastructure companies. Additionally there were various disinformation campaigns and other information influence operations against Latvia.
In certain cases cyber attacks were successful. The reason for success was not use of complex attacks, rather the fact that the targets had not installed updates, or the network had unsafely configured systems and terminals forgotten by the service provider. This once again proves that attackers mostly focus on easy targets. It also provies that Latvia needs to do more to become a tough nut to crack for the aggressor, notes Cert.lv.
In 2022 there were also five cases in which IT solution companies were compromised.
In most cases attackers succeeded because companies did not follow proper IT security practices.
Superficial attitude was also observed in relation to customer security – for the sake of convenience, companies often ignor security principles in customer infrastructure, creating loopholes in protection.
Among the compromised companies were those who were issued security audit reports. Considering that those companies had ignored security practices, which compromised their security, Cert.lv has concluded that auditors did their job superficially or improperly by not including practical tests in the process.
To prevent risks caused by these problems, state critical infrastructure and defence procurements have to be provided with a framework that makes it possible to check the service provider’s employed security processes.
Although the war in Ukraine has largely overshadowed scams in Latvia’s cyber space, they have not ceased entirely. There was a resurgence observed in May, for example. Attackers interested in profit focussed mostly on businesses. Similarly to previous years, there was wave-like activity of scammers observed. This activity was focussed on scamming residents and stealing money from them.
Cert.lv notes that under the current geopolitical conditions, it is important to keep in mind that Latva remains a target for cyber attacks from Russia, Belarus, and, to a lesser degree, from China.
Also read: Latvians invited to use free software tool to protect against cyber threats