Cyber Security in Estonia 2024

February 2024

Strategies and Action Plans

Author: Estonian State Information Authority

The Cyber Security in Estonia 2024 report provides an extensive overview of Estonia’s cybersecurity landscape in 2024, focusing on emerging threats, key incidents from 2023, and ongoing efforts to enhance cyber resilience.

Cybersecurity landscape in Estonia (2024)

1. Increasing cyber threats and geopolitical impact

  • Cyberattacks have become more targeted and sophisticated, increasing the likelihood of success.
  • Estonia, due to its strong digital infrastructure, has prioritised cybersecurity as part of its national security strategy.
  • Russia’s war in Ukraine has significantly influenced Estonia’s cybersecurity landscape, as Estonia has been a major supporter of Ukraine.
  • Estonia experienced ideologically motivated attacks, including DDoS attacks linked to support for Ukraine and fake news spread from Russia.
  • In November, an attack on Israeli-made programmable logic controllers disrupted Estonia’s district heating network, showing the global spillover effect of conflicts.

2. Cyber threats and incidents in 2023

Estonia faced a wide range of cyber threats in 2023, including DDoS attacks, ransomware incidents, fraud, and data breaches.

a) Distributed Denial-of-Service (DDoS) Attacks
  • DDoS attacks hit record numbers in 2023, with 484 attacks registered, a 60% increase from 2022.
  • These attacks often coincided with political decisions, such as Estonia banning Russian cars or supporting Ukraine.
  • The attacks became more targeted and strategic, often occurring in two waves—first to test resilience, then a larger attack if successful.
  • A major DDoS attack in September disrupted train ticket sales systems, preventing online purchases and train payments for almost a day.
b) Data breaches and cyber incidents
  • Asper Biogene Data Leak: The personal and health data of 10,000 people was stolen in a ransomware attack. Attackers threatened to release the data unless a ransom was paid.
  • Mixed-Up Patient Data: Due to a software bug, nearly 600 medical records were misassigned, posing risks for incorrect diagnoses and treatments.
  • Higher Education Institution Hack: Data on students, including personal details and passport numbers, was stolen and put up for sale.
c) Ransomware attacks
  • Several large manufacturing companies were targeted by ransomware.
  • A major ransomware attack on two metal companies in Tallinn cost millions of euros in direct losses and lost revenue.
  • Attackers exploited vulnerabilities in outdated Microsoft Exchange Servers, using zero-day exploits and corrupting backups to maximise damage.
  • Some companies, unable to recover their data, paid the ransom despite risks of further extortion.
d) Business Email Compromise (BEC) and fraud
  • Estonia faced a surge in fraud, with criminals stealing at least €8.3 million from victims in 2023.
  • BEC schemes were particularly damaging, where hackers compromised corporate email accounts to send fake invoices or modify payment details.
  • In one case, a business lost €40,000 to a fraudulent invoice scheme.
  • Facebook Marketplace scams also rose, with criminals tricking sellers into entering their payment details on phishing sites.

3. Cybersecurity enhancements and measures

a) Government and public sector initiatives
  • Estonia’s State Information Authority (RIA) expanded its National Cyber Security Centre (NCSC-EE), increasing staff and resources.
  • The government launched Cyber4Dev, an EU-funded cybersecurity initiative that provided assistance to 26 countries.
  • Estonia’s i-voting system reached a milestone in 2023, with more online votes than paper ballots for the first time.
b) Cybersecurity awareness and education
  • Estonia launched the Cybertest platform, offering free cybersecurity training to both public and private organisations.
  • Over 15,000 people participated in cybersecurity training programs in 2023.
  • The government emphasised awareness campaigns to educate citizens and businesses on cybersecurity risks.
c) Regulatory and compliance measures
  • Estonia strengthened information security standards (E-ITS), now mandatory for 3,500 organisations.
  • CyberTransformation grants were introduced to help small and medium-sized enterprises improve their cybersecurity posture.
  • The Tallinn Mechanism was launched in December 2023 to coordinate international cyber assistance for Ukraine, involving Estonia and eight other nations.

4. Looking ahead to 2024

a) Predicted Threats
  • More sophisticated DDoS attacks, with increasing use of IoT devices to amplify their impact.
  • Increase in AI-driven cyber threats, including deepfake frauds and AI-generated phishing.
  • Cyber threats targeting Ukraine’s allies, including Estonia, are expected to rise.
  • Supply chain attacks will become more frequent, as cybercriminals use smaller companies as entry points to larger organisations.
b) Key kocus areas
  • Strengthening public-private cooperation in cybersecurity.
  • Increasing cyber resilience in critical infrastructure (e.g., healthcare, transportation, finance).
  • Enforcing stricter compliance for private companies providing essential digital services.
  • Expanding international cybersecurity partnerships to enhance cyber defense capabilities.

Conclusion

Estonia remains one of the most digitally advanced nations, but this also makes it a prime target for cyber threats. State-backed attacks, cybercrime, and fraud have all escalated, influenced by geopolitical tensions and global cyber trends.

However, Estonia’s proactive cybersecurity policies, government investments, and public awareness initiatives are helping to mitigate risks. Stronger cooperation with international partners, improved regulations, and enhanced cybersecurity training will be key to defending against future cyber threats in 2024.