Estonia's Battle Against a Deluge of DDoS Attacks

Written by

The number and frequency of large-scale distributed denial-of-service (DDoS) attacks against Estonian public authorities and businesses has significantly increased in the month of August, Infosecurity Magazine has learned.

Infosecurity Magazine spoke to Tõnu Tammer, head of the incident response (CERT-EE) department, Estonian Information System Authority (RIA), to discuss the attacks and what the Estonian government is doing in response.

The peak of these attacks, so far, were recorded on August 16 and 17, Tõnu Tammer, head of Incident Response (CERT-EE) department, Estonian Information System Authority (RIA) told Infosecurity.

It is relatively simple to organize DDoS attacks and such attacks are a daily occurrence in the Estonian cyber space, Tammer said. However, the RIA emphasizes that data confidentiality is not at risk due to the attacks because attackers cannot access or change the data.

On August 18, Estonian government CIO, Luukas Ilves, revealed on social media that Estonia has been subject to the most extensive cyber-attacks it has faced since 2007.

Tammer said the attacks came from cyber-criminals known to the RIA since the spring of 2022, when an increase in attacks was recorded on April 9 and 10 while the Locked Shields international cyber defense exercise was held in Estonia. However, he declined to name the group because “naming them would give them attention they do not deserve”.

However, pro-Russian cybercrime group Killnet has reportedly claimed responsibility for launching the attacks after Estonia reportedly removed a Red Army monument from Tallin square.

Details of the August Attacks

Tammer explained that on 17 August, the websites of politsei.ee, cybernet.eu, cr14.ee, valitsus.ee and omniva.ee were targeted.

However, as far as the RIA understands, the attacks did not have an effect or had minimal effect on the functioning of these websites.

“The attack against the website of emta.ee (home page of Estonian Tax and Customs Board) on August 17 had the most visible effect, with the website being unavailable from 12.30pm to 1.40 pm. After changing the settings and implementing additional defense mechanisms, it was possible to use the website again. Still, all the services were functional and only the web page was affected,” Tammer said.

He added that based on knowledge to date, the attacks were primarily targeted against the clients of the State Network of the Information System Authority.

“We have to keep in mind that such attacks may last several days and it is quite likely that some websites may not be immediately available at one point or another.”

Mitigating Wider Impact

A 2007 cyber-attack affected 58 Estonian websites as a result of a disputed relocation of the Soviet-era Bronze Soldier monument. Since then, Estonia has become a global heavyweight in cybersecurity.

For example, the NATO Cooperative Cyber Defence Centre of Excellence (CCD COE), founded in 2008, is based in Tallinn.

Currently the nation sites at number four in the National Cyber Security Index and third in the Global Cybersecurity Index.

Tammer highlighted that Estonia was able to prevent many of the August attacks from being effective “because the government has provided us with the means to buy and implement different tools.”

Russian stated-backed cybercriminals are believed to have lashed out against numerous neighboring countries in the since the start of the invasion of Ukraine in February 2022. Finland, for example, saw its defense and foreign affairs departments websites taken offline by DDoS attacks in April when news emerged that it was considering joining NATO.

Governments in Eastern Europe need to be on heightened alert at this time and have the most robust cyber-defenses in place. 

What’s hot on Infosecurity Magazine?