CERT.LV Public Performance Report 2018

CERT.LV Public Performance Report 2018 (PDF)

The report includes generally available information; it does not contain information about CERT.LV performance results that contain restricted access information. The report is for informational purposes only.


The overall level of cyber security in Latvia's cyberspace can be assessed as moderate. The volume of commercially motivated attacks was consistently high, with a slowly growing trend. The main victims were small and medium-sized entrepreneurs. In the public sector, municipalities suffered mostly in the regions of Latvia. The financial sector was stable, and no major incidents were observed. Latvia continued to be a target for attackers having an opposite political ideology to that of NATO and the EU.

Last year, increased attention was given to the transparency and cyber security of the Saeima electoral process. CERT.LV classified cyber-space activity during elections as moderate, not threatening the state security and elections, and without severe occurrences. Several attacks on email systems, websites and network infrastructure, including public sector targets, were observed with varying intensity. However, they failed to cause any damage, or tangible effect, to the population, as they were successfully repelled. The most noticeable incident during the election was the defacing of the social network Draugiem.lv front page.

Reflecting on specific incidents, the reporting period was marked by a series of DDoS attacks which also received extensive media coverage (e-health, LETA, Song and Dance Celebration ticket distributor bilesuparadize.lv, Delfi.lv). Finally implementing the BCP-38 best practice standard, at least at the European level, it should be possible to find a solution to the DDoS attack problem by eliminating the possibility of sending out network packets with fake packet source (IP spoofing), which is the cause of most DDoS attacks. This would also reduce the maintenance costs of resources at the expense of DDoS protection solutions.

Frequently over a lengthy period of time, CERT.LV continued receiving messages abaut encrypted devices that have been accessed by hackers through a weakly protected Remote Desktop Protocol (RDP) by guessing overly simple passwords. Problem prevailed both in the private and in the public sector.

Innovative techniques have been observed in user-centric fraud campaigns using a more personalized approach to the preparation of fraudulent emails. In order to increase the credibility of the threats mentioned in the letter, the email contained user's personal information, such as a password or a part of the telephone number obtained from some data leak but used as “evidence” for intrusion into the device.

A positive trend for 2018 was the growing alertness and sense of responsibility of the internet users, as evidenced by the informative reports received by CERT.LV on various fraudulent campaigns, as well as the growing public interest in the origin of various software and devices and the associated risks, as was the case with Yandex Taxi, Kaspersky and Huawei.

For the first time ever in Latvia during the reporting period, CERT.LV in cooperation with NATO CCDCoE, organized technical cyber security training “Crossed Swords 2018”. This was the most technically complex and challenging training so far, covering a number of geographic locations, involving both IT critical infrastructure maintainers and military units. More than eighty cyber security experts from fifteen NATO CCD CoE member states participated in the training.

On October 9th, within the framework of European Cyber Security month and support from the project “Improving Cyber Security Capacities in Latvia”, CERT.LV in cooperation with ISACA Latvia chapter organized a cyber security conference "Cyber Chess 2018".  This was attended by 500 participants and remotely watched by more than 2,000.

In 2018, CERT.LV launched the project "Improving Cyber Security Capacities in Latvia" approved by the European Commission in 2017 “Connecting Europe Facility, Telecom-Cyber Security” call (contract with the European Commission No.INEA / CEF / ICT / A2017 / 1528784) ) and cooperation project “CyberExchange” (contract with the European Commission No INEA / CEF / ICT / A2017 / 1528784) to strengthen CERT.LV's response capabilities to information technology security incidents, increase knowledge and capacity and readiness to meet the requirements of the NIS Directive.

Overall, during the reporting period, CERT.LV registered 491,974 threatened unique IP addresses, provided the necessary support to both the public, private sector and law enforcement authorities in dealing with incidents, participated in 127 different events and educated nearly 8,000 people.