Report on the implementation of CERT.LV tasks

Report on the implementation of CERT.LV tasks (PDF).

The report contains information of general interest and does not contain information on CERT.LV's performance, which contains restricted information. The report is for information only.


In Q4 2023, 335 143 unique endangered IP addresses were registered on CERT.LV. This is 0.32% less than in the previous quarter and 7% less than a year ago. The active protection DNS firewall provided by CERT.LV and NIC.LV (the registry of the top-level domain .LV) reached a new record – its (unique) users were protected from malicious links, viruses and malicious websites 467 888 times. This is an increase of 1046% compared to Q3 and 521% compared to the same period a year ago. The DNS firewall handles around 1.5 million DNS requests each month.

The situation in the Latvian cyberspace in Q4 2023 was intense but stable. The volume of compromised unique IP addresses was similar to the previous quarter and the same period last year. There were no dramatic fluctuations in the volume of compromised IP addresses, which shows that Latvia’s cyberspace protection measures are effective and adequate.

Statistics on the types of threats to unique IP addresses in Q4 show that configuration flaws are still the most common threat, but their share has slightly decreased compared to the previous quarter and to the same period a year ago. Malicious code comes in second place, with a surprising 62% increase compared to Q3. In third place is intrusion attempts, also up 19% on the previous quarter and up 65% on the same period a year ago.

Analysis of the data shows that current attacks continue to involve the use of malware to gain access to equipment and systems of public and private sector employees, including the active use of emails with remote access files as attachments. Network compromises in the public and private sectors have increased with the spread of encrypting ransomware viruses, which encrypt data on the victim’s machine and demand a ransom to recover it.

Given the current geopolitical tensions and the threat of hybrid warfare, it can be assumed that the significant increase in hacking attempts in cyberspace is due to politically motivated Russian hacking attacks and targets. This can be assumed in particular with hacking attempts, that were related to apparent efforts to compromise the security of critical infrastructure of NATO and EU Member States.

In late 2023, especially in the pre-Christmas period, a large number of commercially motivated phishing campaigns were aimed at the Latvian population. The fraudsters used text messages, fraudulent telephone calls or impersonation of employees of public authorities and other organisations, including sending photographs with a fake police officer’s identity cards as an attempt to false identity and credibility proof while trying to retrieve people’s personal information or internet banking credentials. As usual, at the end of the year, accountants of companies and organisations were also targeted by fraudsters, who were sending notifications for allegedly unpaid invoices. Artificial Intelligence (AI) solutions are widely used by members of organised crime groups to prepare and send messages and to carry out fraud with fake caller IDs – several people did not recognise the fraudsters’ schemes and, for example, lost their finances by installing fraudulent software on their devices or by taking part in the schemes offered by fraudsters.

Active distributed denial-of-service (DDoS) attacks by hacktivist groups supporting the aggressive Russian regime were periodically observed against State and local authorities and state-owned companies, as well as companies in the financial, transport, energy, postal and telecommunications sectors. However, the targeted infrastructures were prepared to stand up against the attacks and the availability of the services or resources concerned was not affected.

Russia remains the main source of cyber threats, exploiting the political situation to attack targets by targeting political issues, such as the rise of issues such as nationality and residence permits. But whereas previously politically motivated attacks were aimed at disrupting systems, Q4 saw a shift in tactics towards cyber espionage and Kremlin influence operations.

CERT.LV continues to strengthen its role as a leader in organising and conducting threat hunting operations in the European Union - developing and strengthening strategic cooperation not only at the national but also the international level, contributing to NATO’s collective European defence, developing and improving threat hunting methodologies, and organising experience sharing events with partner organisations in allied countries.

CERT.LV stresses that cyber hygiene is essential at both governmental and commercial sector organizations. Sufficient knowledge of cyberhygiene principles allows protection of Latvian and allied cyberspace from various cyberattacks. To achieve this goal, it is important to strengthen the resilience of critical infrastructure to cyber threats and the ability to restore services as quickly as possible after incidents. This includes also the situation of hybrid warfare. To add CERT.LV recommends keeping an eye on the opportunities and threats presented by the development of artificial intelligence.

CERT.LV continues to actively inform the Latvian public about cybersecurity risks and cyber hygiene best practice. During the reporting period, CERT.LV experts participated in 55 educational events, educating 16 144 participants on IT security, which is almost 8 times more than in the previous quarter. The CyberChess 2023 conference was a success, bringing together more than 500 participants from 18 countries in Riga and attracting around 6000 live views from 39 countries.

With 376 media publications, up 47% compared to the previous quarter as a total, 16.5 million views were generated.

In fulfilling its mission, CERT.LV continues to promote cybersecurity and be a trusted opinion leader in Latvian cyberspace.