CERT.LV activity review Q1 2024

CERT.LV Activity Report for Q1 2024 (PDF).

The Activity Report for Q1 2024 contains publicly available information and does not include information about CERT.LV activities that contain classified information. The report is for informational purposes only.



Since Russia’s full-scale invasion of Ukraine, Latvia continues to experience a high level of cyber threats. In Q1 2024, the number of threats and incidents reduced only by 3% compared to the same period in 2023. In addition, it was 5% higher than in the last three quarters of previous year. Latvia has demonstrated a convincing cyber- resilience, and cyber-attacks recorded so far have not had a significant or lasting impact on society.


CERT.LV has actively promoted its role as a leader in threat hunting operations in the European Union, strengthening the cyber resilience of Latvia's critical infrastructure and digital services. To date, more than 100,000 devices in 25 organizations have been analyzed. In partnership with NATO and the Canadian Forces Cyber Command, CERT.LV continues to strengthen international cooperation and collective defense, which is important not only for Latvia's cyber security, but also for that of the Alliance as a whole.

Cyber Security Threats and Trends. Significant threats with a broad impact on the commercial sector, state and local authorities represent only 0.03% of all categorized threats, but the number of unique IP addresses registered as compromised in this category is 218% higher than in Q1 2023; the upward trend continues compared to Q4 last year, with an increase of 26%.

Intrusion attempts, malicious code, and harmful content are the top threat types with the highest increase in activity in Q1 2024. Intrusion attempts in particular are on the rise, with an increase of 118% compared to the same period in 2023. In the current geopolitical situation, this can be attributed to politically motivated Russian hacking attempts, in particular to compromise the critical infrastructure of NATO and EU member states. Such trends highlight the need to strengthen security measures and educate the public about potential threats.

Politically motivated denial of service (DDoS) attacks by Russian hacktivist groups continue in waves, targeting public administrations and companies in specific sectors. The proportion of successful attacks is decreasing, reflecting the readiness of Latvia's infrastructure, the effectiveness of the centralized DDoS protection service funded by the Ministry of Defence, and the ability of communications operators to provide services in the event of a sustained external attack.

Financially motivated attacks most often involve emails and text messages from a seemingly trustworthy source. During the reporting period, scammers most often posed as representatives of the tax authorities, state police, courts, or banks. Phishing in the name of various courier services continued to be active, as did fraudsters with fake job offers. Telephone scammers have begun to actively use artificial intelligence tools to create imitation versions of real people's voices. 21% of victims fall into scam traps due to haste and carelessness.

Vulnerabilities and vulnerable systems are a constant risk, affected by newly discovered critical vulnerabilities, misconfigured IT systems, and outdated IT solutions. Supply chain attacks have been observed against organizations with high levels of security - attackers gain access to a target by attacking software developers and other outsourced service providers.

Effectiveness of DNS Firewall active protection: During the reporting period, DNS Firewall users were protected from malicious websites more than half a million times. Each detected threat indicator is fed into a centralized active protection infrastructure - DNS Firewall - to effectively protect all Latvian citizens, companies and organizations using the protection provided by CERT.LV. In two years, the use of the DNS firewall service has increased approximately 5 times, with approximately 1.5 million DNS requests processed per month.

Coordinated Vulnerability Disclosure (CVD): Work to develop and promote the CVD platform continued with the introduction of a security researcher rating to motivate security professionals to be more proactive in reporting vulnerabilities, and work to engage new players to ensure a diverse perspective and approach to vulnerability management.

Public education: During the reporting period, CERT.LV educated 4737 participants on IT security through 31 educational events, promoting cyber literacy for both individual users and organizations so that everyone can ensure the security of their data and systems.

By fulfilling its mission, CERT.LV continues to promote cybersecurity and be a trusted opinion leader in Latvian cyberspace.