Q1 2025 in Latvian cyberspace
The full version of the report is available here: PDF
The report contains generally available information and does not contain information on CERT.LV performance, which contains restricted information. The report is for information purposes only.
In the first three months of 2025, the cyber threat landscape in Latvia and elsewhere continues to evolve with increasing intensity, complexity and strategic direction. Cyber-operations are no longer just one-off attacks or attempts to profit - they are increasingly targeted, persistent and aligned with wider geopolitical and economic developments.
CERT.LV and NIC.LV DNA firewalls, CERT.LV Security Operations Centre services, threat hunting, security tests, phishing simulations and staff training provide a multi-layered defence that strengthens the country's overall cyber security, preventing Latvia from being perceived as an easy target.
Since Russia launched full-scale hostilities in Ukraine in 2022, Latvia and the other Baltic States have been constantly exposed to intense cyber-attacks. The threat level in the region is still assessed as high. Although the threat of Russian aggression continues unabated, the start of 2025 clearly demonstrates Latvia's cyber resilience and ability to effectively defend its cyberspace and ensure the continuity and availability of essential services.
In Q1 2025, the number of cyber incidents* (631) increased by 11% compared to the previous quarter, but is 11% lower compared to the same period last year. In terms of quantitative indicators, fraud, intrusion attempts, malicious code, compromised equipment and availability of service ranked in the top 5 cyber incidents. Cyber attacks repelled by the DNS firewall service across all CERT.LV zones prevented users from visiting malicious websites 476 855 times, which is 4% more than in the previous quarter.
The volume of alerts automatically processed and sent (284 029) is high, but stable year-on-year.
Cyber espionage and politically motivated attacks have mainly targeted important institutions and organisations in the financial, law enforcement, education, healthcare and telecommunications sectors, as well as national and local government institutions and critical infrastructure. These attacks are intended to extract sensitive data, destabilise operations, undermine public confidence and create strategic pressure.
Given Russia's possible aggressive plans and rhetoric towards the EU and the Baltics, the threat dynamics are expected to remain high in the future. Interest in Latvia's infrastructure has not diminished from Chinese and Belarusian-backed cyber-attackers.
The increasing intensity of attacks and the relentless ingenuity of cyber attackers encourage every organisation to counter them with appropriate technological solutions, which in turn contributes to the overall development of technical capabilities, the demand for data-driven cybersecurity services, and strengthens public and private sector response capabilities.
* In response to the increasing volume and complexity of cyber threats, we have improved our statistical approach from 1 January 2025: from now on, unique cyber incidents will be counted rather than unique IP addresses compromised. This approach more accurately reflects the scale and impact of threats; comparability with historical data is maintained.
