CERT.LV activity review Q2 2025
The full version of the report is available here: PDF
In Q2 2025, Latvia’s cyberspace saw a significant increase in cyber threats and vulnerabilities, confirming trends that have been in place for a long time. It is not just the intensity and complexity of attacks that is on the rise: it is also the ability of attackers to adapt, which in turn encourages the development of appropriate tech security solutions, spurring demand for data-driven services and for better response capability in the public and private sectors.
During the reporting period, a significant increase in the number of cyber incidents was recorded in Latvia, with 709 cases (+12% relative to Q1 2025, +28% relative to Q2 2024). Much of this increase is due to the human factor, a rising dependency on digital technology, device vulnerabilities, as well as the rise in the malicious use of generative artificial intelligence (AI) models.
The number of vulnerable devices identified increased significantly, to 459 346 (+62% compared to Q1 this year, and Q2 last year), which indicates the growing use of automated scanning and vulnerabilities. At the same time, this can be explained by the addition of large sources of telemetry data to CERT.LV.
The sharp rise in fraud reflects a continuously intense level of fraudulent campaign activity aimed at the public that involves assuming the identities of government institutions and well-known companies. New attack vectors: smart TVs, voice spoofing, double extortion. There is an increase in business e-mail compromise (BEC) and encrypting ransomware virus activity. Global-scale login data leaks (from Google, Facebook, Apple, and others) have taken place that increase the likelihood of cyberattacks in Latvia.
DDoS attacks remained intense with seasonal peaks, especially around holidays and politically important events; however, these are mostly fought off automatically. Meanwhile, no cyber incidents or cyber threats that could indicate any external attempts to influence this year’s elections were detected in Latvian cyberspace during, before, or after the elections. This points to the effectiveness of the preventive cybersecurity measures taken by CERT.LV.
The intensity and complexity of cyberattacks that pose a high risk for the general public, businesses and institutions is increasing in Latvian cyberspace. Cyberattacks directly and indirectly affect people’s financial assets, and the impact of these attacks is becoming increasingly tangible. A negative trend like this can affect the level of trust in digital services among the public.
In order to strengthen cyber resilience in the country, one must ramp up public education and cyber hygiene efforts, improve the technical security capabilities of organisations, and foster the use of AI and data telemetry in security. CERT.LV services, such as its Security Operations Centre, threat hunting, security testing, and training, play a strategically important role in mitigating the threats and are essential for strengthening the country’s resilience in the field of cybersecurity. If Latvia is to avoid gaining the reputation of an ‘easy target’, it must demonstrate resilience and strategic vigilance based on its capacity to identify threats and act on them in time.
* In response to the increasing volume and complexity of cyber threats, we have improved our statistical approach from 1 January 2025: from now on, unique cyber incidents will be counted rather than unique IP addresses compromised. This approach more accurately reflects the scale and impact of threats; comparability with historical data is maintained.
