Lithuania’s cyber security status report: more complex cyber-attacks, vulnerable devices and websites
“In terms of security efforts, the status of cyber security in Lithuania improved in 2018, however, we are observing a big increase of cyber incidents with malware. All recorded parameters show that cyberspace is a battlefield and requires no smaller security and defence efforts than a sea, on land or in the air,” Minister of National Defence Raimundas Karoblis says.
According to the „National Cyber Security Report 2018“provided by the National Cyber Security Centre under the Ministry of National Defence 53,183 cyber-incidents were reported in Lithuania in 2018. The number is slightly smaller than in 2017, however a significant increase in complex cyber-attacks, 41%, was found.
According to Minister of National Defence R. Karoblis, the scope and sophistication of cyber-incidents is a huge challenge to Lithuania and further efforts are needed to ensure that Lithuania’s cyber defence and security capabilities correspond to the existing threats.
According to Minister R. Karoblis, one of the most significant challenges is the elections in Lithuania and cybersecurity throughout them. The NCSC took complex measures to that end last year: there is intense cooperation with the Central Electoral Commission, recommendations and additional technical means have been provided to strengthen security of its IT systems, preparations have been carried out for possible scenarios of events, also, a workshop has been held for IT system administrators of news organisations.
The NCSC identified 21% more equipment with security vulnerabilities over 2018, and half of the 52 thousand websites with content management system in Lithuania are also vulnerable.
“It is concerning. Many cyber threats are related to vulnerabilities in equipment and websites that people of malicious intents may exploit for cyber-attacks,” Vice Minister of National Defence Edvinas Kerza.
According to Vice Minister, there is still a lack of understanding in Lithuania that IT services and information in communication and information systems are property and its protection should be prioritised.
The NCSC report also underscores that the critical state infrastructure remains to be targeted by intense cyber activities: electronic communication network reconnaissance increased by 18% over 2018. Malicious actors were mostly interested in the networks of state governance (39%), energy (20%), foreign affairs and national defence systems (24%).
“Networks of the vital state sectors of Lithuania are under constant and intense attacks in order to intercept the data, for which reason we are designing a safe stat data transfer network due to these risks. The state needs to have a closed secure network for critical institutions. The designed network will allow to ensure safety of data and reliability of communication in emergencies, such as large cyber-attacks or natural disasters,” Minister Raimundas Karoblis noted.
25% more attempts to hack communication and information systems using social engineering were reported in 2018 in comparison to 2017. The most frequent method was sending out e-mail letters to gull money, information, even hacking into computers of officials and sending them outside of Lithuania.
The status report also notes the systematic implementation of cyber security policy in Lithuania over 2018 – the National Cyber Security Strategy was adopted, consolidation of the national cyber security capabilities which strengthened cyber security capabilities of the state was completed. Also, the decision was made to develop a safe state data transfer network which will connect institutions responsible for vital functions of the state and ensure security of data and reliability of communication during emergencies, for example, large cyber-attacks or natural disasters.
In 2018 Lithuania undertook the role of leadership in strengthening cyber security internationally as well – we continue leading successfully one of the European Union initiatives on formation of rapid cyber response teams. The project developed under the Permanent Structure Cooperation (PESCO) already includes 13 participants and it is one of the most progressed PESCO projects so far.
The NCSC report also points out the most notable cyber and information incidents in Lithuania in 2018 and offers basic recommendations to Internet users on management of risks arising from cyber threats.
It is the third cyber security status report published by the NCSC.