Last year, the number of cyber-security incidents, or more commonly known as cyber attacks in Croatia, rose by 65 percent to 1,129, according to the national Computer Emergency Response Team (CERT), which is responsible for monitoring and safeguarding the country's information security and operates within CARNet – Poslovni.hr reports.
CERT states that the most significant change from last year is the large number of reported incidents. Part of the reason for this is in stricter regulation. However, CERT says that this can be attributed, among other things, to their campaign "Great Croatian Naive People", for which they received many inquiries from colleagues from other countries, as well as workshops for the academic community and the business sector.
-The leading types of incidents in Croatia during 2019 were phishing, phishing URL and web defacement, that is, a compromised website with a modified appearance or content of the website - CERT stated. CERT also announced the dynamics of incidents during the year. The beginning of last year was marked by frauds on the elderly through fake Facebook profiles asking for money. The police have also dealt with this case. This was followed by an e-mail phishing campaign against bank costumers that led to a fake page of the bank and tricked customers into signing up. Fake emails with CEO messages ensued, and CERT asked to stop further sending such emails from their colleagues from abroad.
The second quarter began with an e-mail phishing attack on Croatian Post users. CERT then prevented the spread of MikroTik, which was spreading malicious cryptocurrency mining software, as well as a fake password store page – Poslovni.hr writes.
In June, there were many attempts of false extortion in Croatia, where victims were intimidated that the attacker had accessed their passwords. At the beginning of the school year, there was a major phishing campaign targeting schools and other educational institutions.
CERT states that the campaign resulted in several compromised accounts, but that they successfully suppressed it. This campaign repeated in October and was suppressed again.
National CERT also warned that a database of four terabytes of data was unveiled at the end of November, containing 1.2 billion unique records with hundreds of millions of profiles on social networks, 50 million unique phone numbers and 622 million unique e-mail addresses. CERT says the base could not be used directly for attacks but as a source for future attacks – Poslovni.hr reports.