A series of digital disruptions and a sharp rise in phishing attacks marked a turbulent April in cyberspace, as more than a thousand cyber incidents affected services relied on by the public every day.
According to the Information System Authority, 1,138 cyber incidents with impact were recorded during the month. Several incidents disrupted critical digital services, while phishing campaigns targeting bank customers and cryptocurrency users led to losses amounting to thousands of euros.
Among the most significant disruptions were repeated outages affecting the services of the Health Insurance Fund. On 1 April, digital prescriptions could neither be issued nor used to purchase medicines for approximately 30 minutes due to a software error, which was resolved after systems were restarted.
Further disruptions affected digital prescriptions, insurance verification, and incapacity for work benefit services. RIA said the incidents were caused by a failure on the platform of an external service provider.
Digital signature services faced difficulties as well, as users were unable to provide digital signatures through the DigiDoc4 application and were shown a misleading error message.
Later in the month, disruptions were reported in the Digital Signature Gateway Service due to an error during certificate renewal.
Fraudulent emails claiming to be from LHV Bank circulated widely, urging recipients to update allegedly expiring banking information.
CERT-EE also identified targeted phishing attacks aimed at cryptocurrency wallet users, particularly customers using MetaMask and Ledger services. Victims were directed to fraudulent websites designed to steal personal information and account credentials.
Information System Authority analyst Dorel Kiik said the April incidents demonstrate how cyber threats are increasingly shifting from technical failures toward attacks exploiting human behaviour.
“While service outages are usually temporary, the impact of scams can be very painful and long-lasting for individuals,” Kiik said. “It is therefore crucial that everyone knows how to recognise scam emails and take a critical approach to unexpected messages that urge quick action.”
