The number of cyber incidents in Latvia surged in the last quarter of 2025 0 16

Compared to the third quarter of 2025, the growth was 38%.

Cert.lv notes that since the beginning of the war initiated by Russia against Ukraine, the number of cyber incidents in the Latvian cyberspace has increased sixfold, with a steady upward trend observed. This correlates with a sharp increase in the number of vulnerable devices — since 2022, their number has grown eightfold.

Last year, the volume of cyber incidents ceased to grow linearly and began to increase rapidly: in the last quarter, it reached 731,783 cases, which is 2.4 times more than in the fourth quarter of 2024, and 17% more than in the third quarter of 2025.

According to Cert.lv, this indicates a rise in attacks using automated botnets, as well as automated scanning and exploitation of vulnerabilities and configuration errors. The institution emphasizes the need for a proactive approach to cybersecurity — early detection of threats and strengthening capabilities to reduce the risk of escalation and impact of incidents.

The dominant type of incident is fraud, which constitutes the vast majority of cases and determines the overall growth dynamics. There is a noted widespread use of social engineering methods and artificial intelligence tools for automation and content creation.

The number of technical cyberattacks — such as hacks and malware — remains stable overall, but new and dangerous social engineering and malware campaigns are observed. At the same time, there has been a sharp increase in the number of compromised devices and DDoS attacks, although most of them were automatically mitigated and did not affect the operation of services.

Throughout the last quarter of 2025, Cert.lv's DNS firewall filters prevented 1,029,000 attempts to access malicious websites, which is 2.6 times more than in the third quarter of 2025, and 2.2 times more than in the fourth quarter of 2024.

According to cyber intelligence from Cert.lv, attackers often use outsourcing service providers as a starting point for accessing target infrastructure, turning them into a "bridge" for further attacks. Similar approaches are applied in software — malicious code can be injected through trusted distribution channels and development environments.

Fraudulent campaigns are becoming shorter, more precise, and better adapted to specific situations, including the use of names of well-known organizations and familiar processes.

During the reporting period, there was an increase in fake websites and misleading advertisements, including the use of images of famous people in fraudulent investment offers.

Contextual advertising on Google was also actively used to redirect users to fake banking websites. Fraudulent campaigns were identified in the name of government institutions and delivery companies, as well as telephone fraud.

Attacks have both financial and political motivations, with geopolitical factors remaining a significant catalyst for threats. The intensity and complexity of attacks are increasing, as is the ability of attackers to adapt. This, in turn, stimulates the development of technological solutions in the field of protection, demand for data-driven services, and strengthening of response capabilities in both the public and private sectors.

Cert.lv also points out that the increase in damage from fraud, especially outside banking payment channels, indicates a critical need to strengthen digital literacy and resilience in society, as well as to enhance the role of electronic communications operators in preventing telephone fraud.

Although cybersecurity regulation in Latvia is becoming increasingly structured, the automation of threats and the growing pace of cyberattacks increasingly call into question the ability of organizations to detect attacks in a timely manner, emphasizes Cert.lv.

Faster and more effective threat detection is ensured by round-the-clock monitoring of cyberspace, oversight by the Security Operations Center (SOC), proactive threat intelligence, as well as strengthening security in the human factor and supply chains.

Cert.lv is a structural unit of the Institute of Mathematics and Computer Science of the University of Latvia, operating under the auspices of the Ministry of Defense in accordance with the National Cybersecurity Law. The institution's tasks are to provide a comprehensive overview of events in the electronic information environment, as well as to support the prevention of information security incidents in the IP space of Latvia and the .lv domain.