Denial-of-Service Attack on State Resources on October 2

Today, between 11:00 and 12:10, state websites experienced a large-scale denial-of-service attack (DDOS), as a result of which many national online resources, several municipal websites, and the eParaksts.lv portal became unavailable. Most services were restored within less than an hour, while some resources took just over an hour to recover.

“Cyberattacks are nothing unusual, and in today’s geopolitical climate they have become a part of daily life, whether on an individual, corporate, or national level. The most important factor is how quickly services can be restored, and in this case, LVRTC specialists managed to bring everything back online within an hour. There has been no data breach or compromise of resources,” stressed Ģirts Ozols, Chairman of the LVRTC Management Board.

According to an initial expert review, today’s DDOS attack was geographically widespread, originating from IP addresses not only in Russia and Belarus, but also Vietnam, Korea, the United States, India, Taiwan, and the Baltic states.

The findings confirm that the attack was not random but carefully organized, coordinated, and continuously adapted to counter LVRTC’s defense strategies. Denial-of-service attacks are carried out by simultaneously sending massive numbers of requests to a targeted infrastructure, in this case, traffic peaked at 2 million requests per second. The defense approach involves blocking requests from identified attackers. Experts note that during the attack, perpetrators repeatedly shifted their tactics and volumes in response to LVRTC’s countermeasures. LVRTC does not rule out the possibility of renewed attacks and is taking preventive steps to ensure that attackers do not succeed.

Unlike similar cyberattacks seen earlier this year, there were no signs this time that attackers were probing for weak points or exploiting simple vulnerabilities, which has been the case in the past.

The key difference here was the attackers’ constant and visible presence – the active steering of the attack and repeated changes in tactics.

Although citizens and institutions usually do not feel any impact during such attacks, this time the perpetrators did succeed in disrupting resource availability. Together with CERT.LV and other industry experts, LVRTC will carry out a detailed analysis to prevent such disruptions in the future.

Since 2015, LVRTC has provided cybersecurity services to around fifty state institutions and state-owned enterprises included in the list of protected resources.

In 99.9% of cases, neither citizens nor resource owners even notice when attacks occur. Cyberattacks often take place during public holidays or politically significant events, with the aim of undermining the country. For example, during the May holidays this year, the number of denial-of-service attacks against state resources surged by 40% compared to other days in the month, with financial sector resources being particularly targeted.

Currently, LVRTC blocks an average of 50,000 illegitimate requests per day, along with constant attempts at large-scale volumetric attacks.