In 2024, CERT Polska registered over 100,000 incidents, which is an increase of almost 30% compared to 2023 – according to the CERT report. The vast majority of them were computer frauds. Over 50 incidents were classified as “serious”.
CERT called the past year “an absolute record” compared to almost all statistics cited in previous reports.
In 2024, the CERT Polska team registered and handled 103,449 cybersecurity incidents, which is a 29% increase compared to 2023, when over 80,000 incidents were recorded.
As indicated in the report, the most common category of incidents recorded last year was computer fraud, also called the “greatest threat” to cybersecurity. CERT recorded almost 98 thousand of them, which constitutes 95 percent of all incidents. Compared to 2023, the number of computer frauds increased by 29 percent – it was noted. The list of computer frauds included, among others: fake online stores and investment frauds, in which cybercriminals impersonated fuel and energy companies, companies and institutions.
CERT Polska explained that fraudsters reached potential victims using advertisements placed, among others, on social media. In the advertisements, cybercriminals encouraged to invest on investment platforms, promising high profits, but their real goal was to extort money.
The report shows that the most common type of computer fraud in 2024 was attempts to extort confidential data, e.g. login and password to e-mail, bank website, social networking site or other online service (40,120 incidents, which is 39% of all registered). For this purpose, fraudsters most often used phishing, i.e. impersonating well-known brands using e-mail (false links) and websites – it was indicated.
CERT recorded over 235 thousand cases of phishing last year. Popular phishing campaigns included cases of unauthorized use of the image of sales sites such as OLX (9865 cases) and Allegro (4053 cases), as well as the social networking site Facebook (3871 cases).
According to the report, in 2024, CERT registered 1,891 incidents related to malware, which was the second most serious threat (approx. 2% of all incidents). The third most serious threat was so-called vulnerable services, i.e. those where security holes were found (1,634 cases; which is 1.6% of all).
CERT Polska registered 3,450 incidents in public entities last year, which is a 58 percent increase compared to the previous year. The largest number of incidents were recorded in public administration (1,911 cases), followed by the education and upbringing sector (579 cases) and the health care sector (440 cases) – it was specified.
In 2024, CERT Polska also recorded 57 “serious” incidents. These are incidents whose occurrence caused or could have caused a serious reduction in quality or interruption of the continuity of the provision of a key service – it was explained. It was specified that 44 incidents occurred in the banking and financial market infrastructure sector, 11 concerned the health care sector, and 2 were related to the transport sector. The number of serious incidents in 2024 – compared to 2023 – increased by 43%.
The most incidents in the past year were experienced by the finance sector (42%), trade (18%) and media (13%). Other areas of the economy that fell victim to incidents included post and courier services (5%), digital infrastructure (approx. 4%) and banking (2.5%). Incidents involving individuals accounted for 2.6% of all incidents, and public administration – 2.3%.
Cybersecurity incidents can be reported to CERT Polska via the website istotne.cert.pl, and suspicious text messages can be reported to the number 8080.
CERT Polska is a team operating at the NASK institute responding to network incidents and accepting reports of suspicious and unusual events. The unit was established in 1996. (PAP)
mbl/ mick/
