Recently, the Estonian Cyber Security Incident Response Team (CERT-EE) has reported an increase in cyber attacks targeting the websites of various Estonian institutions. These attacks begin with the hijacking of vulnerable or outdated websites, allowing scammers to introduce malicious content designed to infect the devices of unsuspecting visitors. A key component of this strategy involves the use of fake CAPTCHA checks, which mislead users into believing they need to complete a task to prove they are not bots.

Cyber attackers first identify websites with outdated security and take control of them. They then display a message that mimics legitimate bot-checking systems, prompting users to engage in an activity to gain access. Unlike standard CAPTCHA systems, which typically involve clicking on images or completing other legitimate tasks, these fake systems are crafted to facilitate the propagation of malware under the guise of security.

This evolving method raises significant concerns about cybersecurity in Estonia, particularly as more institutions move online in the face of digital transformation. The CERT-EE is urging organizations and users alike to enhance their security measures and remain vigilant against such deceptive schemes, as the consequences of a successful attack can be severe, including data theft and compromised personal and organizational information.