SOCshare 2025 January: cybersecurity landscape in Lithuania

Key insights

The start of 2025 started with a noticeable uptick in brute-force attacks targeting public-facing services. Among the most frequent vectors were VPN portals and Microsoft 365 logins, with attackers relentlessly attempting to guess weak or reused credentials.

A significant portion of the hostile activity tracked in January was attributed to threat actors originating from Russia. Interestingly, in a growing trend to evade traditional geo-blocking defences, many of these actors leveraged Virtual Private Servers (VPS) from local or regional hosting providers. By doing so, they manage to blend in with legitimate traffic and bypass geo-fencing restrictions that organizations may have in place.

Alongside brute-force attempts, phishing attacks remained also a persistent threat. A common tactic seen was the impersonation of official authorities — most often, emails crafted to look like they came from police departments, courts, or other legal institutions. These phishing emails were designed to give a sense of urgency or fear, often claiming the recipient was involved in a legal matter or needed to respond to an official inquiry.

Once engaged, these emails typically lead to multi-stage infection chains. In many cases, the initial file or link triggered a series of downloads, often obscured through obfuscation or staged delivery methods, which helps bypass basic antivirus and email security filters. The end goal of these campaigns seem to be usually an infostealer malware.

We suggest staying resilient by not forgetting these key cyber hygiene elements:

savybė
Enable Multi-Factor Authentication (MFA)

This remains one of the most effective defences against account brute-force attacks. It should be enforced across critical systems, especially Microsoft 365 accounts, VPNs, and email platforms.

savybė
Harden Public-Facing Services

Review and monitor all externally accessible assets. Implement account lockouts and rate-limiting for login attempts and consider network-level protections such as conditional access policies.

savybė
Stay Vigilant Against Phishing

Educate users to critically evaluate emails, especially those invoking urgency or referencing legal or governmental bodies. Always check sender details, avoid clicking on unexpected links, and verify attachments before opening.

savybė
Use Threat Intelligence

Monitor current threat landscapes and emerging attack techniques. Knowing how attackers operate helps to build proactive defences.

Other news and updates

What impact might NIS2 have on Africa?
What impact might NIS2 have on Africa?
What impact might NIS2 have on South America?
What impact might NIS2 have on South America?
How Lithuania stepped up its game with the NIS2 directive
How Lithuania stepped up its game with the NIS2 directive
Security automation: from idea to tool
Security automation: from idea to tool
SOCcare May 2025 Malpeek: Analysis of a "copyright infringement" malware
SOCcare May 2025 Malpeek: Analysis of a "copyright infringement" malware
NRD Cyber Security recorded strong growth and international expansion in 2024
NRD Cyber Security recorded strong growth and international expansion in 2024
Building awareness is a continuous effort
Building awareness is a continuous effort
Facilitating dialogue on NIS2 within the Lithuanian cybersecurity ecosystem
Facilitating dialogue on NIS2 within the Lithuanian cybersecurity ecosystem