SOCshare 2025 January: cybersecurity landscape in Lithuania

Key insights

The start of 2025 started with a noticeable uptick in brute-force attacks targeting public-facing services. Among the most frequent vectors were VPN portals and Microsoft 365 logins, with attackers relentlessly attempting to guess weak or reused credentials.

A significant portion of the hostile activity tracked in January was attributed to threat actors originating from Russia. Interestingly, in a growing trend to evade traditional geo-blocking defences, many of these actors leveraged Virtual Private Servers (VPS) from local or regional hosting providers. By doing so, they manage to blend in with legitimate traffic and bypass geo-fencing restrictions that organizations may have in place.

Alongside brute-force attempts, phishing attacks remained also a persistent threat. A common tactic seen was the impersonation of official authorities — most often, emails crafted to look like they came from police departments, courts, or other legal institutions. These phishing emails were designed to give a sense of urgency or fear, often claiming the recipient was involved in a legal matter or needed to respond to an official inquiry.

Once engaged, these emails typically lead to multi-stage infection chains. In many cases, the initial file or link triggered a series of downloads, often obscured through obfuscation or staged delivery methods, which helps bypass basic antivirus and email security filters. The end goal of these campaigns seem to be usually an infostealer malware.

We suggest staying resilient by not forgetting these key cyber hygiene elements:

savybė
Enable Multi-Factor Authentication (MFA)

This remains one of the most effective defences against account brute-force attacks. It should be enforced across critical systems, especially Microsoft 365 accounts, VPNs, and email platforms.

savybė
Harden Public-Facing Services

Review and monitor all externally accessible assets. Implement account lockouts and rate-limiting for login attempts and consider network-level protections such as conditional access policies.

savybė
Stay Vigilant Against Phishing

Educate users to critically evaluate emails, especially those invoking urgency or referencing legal or governmental bodies. Always check sender details, avoid clicking on unexpected links, and verify attachments before opening.

savybė
Use Threat Intelligence

Monitor current threat landscapes and emerging attack techniques. Knowing how attackers operate helps to build proactive defences.

Other news and updates

CTI-AI project: end of year update
CTI-AI project: end of year update
The most common myths related to the implementation of the DORA Regulation
The most common myths related to the implementation of the DORA Regulation
SOCcare December 2025: RondoDox Campaign: Routers Beware
SOCcare December 2025: RondoDox Campaign: Routers Beware
Engaging management and operational teams to do trainings, TTXs, practice sessions, etc.
Engaging management and operational teams to do trainings, TTXs, practice sessions, etc.
Designing an engaging and realistic TTX for an organisation
Designing an engaging and realistic TTX for an organisation
Weekly cyber drills? How to make them a mission possible
Weekly cyber drills? How to make them a mission possible
How to design and lead multi-organisational and multi-national TTXs?
How to design and lead multi-organisational and multi-national TTXs?
NRD Cyber Security liquidates NRD Bangladesh
NRD Cyber Security liquidates NRD Bangladesh