Cyber threats in Latvia surge: why a SOC is no longer optional

Between April and June 2025, Latvia’s cyberspace faced a sharp escalation in both the scale and sophistication of cyberattacks. According to the National Cybersecurity Centre of Latvia (CERT.LV), 709 cyber incidents were recorded, a 12% rise from the previous quarter. The number of compromised devices skyrocketed by 62%, exceeding 459,000. Much of this growth was driven by automated vulnerability scanning and exploitation.

Fraud remained the most pressing threat, showing a 46% year-on-year increase. Attackers increasingly impersonated trusted names such as CSDD, government institutions, major banks, and postal services to trick victims through phishing, fake fines, and even election-themed scams. New tactics included smart TV scams, AI-powered voice imitation, and double extortion ransomware.

For businesses, Business Email Compromise (BEC) and ransomware posed severe risks, with some organizations losing up to a quarter of their annual revenue in a single incident. Globally, a massive breach leaked credentials from more than 16 billion accounts from services like Google, Facebook, and Apple, further increasing the risk to Latvian companies.

DDoS attacks spiked during holidays and political events, though most were effectively mitigated. Encouragingly, no attempts to disrupt June’s municipal elections were detected, which shows that proactive defenses can work. Still, CERT.LV warns that human error remains the biggest vulnerability. They recommend stronger cyber hygiene, two-factor authentication, and AI-driven security monitoring.

The reality we see at Squalio

Commenting on the report, Pēteris Ervalds, Head of Cybersecurity & Infrastructure at Squalio, noted:

“These numbers mirror what we see daily in our clients’ environments. Cybersecurity incidents happen regularly, and too often they are only discovered once the damage is done. Even when organizations have security tools, there is often not enough staff to keep watch 24/7. If incidents are detected, many teams lack the experience to respond effectively. And all too often, critical security improvements are postponed simply because IT teams are overwhelmed.”

How a security operations center (SOC) changes the game

A modern SOC provides constant vigilance and rapid response capabilities that internal teams alone often cannot maintain. At Squalio, our SOC:

• Monitors systems 24/7 with AI and real-time telemetry to detect threats early, before they cause harm.
• Responds instantly with experienced threat hunters who know how to contain and mitigate attacks.
• Continuously strengthens defenses with the latest security technologies, ensuring protection keeps pace with evolving threats.
• Reduces workload on internal IT teams, freeing them to focus on strategic priorities rather than firefighting.

The CERT.LV report (CERT.LV - 2025. gada 2. ceturksnis Latvijas kibertelpā) is a reminder that no organization is too small, too local, or too well-equipped to be targeted. The question is not if an incident will occur, but when. With a dedicated SOC partner, you are not just reacting to attacks, you are staying ahead of them.

Discover how Squalio SOC can safeguard your business → Learn more here