CERT Polska: more frequent attempts of phishing data

Almost 30 thousand unique security incidents were registered in 2021 by CERT Polska team, operating within the structures of the NASK National Research Institute. Over 75% of incidents handled were of phishing nature. This shows an almost 200% increase in the category of such events compared to the previous year.

CERT Polska, the first incident response team established in Poland, has just published its annual report "The Security Landscape of the Polish Internet".

CERT Polska experts monitor what is happening on the Polish Internet on ongoing basis. The annual report is the result of their analyzes. Year to year it can be seen that cybercriminals are more and more active - CERT Polska successively registers an increasing number of reports and cybersecurity incidents. Criminals are constantly improving the known methods of fraud and using methods that increase their effectiveness - says Minister Janusz Cieszyński.

Phishing more dangerous

Last year, CERT Polska registered a total of 29,483 security incidents. Experts thus recorded an increase in the number of incidents by 182% compared to 2020. Phishing is still dominant, i.e. attempts to extort data, e.g. login and password to an e-mail, bank website, social networking site or other online service. Phishing accounted for as much as 76.57% of all incidents handled. This is an increase of 196% compared to the previous year.

Among the most vulnerable sectors of the economy most affected by incidents were: media, wholesale and retail trade, and post and courier services.

What methods did the criminals use? They focused on improving known phishing scenarios: hijacking Facebook accounts, fake payment gateways, and extorting money from sellers on classified websites. All this translated into a record number of reports in the category of computer frauds, the total share of which in all incidents handled by us amounted to nearly 90% - we can read in the CERT Polska report.

Malicious software and illegal content – hot topic

The second most popular type of incidents that CERT Polska registered and handled was malware. 2847 such incidents were registered in 2021, which constitutes 9.66% of all incidents handled. Compared to the previous year, this number increased by 281%.

The bronze medal of the number of registered incidents last year belongs to the category of offensive and illegal content, including spam. The percentage of such incidents was 1.05%. Such a small percentage results from the fact that CERT Polska team often assigns many reports to one incident.

List of warnings against dangerous phishing sites

Due to the large number of frauds, CERT Polska continues its efforts to popularize initiatives such as the List of Warnings for Dangerous Domains.

In March 2021, the List of Warnings for Dangerous Domains kept by CERT Polska celebrated its first birthday. The inventory, available free of chargé, serves to improve online security by blocking domains that have been classified as being used for phishing and theft of funds. By the end of the year, nearly 42,000 malicious domains, were added to the List, of which as many as 33 thousand in 2021 - emphasizes Krzysztof Silicki, Deputy Director of NASK, Director of Cybersecurity and Innovation.

Violations can be reported by any entity or person. You can read the warnings on the website: https://www.cert.pl/news/single/ostrzezenia_phishing/

How much depends on the user

As emphasized by experts, year 2021 brought numerous attempts at attacks using various habits and weaknesses of network users. The first is having one password for different websites, thanks to which criminals gain access to several accounts at the same time. This significantly increases their possibilities when carrying out the planned action.

The second human weakness fraudsters use to achieve their goals is the belief that there are easy and quick ways to earn money. Throughout the year, we observed numerous campaigns promoting profit by allegedly investing in cryptocurrencies or the shares of domestic state-owned companies. This scenario was not linear, but the effect for the victim was always the same - they ended up losing saved or even borrowed money - we read.


In 2021, CERT Polska continued the #SafeIndustry campaign, where the team actively works to increase the level of cybersecurity of Polish industrial infrastructure. For this purpose, devices available from the public Internet, such as PLCs or operator panels (HMI), are searched for.

We contact their owners and advise on how to protect them. This year, we focused mainly on the development of internal automation tools and the search for new vulnerabilities in equipment popular in Poland. During this year, we took steps to address numerous cases in which it was possible to remotely take complete control of an industrial process, incl. in sewage treatment plants and water treatment stations - explains Marcin Dudek, expert of the CERT Polska Department.

If you would like to read the full report, click the link and visit CERT Polska website.

Incident reports can be submitted to CERT Polska, among others by e-mail to cert@cert.pl, via the form on the website.