☰

Incidents

With incidents we understand all kind of misuse of Internet resources and violation of acceptable use policies, including sending SPAM or viruses, phishing, port scanning, unauthorized access, piracy, system compromises, etc.

Incidents are prioritised according to type and the severity of the incident. Incidents directly affecting primary constituency (state institutions and local authorities of Latvia, IT Critical infrastructure of Latvia) are treated with higher priority. The level of support given by CERT.LV will vary depending on the type of constituent, type and severity of the incident or issue, the size of the user community affected, and CERT.LV's resources at the time; though in all cases some response will be made within one working day.

Category Description Priority
Denial of service Denial of service (DoS) or distributed denial of service (DDoS) attack. 4
Phishing Attempts to acquire information such as usernames, passwords, and payment card details by masquerading as a trustworthy entity. 3
Compromised 
Asset
Unauthorized access to the servers / network equipment / IT systems / applications / user accounts. 3
Botnet Infected device which can execute commands from botnet centre. 2
Hacking Reconnaissance or Suspicious Activity originating from outside the network device. Automatic attacks in order to find usernames and passwords. Targeted attacks to find vulnerabilities. 2
Malware Malicious code distribution. 2
Spam Any kind of Spam, including service/product promotion with the spam. 2
Configuration
error
Device with an internet connection, which does not meet best practice configuration. 1
Consulting Answers to questions related to IT security. 1
Other - Child pornography
- Theft, fraud
- Personal data
- Virus infection
3
2
2
1

4 - very high; 3 - high; 2 - medium; 1 - low

ALL incoming information is handled confidentially by CERT.LV, regardless of its priority.

Information that is evidently very sensitive in nature is only communicated and stored in a secure environment, if necessary using encryption technologies. When reporting an incident of very sensitive nature, please state so explicitly (e.g. by using the label VERY SENSITIVE in the subject field of e-mail) and if possible use encryption as well. CERT.LV will use the information you provide to help solve security incidents, as all CSIRTs do or should do. This means explicitly that the information will be distributed further only on a need-to-know base, and if possible in an anonymized fashion.

If you object to this default behavior of CERT.LV, please make explicit what CERT.LV can do with the information you provide. CERT.LV will adhere to your policy, but will also point out to you if that means that CERT.LV cannot act on the information provided. CERT.LV does not report incidents to law enforcement, unless law of the Republic of Latvia requires so. CERT.LV cooperates with law enforcement in the course of an official investigation.

Usage of PGP in all cases where sensitive information is involved is highly recommended.