All posts

CERT Poland 2024 reports – what’s new in cyber security?

Created by Kacper Gwóźdź

May 23, 2025

The latest CERT reports on cyber security in Poland were published in March 2025. They were prepared by two key institutions: CERT Polska (operating within NASK) and CERT Orange Polska. The documents summarize the events of 2024 and are an important source of knowledge about current threats on the network, the ways in which cyber criminals operate and the effectiveness of the protection mechanisms in place. What’s more, the reports allow comparison with 2023, showing the scale of change and development of the cyber threat scene in Poland.

CERT Poland (NASK) – more incidents, new threats

The CERT Polska 2024 report, published by NASK, shows a marked increase in the number of security incident reports. More than 600,000 of them were reported in 2024 – up 62% from the year before. At the same time, the number of serious incidents increased – from more than 80,000 in 2023 to more than 100,000 the following year.

Phishing and new attack techniques

Phishing remains the dominant type of attack, accounting for 94.7% of all reported cases. An increasing number of incidents involved social media scams, fake SMS messages and impersonation of well-known institutions.

Tools and effectiveness of action

CERT Polska developed proprietary tools such as Artemis and Snitch to support real-time threat detection and analysis. The effectiveness of the Warning List also increased. In 2024, more than 70 million attempts to access dangerous sites were blocked – a third more than in 2023.

New forms of social engineering attacks

New advanced social engineering campaigns, reminiscent of those we wrote about here, have appeared in CERT Polska reports. These include, among others:

• Scams on WhatsApp – impersonating a child asking for a money transfer.
• Fake summonses from the police – with threats of prosecution and demands for payment.
• QR code fines – fake summonses placed on cars.
• Fraudulent CAPTCHA pages – malicious commands hidden under the guise of verification.

Health sector protection

Although the health sector accounted for only 0.6% of all incidents, as many as 19% were classified as serious. The number of false advertisements involving supposed doctors and medical experts was also on the rise.

CERT Orange Polska – protecting millions of users

Orange Polska’s CERT report for 2024, on the other hand, shows the telecom operator’s activities in protecting users from online threats. During the year, as many as 305,000 fake phishing domains were blocked. As a result, nearly 5 million Internet users avoided the threat.

Types of threats in 2024

The most common attacks are phishing (45%), DDoS (15%) and malware (14%). By 2024, investment fraud already accounted for 52% of all attacks – almost double the number from the year before (28%).

Record DDoS attack

One of the most dangerous incidents was a 1.3 Tbps DDoS attack, which was successfully repelled. This is the largest recorded attack of its kind in Poland.

The use of AI by criminals

CERT Orange Polska is drawing attention to the increasing use of artificial intelligence by cybercriminals. AI helps them create fake sites and deepfakes to increase the credibility of fraud campaigns.

New tools and user education

In response to the growing threats, CERT Orange has implemented new features:

• Password Alert service – to check for data leaks.
• Security Center in the My Orange app – with tips and alerts.

Links

• Raport CERT Polska 2024: Raport_CP_2024.pdf
• Raport CERT Polska 2023: Raport_CP_2023.pdf
• Raport CERT Orange Polska 2024: cert.orange.pl/wp-content/uploads/2025/04/Raport_CERT_Orange_Polska_2024.pdf
• Raport CERT Orange Polska 2023: cert.orange.pl/wp-content/uploads/2024/04/Raport_CERT_Orange_Polska_2023.pdf
• [Mateusz Chrobok] Stan polskiego cyberbezpieczeństwa – Stan polskiego cyberbezpieczeństwa – YouTube