Geslar
1,513 cyber attacks in Croatia in 2025
CERT statistics, trends, and what it means for you personally.
Numbers for 2025
1,513
reported cyber incidents
+23%
increase compared to 2024
4.1
attacks per day on average
According to data from the National CERT (cert.hr), Croatia is seeing a steady rise in cyber incidents. Every day, an average of 4 new security incidents are reported — and those are only the reported cases. The actual number is likely several times higher.
Most common attack types
Phishing — 32%
Fake emails, text messages, and websites impersonating banks, the Croatian Post, e-Citizens, and other institutions. By far the most common attack vector in Croatia.
Ransomware — 18%
Malicious software that encrypts your data and demands a ransom. Targets businesses, hospitals, schools, and local governments. Average ransom: ~250,000 EUR.
Identity theft — 15%
Using stolen personal data for impersonation, opening accounts, or accessing services in your name.
DDoS attacks — 12%
Distributed denial-of-service attacks that take down websites and services. Common targets: government institutions, media, and the financial sector.
Malware — 11%
Viruses, trojans, and spyware that spread through infected attachments, fake updates, and compromised websites.
Other — 12%
Credential stuffing, SQL injection, supply chain attacks, insider threats, and various forms of social engineering.
Who are the targets?
It's not just "big companies" or "the government" being targeted. According to CERT statistics, almost half of all attacks target small and medium businesses and individuals — precisely those who don't have an IT department or security infrastructure.
Small businesses
No dedicated IT team. They use weak passwords, share access credentials, and rarely update software. Ransomware can destroy them overnight.
Individuals
Phishing emails, fake web shops, and credential stuffing. If you use the same password across multiple sites — you are a target.
Public sector
Hospitals, schools, local governments — outdated systems, limited security budgets, and massive amounts of personal data.
Concerning trends
1. AI-assisted phishing
Attackers use AI to generate convincing phishing emails in Croatian — without grammatical errors and with personalized content. The traditional "spot the bad grammar" advice is no longer enough.
Attackers use AI to generate convincing phishing emails in Croatian — without grammatical errors and with personalized content. The traditional "spot the bad grammar" advice is no longer enough.
2. Ransomware-as-a-Service (RaaS)
Ransomware is no longer just for technical hackers. On the dark web, attackers can buy a ready-made ransomware kit for a few hundred dollars — complete with customer support and instructions. This democratizes cybercrime.
Ransomware is no longer just for technical hackers. On the dark web, attackers can buy a ready-made ransomware kit for a few hundred dollars — complete with customer support and instructions. This democratizes cybercrime.
3. Credential stuffing on the rise
With billions of compromised passwords from previous breaches, attackers automatically try combinations on all popular services. If you use the same password on two services — credential stuffing is coming for you.
With billions of compromised passwords from previous breaches, attackers automatically try combinations on all popular services. If you use the same password on two services — credential stuffing is coming for you.
4. Supply chain attacks
Instead of attacking directly, hackers compromise software vendors and updates. One compromised vendor can affect thousands of end users.
Instead of attacking directly, hackers compromise software vendors and updates. One compromised vendor can affect thousands of end users.
Notable incidents in Croatia
KBC Zagreb (2020) — Ransomware attack on a hospital during the COVID pandemic. Systems locked, patient data compromised. It showed how vulnerable healthcare institutions are.
A1 Croatia (2022) — Data breach affecting approximately 100,000 users. Personal data including national ID numbers was leaked. Attackers accessed the system through a compromised user database.
Fake web shops (2024-2025) — Over 6,000 fake online stores targeting Croatian users, especially around the holidays. They imitate well-known brands and offer "impossible" discounts.
Bank phishing wave (2025) — Coordinated phishing attacks impersonating PBZ, Erste, Zaba, and OTP banks. Sophisticated copies of online banking with SMS 2FA redirection.
How to protect yourself — concrete steps
1. Unique passwords
Use a password manager (like Geslar) to generate a unique, strong password for every service. This eliminates credential stuffing as a threat.
2. 2FA everywhere
Enable two-factor authentication on all accounts. Geslar has a built-in TOTP authenticator — guide for every platform.
3. Regular updates
Update your operating system, browser, and apps as soon as updates are available. Most attacks exploit known vulnerabilities for which patches already exist.
4. Check for breaches
Regularly check if your data appears in known breaches. Use the Geslar security check — free and private.
How to report a cyber attack
If you are a victim of a cyber attack or suspect a security incident:
National CERT: incident@cert.hr
Police — Cybercrime Department: Report to the nearest police station or through the e-Citizens system
HAKOM: For incidents related to electronic communications — hakom.hr
Reporting matters — even if you think it's a "minor" incident. Every report helps build a more complete picture of cybersecurity in Croatia.
National CERT: incident@cert.hr
Police — Cybercrime Department: Report to the nearest police station or through the e-Citizens system
HAKOM: For incidents related to electronic communications — hakom.hr
Reporting matters — even if you think it's a "minor" incident. Every report helps build a more complete picture of cybersecurity in Croatia.
Conclusion
1,513 reported attacks in 2025 is just the tip of the iceberg. The actual number is far higher, as most incidents are never reported.
The good news? Most attacks can be prevented with basic security measures — strong passwords, 2FA authentication, regular updates, and a healthy dose of caution. Tools like Geslar exist precisely to make those basic measures simple.
The good news? Most attacks can be prevented with basic security measures — strong passwords, 2FA authentication, regular updates, and a healthy dose of caution. Tools like Geslar exist precisely to make those basic measures simple.
Protect yourself with Geslar — free, local, private.