Cyber bomb hoaxes: The new cyberwarfare intimidation tactic and ways to counteract it

Transforming mass cyber bomb threats from low-cost, high-impact attacks into high-cost, high-effort endeavours is vital in reducing their prevalence and effectiveness.

Transforming mass cyber bomb threats from low-cost, high-impact attacks into high-cost, high-effort endeavours is vital in reducing their prevalence and effectiveness. Image: REUTERS/Kacper Pempel/Illustration

Tomas Okmanas
Co-Founder, Nord Security
Our Impact
What's the World Economic Forum doing to accelerate action on Cybercrime?
The Big Picture
Explore and monitor how Cybersecurity is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
Stay up to date:


This article is part of: World Economic Forum Annual Meeting
  • Recent examples of mass cyber bomb threats have once again revealed systemic vulnerabilities in the response from states to low-cost, coordinated cyberattacks.
  • These attacks are effective because they are easily scalable, and decision-makers tend to respond in the highest capacity even when risk levels are low.
  • One potential solution is ensuring that mass cyber bomb threats become high-cost, high-effort attacks.

Hoax bomb threats are not a new idea – they have been used since telecommunication technology became widely available. We can be reasonably confident that the world faced similar threats in the form of letters before that. But bomb threats delivered widely by digital means incorporate elements of cyberwarfare – diminished relevance of geographical boundaries and the ease of execution of such threats – to this age-old problem.

The recent wave of mass cyber bomb threats in Europe this year has reminded us how even a single bad actor with the technological means can now have a disproportionately large impact. The impact has already disrupted daily life and essential services for many states in 2023.


How is the Forum tackling global cybersecurity challenges?

Back in the autumn of 2023, a wave of cyber bomb threats across the Baltic states – Lithuania, Latvia, and Estonia – illustrated criminals’ ability to disrupt societal functions and strain law enforcement resources in a low-effort way.

In Lithuania, the situation escalated with an overwhelming number of threatening emails targeting schools. These emails, sometimes containing political content, were part of what Lithuanian authorities identified as a "coordinated mass attack". Estonia faced a wave of spam emails containing bomb threats, many of which targeted Tartu, the nation's second-largest city. Most schools in the area closed as a precautionary measure.

In Latvia, around 300 schools received similar threat emails, causing a range of reactions from evacuation to continued operation under heightened alert. The Latvian police classified these as low-risk threats but recognized the broader intention of these actions: to instil fear and disrupt the normal functioning of educational and other public institutions.

A wave of spam emails threatening institutions caused chaos across the Baltic states in autumn.
A wave of spam emails threatening institutions caused chaos across the Baltic states in autumn.

Similar tactics have been observed in other parts of Europe, suggesting a broader pattern of digital intimidation and disruption. In France, authorities took note of a series of fake bomb threats that tapped into prevailing social anxieties with targets including schools, airports and museums.

In the case of Ukraine, these cyber tactics took on a more ominous tone, especially in the period leading up to the Russian invasion. Ukraine reported a combination of bomb threats and cyberattacks, which were seen as part of a broader hybrid warfare strategy.

The impact of these mass cyber bomb threats on the infrastructure of law enforcement agencies was significant. In all countries, authorities were compelled to treat each threat seriously, allocating resources for investigation and response. This response often entailed deploying personnel to the threatened locations, conducting thorough searches of the premises, and sometimes implementing evacuation protocols.

The sheer volume of threats created an environment where law enforcement agencies were stretched thin, struggling to adequately respond to each potential threat while maintaining their regular duties. This both strained their resources and revealed vulnerabilities in existing security frameworks, which were not designed to handle threats at such a scale.

Why are mass cyber bomb threats effective?

The alarming efficiency of mass cyber bomb threats in recent years can be attributed primarily to two factors: their scalability and the significant psychological and operational impact they exert on public targets.

Attackers can easily generate large volumes of threatening emails or messages with little cost or effort from a required network infrastructure. Cybercriminals’ abilities have increased with the global introduction of rapidly evolving large language models, which can generate plausible threats in multiple languages. This scalability allows bad actors to target a wide array of institutions simultaneously, from schools and childcare facilities to other public organizations.

The second factor contributing to the effectiveness of these threats is the high psychological and operational impact they have, especially on sensitive targets like educational and childcare facilities.

Security officials and decision-makers are often compelled to respond with maximum capacity, even in low-risk instances. As a result, even a perceived low-level threat can trigger a full-scale emergency response, including evacuations and extensive on-site searches, disrupting normal operations and causing significant stress and anxiety among the public.

Defusing mass cyber bomb threats

There is a clear difference in intent between bad actors wanting to inform authorities of an actual bomb threat and bad actors wanting to incite panic and chaos within a state or targeted organization. The main goal for the latter is for their message to be read by as many people as possible.

So to effectively counteract the growing issue of mass cyber bomb threats, a potential strategy lies in putting up barriers to these low-cost, low-effort attacks so that they become more resource-intensive and challenging to execute. Increasing their difficulty requires a collaborative approach, particularly between email service providers, state governments, cybersecurity experts, or involved NGOs.

Have you read?

Email providers play a crucial role in the dissemination of these threats. Focused dialogue with these providers could lead to more effective strategies to identify and block mass threat emails. These strategies could involve advanced filtering algorithms or enhanced monitoring of suspicious email patterns through automated processes and utilization of machine learning algorithms. A discussion could be held about more non-invasive approaches that could potentially minimize the impact of mass cyber bomb threats.

The dialogue between governments, cybersecurity experts, email providers and internet rights NGOs is vital in this fight. By working together, these entities could introduce new guidelines and legislation to make it more challenging for bad actors to mass distribute anonymous threatening communications, which potentially include threats made with tools other than email, like voice over internet protocol (VoIP), or could even limit social media’s ability to disseminate such threats.

Transforming mass cyber bomb threats from low-cost, high-impact attacks into high-cost, high-effort endeavours is vital in reducing their prevalence and effectiveness. Through such initiatives – as well as enhanced cybersecurity measures, improved threat assessment protocols and international cooperation – the scalability and reach of these threats could be effectively reduced, enhancing overall cybersecurity and public safety.

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Related topics:
CybercrimeCybersecurityDavos Agenda
World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

3 trends set to drive cyberattacks and ransomware in 2024

Scott Sayce

February 22, 2024

About Us



Partners & Members

  • Join Us

Language Editions

Privacy Policy & Terms of Service

© 2024 World Economic Forum