Yiannis Ioannou
Since October 17, hackers have been launching a series of targeted attacks on various organizations and companies across Cyprus, sparking public debate about the country's ability to fend off cyber threats. Over five high-profile entities have been targeted so far, including the Cyprus Telecommunications Authority (CYTA), the Cyprus Electricity Authority (CPE), EKO (a liquid fuel trading company), the Larnaca Airport website (HERMES), and the government portal gov.cy.
Despite the wave of attacks, the systems have held up well. No significant operational disruptions or breaches of sensitive personal data have been reported, suggesting a successful defense so far.
The hacker groups LulzSec Black and Marocco Soldiers claimed responsibility for the attacks through a Telegram channel, citing political motives tied to Cyprus' support for Israel in the ongoing Middle East conflict.
DDoS attacks in focus
According to cybersecurity insiders in Cyprus, the attacks are of the DDoS (Distributed Denial-of-Service) variety. These assaults overwhelm networks or servers with excessive traffic, aiming to crash systems and disrupt services. Such attacks, while disruptive, are not the most sophisticated and are relatively easy to mitigate. Unlike ransomware, which involves extortion through data breaches or locking files, DDoS attacks are more of a temporary nuisance, often lasting days but without long-term damage.
Experts note that Cyprus has improved its defenses significantly. Measures such as expanded content delivery networks (CDNs), firewalls, and advanced traffic monitoring have been put in place, helping organizations fend off these attacks. The goal of the attackers is to flood systems with artificial traffic to overload them, but so far, the countermeasures seem to be working.Despite these efforts, LulzSec Black has continued to send taunting, even insulting, messages targeting Cyprus, promising more severe attacks beyond the current DDoS attempts.
Who are these hackers?
Though the hackers claim to be an Arabic version of the infamous LulzSec group, experts believe this is more about gaining attention than an accurate representation. The original LulzSec, active in 2011, became notorious for high-profile hacks, including leaking personal data from millions of Sony PlayStation users and taking down the CIA website. However, the group disbanded in 2012 following arrests in the US and UK, with its founder, Hector Monsegur, eventually cooperating with the FBI.
Political motives behind the attacks
The timing of these cyberattacks points to political motives. The hackers claim Cyprus is complicit in the Middle East conflict by supporting Israel, a narrative that has been spreading across the EU since the outbreak of the Hamas-Israel war in early October. By attacking Cypriot institutions, the hackers seem to be aiming to strengthen the idea that Cyprus is directly involved in the conflict and to inspire other hacker groups to follow suit.
What's next?
In a conversation with Kathimerini, cybersecurity expert Andreas Konstantinidis, Director of Managed Services at Odyssey Cybersecurity, confirmed that while the current attacks are limited to DDoS tactics, there are claims circulating about unauthorized access to data from the Ministry of Interior. However, it’s unclear whether these documents were obtained through the attacks or sourced from the Dark Web. Konstantinidis warns that the situation could attract more hacker groups, including BlackMastersArmy, Anonymous kSA, Anonymous Syria, and Morrocan Cyber Defense.
He advises that Cyprus should strengthen its defenses, reviewing both its technical and human resources to stay ahead of potential escalations.
The battle in cyberspace is heating up, and it seems Cyprus is in the crosshairs.
[This article has been translated from its Greek original]