Top

A surge in cyberattacks targets Cyprus: the battle for digital security

Over the past few weeks, Cyprus has faced a significant wave of cyberattacks, targeting critical websites and infrastructure across the country. This surge in digital assaults has raised alarms among the government and the public alike, especially as the frequency and impact of these incidents continue to grow. The hackers responsible have claimed that their attacks are a show of solidarity with Palestine, which has added a political dimension to what is primarily a security crisis.

A widespread disruption

The attacks, orchestrated by a group named “Lulzsec Muslims”, have wreaked havoc across several high-profile targets. Government websites, universities, telecommunications companies, and even Cyprus’ largest bank have been in the crosshairs. Most notably, the country’s main governmental portal, gov.cy, was rendered inaccessible for extended periods, causing disruptions to public services. At one point, authorities restricted access to the site from outside Cyprus to mitigate further threats. The hackers have employed Distributed Denial of Service (DDoS) attacks, which flood websites with traffic, overwhelming their servers and knocking them offline. While DDoS attacks do not necessarily result in data breaches, they cause widespread inconvenience and hamper essential services. These attacks have even reached Cyprus’ airports, where digital systems became sluggish, resulting in checkpoint delays.

Defending against the onslaught

Cypriot authorities have been on high alert. According to the Deputy Minister for Research, Innovation, and Digital Policy, Nikodimos Damianou, the government is carefully monitoring the situation and is taking steps to prevent further breaches. Damianou, in a recent statement, emphasised that while there have been significant disruptions, no sensitive data has been compromised thus far. “We remain vigilant and are closely monitoring the entire situation,” Damianou stated, adding that the government’s response has included upgrading its cybersecurity infrastructure and working closely with private and public entities to boost protection. Cybersecurity experts have advised companies and organisations to remain cautious in response to these attacks. A representative from Odyssey Cybersecurity, a well-regarded cybersecurity firm, suggested that businesses ensure their systems are up-to-date and equipped to handle potential DDoS attacks. He also urged organisations to heighten their employees’ awareness, especially regarding phishing schemes and other cyber threats.

The extent of the attacks

The breadth of the attacks has been alarming. The University of Cyprus, private educational institutions, and key companies like Cyta and Bank of Cyprus have all been affected. While these entities have reassured the public that no sensitive data has been breached, the fact remains that the country’s digital infrastructure has been severely tested. Hackers have boasted about their successes, even sharing the exact times of their attacks and listing the countries where the websites were no longer accessible. This level of brazen communication underscores Cyprus’s challenge as it tries to bolster its defences.

According to cybersecurity experts, the hackers’ intent wasn’t necessarily to steal data but to demonstrate their ability to disrupt essential services. The motive behind the attacks has raised additional concerns. The hackers have framed their actions as a political statement, aligning themselves with Palestine amidst ongoing tensions in the Middle East. This has transformed a purely technical threat into a politically charged issue with broader implications for the country’s digital security.

A surge in cyberattacks targets Cyprus: the battle for digital security
Photo by Mati Mango – Cyprus cyberattacks

Cyprus cyberattacks

The consequences of these cyberattacks have extended beyond website disruptions. With critical systems going offline, including those at airports, there were reports of delays in processing passengers due to longer-than-usual security checks. Normally, the process would take 15 seconds, but during the height of the cyber onslaught, these checks extended to over 45 seconds, causing frustration and congestion.

The Cypriot government, in response, has taken emergency measures to prevent further damage. Nikodimos Damianou noted that while some temporary fixes, such as restricting access to gov.cy from external sources, have been implemented, these are not long-term solutions. “These measures are merely temporary. We are working towards a permanent solution to protect critical infrastructure,” he added. While these attacks haven’t led to significant financial losses or compromised sensitive data, their sheer scale and audacity have spotlighted Cyprus’ preparedness for cyber threats. The Cypriot Digital Security Authority has ramped up its monitoring, working round the clock to ensure that no new breaches occur. However, it has been acknowledged that identifying and prosecuting hackers remains difficult.

What’s next?

The frequency and intensity of these cyberattacks have exposed vulnerabilities in Cyprus’ digital infrastructure, forcing the country to reassess its cybersecurity strategies. While it’s commendable that no sensitive data has been compromised, the ease with which these websites were disabled is a stark reminder of the fragility of the digital landscape. The Cypriot government and companies are taking proactive steps to reinforce their cybersecurity measures, but the road ahead will likely be long and challenging. Damianou has stressed the importance of collaboration, not only between public entities but also with private companies and international cybersecurity experts. The recent efforts have shown that while Cyprus is better prepared than before, constant vigilance and updates to its digital systems are essential to stay ahead of evolving threats.

The role of individuals in cybersecurity

A crucial takeaway from the recent attacks is that cybersecurity is not only a responsibility of governments and large organisations but also individuals. Experts have consistently pointed out that humans are often the weakest link in any cybersecurity chain. Carelessness, such as clicking on suspicious links or failing to follow basic safety protocols, can open the door to even more serious breaches. As a representative of the Digital Security Authority noted, “Cybersecurity is a risk that affects all of us. Individuals must practice basic security measures, whether it’s avoiding suspicious links or being cautious about opening unknown attachments. The weakest link in cybersecurity is often human error.”

The cyberattacks in Cyprus serve as a stark reminder of the ever-present threats in our increasingly digital world. While the country has demonstrated resilience, the sophistication and scale of these attacks show that the fight against cybercrime is far from over. The focus now is strengthening infrastructure, fostering public awareness, and ensuring that Cyprus remains vigilant in an evolving digital threat landscape. As the Cypriot government and private sector continue to work together to safeguard the nation’s digital ecosystem, one thing is certain: cybersecurity is no longer an option—it’s a necessity.

George Mavridis is a journalist currently conducting his doctoral research at the Department of Journalism and Mass Media at Aristotle University of Thessaloniki (AUTH). He holds a degree from the same department, as well as a Master’s degree in Media and Communication Studies from Malmö University, Sweden, and a second Master’s degree in Digital Humanities from Linnaeus University, Sweden. In 2024, he completed his third Master’s degree in Information and Communication Technologies: Law and Policy at AUTH. Since 2010, he has been professionally involved in journalism and communication, and in recent years, he has also turned to book writing.