State bracing for more cyberattacks

Cybersecurity is a major global challenge, so how prepared are we?

Two major cyberattacks and another two attempted ones – all on government systems – have hit Cyprus in the last three months, and more are most certainly on their way.

The state says it’s ready and prepared, but hackers themselves say government sites tend to be the least protected.

“We responded well to the attacks, but unfortunately similar situations could happen again in the future,” Deputy Minister for Research and Innovation Kyriakos Kokkinos told the Sunday Mail this week.

“The public thinks that governmental websites are among the most secure in the world, but the reality is that they are often the ones with less protection,” an Italy-based hacker who wants to be known as ‘Green Hand’ told the Sunday Mail.

In April, the House of Representatives’ website fell victim to an attack, whose source originated from a range of IP addresses, traced back to a Turkish hacker team, the Digital Security Authority (DSA) later confirmed.

The same month a Turkish hacker unsuccessfully tried to attack a Larnaca airport server.

Back in March, someone also unsuccessfully tried to hack the defence ministry.

But it was a hacking attempt on the vaccination portal in May that most impacted the public.

The troubled portal was already overloaded as thousands would log onto the portal from various devices trying to book a favoured vaccine for just one person. The system could not cope, and people would lose the chance to book their slot.

Then, after updating the system, Kokkinos confirmed that a hacker attack was the cause of the repeated crashes.

Without going into details, the deputy minister said the countries and web addresses from where the attacks were made were known, but the persons behind the cyberattacks were not.

“During the attack on the vaccination portal, hackers were using approximately five million computers or servers located in several locations around the world, like Afghanistan, China and Brazil, to penetrate the system,” George Michaelides, the commissioner of Electronic Communications and Postal Regulations told the Sunday Mail.

“These computers or servers were trying to access the portal at the same time. Having been designed to accept no more than 70,000 simultaneous visits, it was inevitable for it to crash. The portal was simply not able to accept any more connections.”

Cyberattacks elsewhere this month have made those against Cyprus seem miniscule in comparison and highlight the sheer scale of the problem.

Since the beginning of May alone, hackers have hit the largest fuel pipeline network in the United States, Colonial Pipeline, forcing supplies to be halted. Hackers were paid a ransom of nearly $5m before desisting.

The Irish health service was also attacked which resulted in a major hospital in Dublin having to cancel all outpatient appointments on the day of the attack.

“You have to take into account that hackers usually choose their ‘victims’ according to either how much power they have or to how likely it is for them to pay a ransom in order for the cyberattack to stop,” ‘Green hand’ said.

The hacker added that in the case of the attack against Cyprus’ national vaccination portal, the people behind it likely saw the low level of protection and decided to proceed with the cyberattack, even without knowing whether they could profit or benefit from it.

“Even if their attack is eventually foiled, the hackers are almost always able to conceal their identities, so they literally have nothing to lose by carrying out attacks against vulnerable portals or webpages,” the hacker added.

The cyberattack on the vaccination portal was a distributed denial-of-service (DDoS) attack, in which multiple devices are used to overwhelm a targeted server with requests and take web applications offline. A relatively common form of cyberattack in recent years, some DDoS attacks have made major tech headlines.

The biggest DDoS attack to date took place in September of 2017. The attack targeted Google services and reached a size of 2.54 Tbps. Google Cloud disclosed the attack in October 2020.

The attackers sent spoofed packets to 180,000 web servers, which in turn sent responses to Google. The attack was not an isolated incident: the attackers had directed multiple DDoS attacks at Google’s infrastructure over the previous six months.

Michaelides also added that DDoS attacks are generally accompanied by a ransom request made by hackers.

“I cannot confirm whether this was the case for the vaccination portal, but this kind of cyberattack is usually carried out for money reasons. Sometimes the hackers even warn the potential victims, asking them to be paid beforehand in order not to be targeted.”

However, he said that the way the issue was handled proved to be successful and no major disruptions were reported in his opinion.

“At some point, users might have experienced some delays or disconnections, but that was it. Most of the time the portal was responding normally. The attack only lasted a couple of days,” he said.

“The hackers eventually desisted because a longer and extended cyberattack always carries the risk for them to be identified and disengaged from their servers. That would result in them losing the power to carry future attacks, something hackers obviously want to avoid.”

Kokkinos confirmed that the attacks were successfully foiled, but also said that there is no way to prevent potential future attacks.

“As for the reasons behind the cyberattack, we can only speculate. Most hackers ask for money in order to cease their actions, but this was not the case as far as the vaccination portal hack is concerned,” he said.

“I want to reassure everyone that, in the event of future cyberattacks, we will be even more prepared to respond in order to minimise any kind of disruption for our users,” Kokkinos said.

To further strengthen the fight against cybercrime, a memorandum of understanding was signed on Wednesday between the justice ministry, the police and the DSA, which includes the recently established National Computer Security Incident Response Team (CSIRT).

The justice ministry said that the need for the memorandum arose from the rapid development of information technology, which has made it possible to commit a wide range of criminal offences using the internet.

“Criminal offences through technology require specialised investigation by the competent authorities and the memorandum will assist their work,” the ministry said.