Cyprus is facing a wave of cyberattacks. According to information obtained by Politis, almost all state services have been targeted in recent days and there have been demands for ransom payments.
A source familiar with the matter told Politis that although government websites do not appear to have gone offline, data have been stolen.
Information also indicates that the Ministry of Foreign Affairs was the target of a strong cyberattack, from which databases have reportedly been stolen.
Warning from the Digital Security Authority
The Director of the Digital Security Authority (DSA), Antonis Antoniades, warned last Monday that Cyprus is going through a “difficult period”, as cyberattacks have increased significantly and are now being recorded on a daily basis.
Speaking before members of the Parliamentary Finance Committee during the discussion of the Authority’s budget, he explained that attacks are no longer driven solely by financial motives, but are also linked to geostrategic interests, involving third states and creating a heightened risk of sensitive information being compromised. This risk is further intensified by Cyprus’ Presidency of the Council of the European Union.
The Director of the DSA revealed that cyberattack incidents are now continuous, with the Authority operating under constant operational readiness. He stressed that cybersecurity cannot be addressed in a fragmented way but requires close cooperation between several state bodies, including the Ministry of Defence, the Ministry of Justice and Public Order, the Deputy Ministry of Research and Innovation, and intelligence services.
He also noted that Cyprus ranks among the top five countries in the European Union in terms of cybersecurity legislation, although it still lags behind in other areas.
Despite the pressure, he stated that the country remains above the European average in cybersecurity levels in several critical infrastructures, while stressing that “we are not 100% fortified” and there is still significant room for improvement. He added that in some sectors the private sector is better protected than the public sector, despite the substantial progress that has been made.
References were also made to incidents where ransom payments were demanded from organisations that had suffered cyberattacks. According to the DSA, its position is to avoid paying ransoms, although it acknowledged that in certain cases payments have been made.
Cyberattack on Europa.eu – Signs of sensitive data leak
At the same time, the European Commission is dealing with a serious cybersecurity incident, announcing on Friday that it had been the target of a cyberattack affecting its websites and critical digital infrastructure.
The incident, which occurred on Tuesday, impacted the cloud environment through which the Europa.eu platform operates — the central hub hosting the websites of the main institutional bodies of the European Union.
According to the Commission, once the attack was detected, response protocols were immediately activated and “immediate measures” were taken to contain it. The competent services managed to bring the incident under control within a short period of time, limiting the spread of the attack to the wider system.
However, the initial findings of the investigation are raising concern, as they indicate that data may have been leaked from the affected websites. Although the full extent of the breach has not yet been clarified, the Commission confirmed that the possibility of information being extracted from the public web infrastructure is currently under examination.