Several websites in Cyprus have been the target of cyberattacks in recent days, Communications Commissioner George Michaelides has confirmed. The Commissioner appeared reassuring, noting that this type of attack is the most common and generally harmless.
Asked to comment on reports about cyberattacks on Cypriot websites, Michaelides on Sunday, 15 March told CNA that “there is some activity. This happens from time to time.”
Specifically, he stated that in recent days, websites in Cyprus have been receiving Distributed Denial-of-Service (DDoS) attacks, during which pages become overloaded due to artificially increased traffic. “At the time it happens, the page becomes so overloaded that it cannot serve users. This is the easiest type of attack someone can carry out. It does not require special skills,” he noted.
“These attacks are the simplest ones. At that moment, if someone wants to use the website that is under attack, they will not be able to,” he said, noting that this is a frequent phenomenon.
Asked whether there are indications about the reason for these attacks at this particular time, he said that the phenomenon could be related to developments in the region, the Cypriot Presidency, “or it may simply be coincidental.”
“If you look at the websites, they are various ones. Not only government websites are being targeted, so we cannot say that the state itself is being targeted. We do not know what their criteria are,” he said, noting that no specific pattern has been identified among the targeted sites.
He added that the attacks have been observed over the past few days, but stressed that they are not continuous. “We can't say that it has been going on for three consecutive days. It may happen for a short period each day. It is not something we do not see often,” he said.
Responding to how such attacks are handled, he explained that the Digital Security Authority can only provide information and technical assistance if someone needs it. “To prevent this type of attack, the website owner must purchase special services that redirect incoming traffic elsewhere so that the website can continue to operate. The more you pay, the larger the attack you can withstand,” he explained, noting that such measures are usually taken in advance, not at the moment of the attack.
“We monitor the phenomenon 24/7 and inform critical infrastructures,” he said, adding that the information provided by the Digital Security Authority to critical infrastructures is continuous and does not depend on a specific attack being expected.
