Ransomware: The number one profitable cybercrime in Cyprus

Latest Statistics in Cyprus: A huge increase in cyber-attacks

Cybersecurity threats are increasing in frequency and complexity, making it more challenging for businesses in Cyprus to stay protected. In the last quarter, Cyprus has seen a surge in cyberattacks, with statistics showing a significant increase in various attack types.

The Rise of Cyber Attacks in Cyprus is a growing concern, with the Cyber Threat Landscape expanding and evolving more than ever before in both public and private sectors, with almost daily targeting.

The latest cybersecurity statistics by our Security Operation Centre, are showing a worrisome trend in certain type of attacks which have been significantly increased during the last quarter in Cyprus. An increase that is expected to continue and intensify, underscoring the urgent need for robust cybersecurity measures to safeguard against potential threats.

The statistics refer to the 6 types of attacks with the biggest increase in a 3-month period comparison. The data are based on confirmed Incidents and not alerts or automatic statistics from security controls which do not help us draw useful conclusions.

Ransomware: The Leading Cybercrime in Cyprus

Ransomware has become the most lucrative form of cybercrime in Cyprus, as evidenced by a 75% surge in attacks in the last quarter. This type of attack includes data encryption and extortion for either decryption or non-disclosure, making it one of the most profitable forms of cybercrime – something that motivates cybercriminals to invest considerable amounts of time and money in improving their methods.

To safeguard your business continuity, it is imperative to implement a robust backup and recovery strategy to prevent data loss and minimise the impact of an attack. It is essential to ensure that all systems and software are up-to-date and equipped with sufficient security controls to prevent ransomware attacks.

Unauthorised Software Usage: The Rise of Supply Chain Attacks in Cyprus

Unauthorised software usage has emerged as a major issue in Cyprus, due to the high “success” rate of supply chain attacks. A 65% increase in this type of attack has been observed, with cybercriminals exploiting third-party vendors who have access to an organisation’s resources for managed services.

To protect your business from this type of threat in Cyprus, it’s crucial to have strict controls over the software used by third-party providers and vetting processes to ensure their security.

Man-in-the-Middle Attacks: The Traditional Threat Still Prevalent in Cyprus

The traditional Man-in-the-Middle (MitM) attacks are still a threat to businesses in Cyprus, with a 43% rise in such attacks over the last quarter. This type of cyber-attack happens when an attacker intercepts and alters communication between two parties, allowing them to spy on conversations or steal sensitive information. It is very difficult to detect and can be carried out through phishing emails, fake websites, or by compromising a Wi-Fi network. MitM attacks remain one of the most effective ways to steal data.

To prevent these types of attacks, businesses need to implement strict controls over their network infrastructure, including secure protocols and access controls.

Unauthorised Access and Failed Logins: The Achilles Heel of Cybersecurity in Cyprus

Unauthorised access to systems is often the result of successful brute force, MitM and phishing attacks. A 30% increase in unauthorised access and failed login attempts in Cyprus, highlights the need for robust security controls. These types of cyber-attacks aim at gaining unauthorised access to a system or network. Unauthorised Access can occur through stolen login credentials or exploiting vulnerabilities, while Failed Logins involve guessing login credentials using brute force attacks. These attacks can lead to significant consequences such as data theft, system damage, and financial loss.

To safeguard your business from these threats, it is crucial to adopt two-factor authentication technologies and security monitoring while implementing regular security training.

Remote Command Execution: The Hidden Enemy

Remote command execution attacks have seen a 22% increase in Cyprus. This type of attack is an advanced stage of cyberattacks in which the attacker has already gained access to your systems. Once they have access, they execute commands to achieve their goals, such as data theft or system disruption.

It’s essential to have security controls in place to detect and prevent these types of attacks, such as network segmentation, endpoint protection, and intrusion detection systems.

Phishing Attacks: The Clever and Deceptive Method of Stealing Data

Phishing attacks continue to be a significant threat to businesses in Cyprus, with a 19% increase. Their goal is to deceive individuals into revealing sensitive information through fraudulent emails or websites that appear to be legitimate. These attacks rely on the lack of training and awareness of employees to identify deceptive emails that appear to be sent by colleagues, partners, or other trusted sources.

To prevent phishing attacks, businesses need to provide regular training and education to employees to help them identify and avoid such threats. Implementing email filters and gateways, using multi-factor authentication, and conducting regular phishing simulations can also help minimise the risk of these attacks.

Cyber-attacks are no longer just a technology problem; they can have real-world consequences for organisations

In light of the increasing frequency and complexity of cyber-attacks in Cyprus, a proactive approach to cybersecurity is more important than ever. Rather than reacting to incidents after they occur, businesses must implement robust cybersecurity measures to achieve cyber resilience and protect themselves against potential threats. By adopting a holistic approach to cybersecurity and taking into consideration the three pillars of people, process and technology, organisations can build an effective and applicable cybersecurity strategy.

Ioannis Simos, Manager, Managed Detection & Response, Odyssey Cybercrime