The year 2024 proved challenging for cybersecurity in Greece, with a significant surge in the volume and sophistication of cyberattacks. Ransomware attacks, Distributed Denial-of-Service (DDoS) attacks, and Advanced Persistent Threats (APTs) all significantly disrupted businesses, government services, and critical infrastructure. Efstratios Lontzetidis, a Cyber Threat Intelligence Researcher based in Greece, provided a compelling round up of the most essential threats facing Greece in the past year. Let’s take a quick look at the highlights.
Ransomware Attacks Intensify
Ransomware emerged as a dominant threat in Greece throughout 2024, affecting education, retail, shipping, and media sectors. Notably, groups like RansomHub and Akira expanded their operations within the country, utilizing double-extortion tactics to maximize impact.
The education sector was notably impacted when the Hellenic Open University (HOU) was victim to a RansomHub attack on November 1st. The attack exfiltrated 813 GB of sensitive data, disrupting operations at Greece’s sole institution dedicated to open and distance learning.
In the retail sector, Fourlis Group, which operates IKEA and Intersport in Greece and neighboring countries, suffered a ransomware attack on November 27th—the timing, coinciding with the Black Friday shopping period, crippled e-commerce operations. Although no data leaks were detected, the disruption highlighted vulnerabilities in interconnected retail systems.
Other significant ransomware incidents included attacks on Eurobulk Ltd. (shipping), Barkingwell Media S.A. (media), and Antaeus Travel Group (travel), demonstrating the varied targeting strategies of ransomware groups.
Critical Infrastructure Under Attack
Government websites and online services were frequently targeted, impacting citizen access to essential information and resources.
For example, in July 2024, the Greek Land Registry agency was breached, compromising employee terminals and stealing 1.2 GB of administrative documents. Although no citizens’ personal information was affected, the incident highlighted the vulnerabilities within critical government systems.
On March 15, 2024, the Anonymous Collective launched a DDoS campaign against Greece’s largest ISP provider, COSMOTE. The attackers accused the country of supporting Israel amid ongoing tensions in the Middle East. The attackers claimed that they temporarily disabled the ISP’s website and DNS servers.
Similarly, a threat actor known as NoName057(16) collective orchestrated a wave of DDoS attacks on Greek institutions, including the Ministry of Infrastructure and Transport, Thessaloniki Metro, and Piraeus Bank. These incidents targeted various sectors, including government, transport, and finance, highlighting the wide range of essential services at risk. The attacks caused temporary disruptions in operations, underscoring Greece’s need to enhance its cyber resilience.
APT Groups Target Strategic Sectors
Advanced Persistent Threat (APT) groups, known for their sophisticated tactics and long-term objectives, targeted various sectors in Greece, including maritime and government. These groups often engage in espionage and data exfiltration, seeking to gain access to sensitive information and intellectual property.
The maritime industry, a key contributor to Greece’s economy, faced persistent threats from APT groups seeking to disrupt operations and steal valuable data. Government institutions also remained a prime target, with APT groups aiming to infiltrate critical systems and gain access to confidential information.
Emerging Trends and Predictions for 2025
The cyber threat landscape in Greece is expected to evolve further in 2025, following similar trends in the EU and elsewhere:
- Increased Sophistication of Attacks: Cybercriminals will likely continue employing AI to advance their techniques further, making detection and prevention increasingly challenging.
- Targeting of Critical Infrastructure: Sectors such as energy, transportation, and healthcare may face heightened risks as attackers aim to disrupt essential services.
- Supply Chain Vulnerabilities: As organizations continue to digitize and integrate with third-party vendors, supply chain attacks, exploiting weaker links in the security chain, are expected to rise.
- Regulatory Pressures: With cyber incidents increasing in frequency, regulatory bodies have imposed stricter compliance requirements, such as DORA and NIS2, compelling organizations to enhance their cybersecurity postures.
Recommendations for Organizations
To mitigate these evolving threats, organizations in Greece (and not only) should consider the following measures:
- Implement Comprehensive Security Frameworks: Adopting robust cybersecurity frameworks can help identify and address potential vulnerabilities.
- Conduct Regular Risk Assessments: Periodic evaluations of security measures can ensure they remain effective against emerging threats.
- Enhance Employee Training: Educating staff about cybersecurity best practices can reduce the risk of successful phishing and social engineering attacks.
- Establish Incident Response Plans: A well-defined response strategy can minimize the impact of potential breaches.
- Collaborate with Cybersecurity Experts: Engaging with professionals can provide insights into the latest threat intelligence and effective defense mechanisms.
Concluding Thoughts
“The cyber threat landscape of Greece in 2024 is an eye-opener, showing just how critical it is to stay alert and take proactive steps to defend against attacks,” said Lontzetidis when asked to comment. “From Ransomware and DDoS campaigns to APT activities, none of these seemed to exclude any sector from its ambit. This underlines the need for organizations to harden their defenses through advanced technologies, adherence to proven security frameworks, and collaboration with cybersecurity experts.”
The cyber threat landscape in Greece has become increasingly complex, necessitating proactive and comprehensive approaches to cybersecurity. Organizations can better protect themselves against the evolving cyber threats anticipated in 2025 by staying informed about emerging trends and implementing robust security measures.
“As we move into 2025, flexibility and preparedness are more critical than ever as attackers leverage AI. Cybersecurity is no longer a technical issue; it’s a strategic imperative to protect national and organizational assets,” states Lontzetidis.
Anastasios Arampatzis is a cybersecurity content strategist, writer, and consultant with expertise in cybersecurity, digital identity, and regulatory compliance. Tassos has a strong background in creating thought leadership content, marketing materials, and strategic communications tailored to CISOs, security professionals, and business leaders. He has contributed to various cybersecurity publications and collaborates with organizations to develop compelling, insightful content that addresses industry challenges. He is a privacy advocate and a member of the ISC2 Hellenic Chapter. Before joining Bora, Tassos was an Hellenic Air Force Officer with a solid background on IT and Infosec.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.