Several websites in Cyprus have been targeted by cyberattacks in recent days, according to Communications Commissioner Giorgos Michaelides, who oversees the Digital Security Authority (DSA).
Speaking to the Cyprus News Agency, Michaelides said the incidents involve Distributed Denial-of-Service (DDoS) attacks, a type of cyberattack that overwhelms websites with artificially increased traffic, preventing them from functioning normally.
“Some activity is taking place. This happens from time to time,” he said when asked to comment on reports of attacks on Cypriot websites.
How DDoS attacks work
According to the commissioner, during such attacks websites become overloaded with requests, making it impossible for users to access their services.
“At the moment it happens, the page becomes so overloaded that it cannot serve users,” Michaelides said, adding that this is among the simplest forms of cyberattack and does not require advanced technical expertise.
“These attacks are among the most basic. When they occur, anyone trying to use the targeted website will simply not be able to access it,” he explained, describing the phenomenon as relatively common.
No clear pattern in targets
Asked whether there are indications about why the attacks are taking place now, Michaelides said they could be linked to developments in the region, Cyprus’ upcoming EU Council Presidency, or may simply be coincidental.
“If you look at the websites being targeted, they are varied. It is not only government websites, so we cannot say that the state itself is being specifically targeted,” he said.
He added that authorities have not identified any consistent pattern among the affected websites.
Michaelides noted that the attacks have been observed over the past few days but are not continuous.
“It is not something that has been happening nonstop for three days. It may occur for a short period each day. It is not something unusual,” he said.
Monitoring and response
The Digital Security Authority mainly provides information and technical guidance to website operators facing such attacks.
To protect against DDoS incidents, website owners typically need to purchase specialised services that reroute incoming traffic through protective systems so that the website can continue operating.
“Depending on how much you pay for such services, the larger the attack you can withstand,” Michaelides explained, noting that these measures are usually implemented in advance rather than during an attack.
He added that the authority monitors the situation continuously and remains in constant contact with operators of critical infrastructure.
“We monitor the phenomenon 24/7 and inform critical infrastructure operators. The communication we provide to them is ongoing and not only when an attack occurs,” he said.
Source: CNA