The year 2024 has seen a marked increase in cybersecurity challenges faced by organisations in Greece, marked by a significant rise in both the frequency and complexity of cyberattacks. These threats have notably disrupted the operations of businesses, government services, and critical infrastructure across the nation. Efstratios Lontzetidis, a Cyber Threat Intelligence Researcher based in Greece, has catalogued the key highlights of the evolving cyber threat landscape over the past year.
One of the most prominent threats has been the escalation of ransomware attacks, which have particularly affected sectors such as education, retail, shipping, and media. Notable among these incidents was the attack on Hellenic Open University (HOU) on November 1, where hackers from the RansomHub group managed to exfiltrate 813 GB of sensitive data, severely disrupting operations at Greece’s sole institution dedicated to open and distance learning.
In the retail sector, the Fourlis Group, which operates well-known brands like IKEA and Intersport in Greece and surrounding areas, was hit on November 27, coinciding with the peak shopping season of Black Friday. While the attack did not result in any data leaks, it exposed vulnerabilities within interconnected retail systems, highlighting the potential risks associated with increased digital commerce.
The shipping and media industries also faced significant disruption from ransomware groups. Incidents were reported involving Eurobulk Ltd. and Barkingwell Media S.A., illustrating the range of targets being pursued by cybercriminals.
Critical infrastructure was not spared, with various government websites and services falling prey to cyberattacks. A significant breach occurred in July 2024 involving the Greek Land Registry agency, where 1.2 GB of administrative documents were stolen from compromised employee terminals. Fortunately, no personal information of citizens was leaked, but the breach underscored the vulnerabilities within vital governmental systems.
The cyber threat landscape has also been marked by Distributed Denial-of-Service (DDoS) attacks. On March 15, the Anonymous Collective executed a DDoS campaign against COSMOTE, Greece’s largest ISP, which they claimed was motivated by the country’s stance on geopolitical issues. Other institutions, including the Ministry of Infrastructure and Transport and Piraeus Bank, faced similar campaigns from the NoName057(16) collective, reflecting the widespread nature of these attacks and the severe disruptions they can cause to critical services.
Additionally, Advanced Persistent Threat (APT) groups have posed a long-term risk to key sectors like maritime and government. These groups, which utilise sophisticated tactics often aimed at espionage, target vital systems and seek to exfiltrate sensitive information. With Greece’s economy relying heavily on maritime activities, the persistent threat faced by this sector is particularly concerning.
Looking ahead to 2025, the cyber threat landscape is expected to evolve further, reflecting trends seen across the European Union and beyond. Predictions indicate that attacks will become more sophisticated, with cybercriminals potentially employing artificial intelligence to enhance their strategies, making detection and prevention increasingly difficult.
Industry experts foresee an increased targeting of critical infrastructure sectors such as energy and healthcare, as attackers look to disrupt essential services while also taking advantage of vulnerabilities within supply chains as businesses continue to digitise and collaborate with third-party vendors. Regulatory pressures are also anticipated to increase, compelling organisations to fortify their security postures under evolving compliance frameworks such as DORA and NIS2.
In light of these evolving threats, organisations in Greece are advised to implement comprehensive cybersecurity frameworks, conduct regular risk assessments, enhance employee training on best practices, establish incident response plans, and engage with cybersecurity experts for insights into the latest threats and defensive strategies.
Efstratios Lontzetidis commented on the urgency of addressing these challenges, stating, “The cyber threat landscape of Greece in 2024 is an eye-opener, showing just how critical it is to stay alert and take proactive steps to defend against attacks.” He further elaborated, “As we move into 2025, flexibility and preparedness are more critical than ever as attackers leverage AI. Cybersecurity is no longer a technical issue; it’s a strategic imperative to protect national and organizational assets.”
As 2024 concludes, Greece’s cybersecurity landscape remains dynamic and complex, indicating that organisations must remain vigilant and proactive in their strategy to mitigate the anticipated threats of the upcoming year.
Source: Noah Wire Services