They were also looking for another vulnerable spot. Approximately 24 hours after the first wave of cyberattacks on the Education Policy Institute Theme Bank, unusual activity was noticed yesterday morning in the Panhellenic School Network’s single sign-on identity and authorization service. Her peak lasted about 25 minutes, from 7.45 to 8.10. However, this service did not collapse.

The security systems he had already installed a long time ago seemed to be enough to deal with this threat. That didn’t happen to Theme Bank, however, which suffered a denial-of-service DDoS attack on Monday that caused problems with in-school exams and prompted a Supreme Court attorney to intervene to investigate the incident. happening. A corresponding investigation is already being carried out by the prosecutor’s office for electronic crimes. The case is also being investigated by EYP in order to check any activities of organized hacker groups from abroad.

It is not yet known what security tools or systems were used at the Subject Bank prior to yesterday to prepare for a DDoS (Distributed Denial of Service) cyber attack. Even if the necessary simulations were done to see how much traffic her system could handle. It is reported that an accessible solution has been proposed in the past for a specific Education Policy Institute platform, but for reasons not stated in “K”, it does not appear to have been used.

Trial

A test attack against Single Sign-On (a service that allows members of the Panhellenic School Network to access multiple apps) was allegedly carried out on Monday evening, but it did not work. SSO is also used by the Subject Bank, and in theory, when the attempt was made to protect the Education Policy Institute platform, the criminals were looking for some other possible point they could hit. In November 2020, as distance learning was being launched due to the pandemic, the Panhellenic School Network experienced problems with targeted attacks for several days. They then approached the National Technology and Research Infrastructure Network and were offered, among other things, Cloudflare’s DDoS prevention service, which they then adopted and combined with other protection systems.

In the same year, the websites of various ministries were subjected to massive cyberattacks, followed by the signing of a contract to combat potential DDoS threats to government websites. As a solution, she chose Akamai, through her representative in Greece, which is also used internationally to prevent DDoS attacks. However, each ministry is responsible for its own systems, and each government agency can act autonomously in cybersecurity matters and choose the methods or tools to use. In December 2020, there were reportedly discussions about using the same service for the Education Policy Institute Theme Bank, but in the end it didn’t seem to move forward. The reason is not reported. According to “K”, there are proposals from the New Democracy, if it becomes the government, to consolidate the various disparate cybersecurity services of the State and create an organization that will deal with these issues uniformly for all state bodies, independently to which the ministries are subordinate. Another goal, following the same guidelines, would be the homogenization of the applications used, since in certain cases, such as the Theme Bank, it is considered an old type.

Recommendations for bringing together disparate government cybersecurity services and creating an organization to deal with these issues in a unified way.

The goal is to “overload”

DDoS attacks are extremely common and do not necessarily require special knowledge. Typically, their duration is not continuous for many hours, because the attacker understands that the target will at some point take action to intercept. They are also provided on the dark web as a service for purchase, the cost of which is determined by the parameters that moral criminals are willing to set (the size of the hit, as well as its duration).

A denial-of-service attack is not usually about compromising network data, but its main purpose is to render a service unusable, i.e. block access. Looks like someone is overloading the call center with virtual calls and it can’t answer real users. The target is inundated with requests that seem to come from different countries and cannot process them.

The Topic Bank platform suffered massive attacks on Monday (up to 280,000 connections per second, reportedly), according to published data. Yesterday, on the second day of the disruption, the Ministries of Education and Digital Governance said the platform received “165 million visits from 114 countries,” without giving details. “This is the most serious attack ever carried out against a Greek public government organization,” the statement said.

However, security experts interviewed by “K” explain that no safe conclusion can be drawn from this element of the declaration, nor can the intensity of the attack be estimated. Speaking of DDoS attacks, you need to specify how many connection requests the target receives per second to also determine network resilience.

Also, according to security experts who spoke to K on condition of anonymity, the attack does not appear to be “unprecedented” or “megaton.” For example, in February last year, Cloudflare, one of the internationally available DDoS prevention services, announced that it was able to stop a DDoS attack event that exceeded 71 million connection requests per second.

On Monday, after a request for help from the National Cyber ​​Security Administration, it was decided to put the system under Akamai and on the Theme Bank platform. The process began at night and included a series of actions that had to be performed over time until the necessary shielding became possible. On Tuesday morning, the tuning was still ongoing, which could cause a new malfunction.