The attackers changed tactics at least twice. First, shortly after 6 am on May 29, she was hit. Thematic bank, causing problems and delays in conducting internal school examinations. The first reaction of the defenders was to geo-block access from abroad. In the evening, the Akamai service was also recruited, which is widely used to prevent cyber-attacks such as DDoS. However, another escalation followed the next morning, this time targeting the node of the National Technology and Research Infrastructure Network. Once this front was settled, attackers turned against single sign-on to the pan-Greek school network in an attempt to prevent teachers from logging in with their passwords and causing further disruptions. They were persistent.

The peak moments of the waves of cyberattacks in the two phases coincided with the distribution of subjects in schools. They clearly expected that these actions could cause a stir, which they did. After all, denial-of-service attacks, DDoS attacks, which are frequent and widespread around the world, have exactly this goal: they try to “clog” an online service with virtual connection requests and make its availability unusable for some time.

Around mid-May, another Ministry of Education platform was reportedly hit by a DDoS attack and went down for more than an hour. No details of this case were brought to the attention of K. in order to assess the scale of the attack. However, there is no indication yet that the two incidents may be related.

pins

According to “K”, after the events of recent days, additional security measures were introduced. For example, the Panhellenic School Network reactivated Cloudflare’s DDoS prevention service, which they used in a number of other defenses in 2020 during the pandemic, when it was offered to them as a solution by the National Technology Infrastructure Network. and Research because distance education has come under attack.

However, in connection with the recent cyber attack on the Subject Bank of the Institute for Educational Policy, the issue of organizing and organizing cybersecurity in the bodies and organizations of a wider state has again come to the fore. What security gaps might exist and how can they be prevented or closed?

polydissociation

The unification of all government agencies under the auspices of a single digital security system was de facto included in the next government’s priority list.

At the end of January 2020, then-government spokesman Stelios Petsas said that various government websites, including the ministries of the interior, foreign affairs, finance and commercial shipping, were subject to a DDoS attack. Due to this extensive incident, officials at the Ministry of Digital Governance found that they did not have the legal competence in cybersecurity matters for other ministries or departments under them (that is, each cared for or could control their own home). Among other things, they then discovered that there was no centrally available list of those responsible for these issues in each ministry or department, so that if necessary, they could directly contact the person in charge.

The informal protocol for developing a web application assumes that certain checks will be made before it is made available for public use. It had to be preceded by a penetration test to identify any vulnerabilities, as well as a stress test to establish its durability and reliability. However, it is not clear whether this is done, observed or controlled by all the information technology directorates scattered throughout the Greek state, in various ministries.

In some cases, according to people familiar with the labyrinthine architecture of the Greek state, some of the ministries’ online services may be available without taking all these necessary measures, either because of time constraints and tight deadlines, or because fees are charged to a small number of people. with this work, which at the same time must cover other needs. “Measures are followed on a case-by-case basis, so some services are not disabled,” a security expert, who asked not to be named, told K. One of the key issues that the next government will have to address is the implementation and control of a single protocol throughout the state.

In 2020, following denial-of-service attacks on ministry websites, a contract was signed to combat potential DDoS threats on government websites. Akamai was then chosen, one of the available solutions on the international market. In the same year, the use of this particular service was proposed to various government bodies so that they could join a wider circle of protection if they wished. According to information known to “K”, at the end of December 2020, the same solution was proposed for the website of the Institute for Educational Policy (iep.edu.gr) and at least until the end of January 2021 it is said that some actions to conduct appropriate testing of the service. K was not told what followed in subsequent years, whether other security systems were used, or why the Theme Bank platform was ultimately not covered by this service on the morning of May 29 in the first phase. cyber attacks.

Authorities’ investigations

The cyberattack against Topic Bank is being investigated by the police’s electronic crime prosecutor’s office, as well as by the EYP (responsible for the state’s cyber security) to establish any involvement of organized hacker groups from abroad. The case is also being monitored by the GEETHA Cyber ​​Defense Office. According to information released in recent days, the suspicions of the authorities have also spread to the Russophile hacker group Killnet, as a small sample of identified IP addresses (about 30) were allegedly used in the past in attacks attributed to them. However, this sample is still insufficient to draw unambiguous conclusions.

Usually, the Killnet team publicly takes responsibility for DDoS attacks, as they have done in the past against our country. In November 2022, she stated on her channel on the Telegram app that she was targeting Greek government websites. Relevant investigations tend to take a long time, and it is not always certain that they will come to a conclusion whether the perpetrator is an organized group or an individual perpetrator.