Threat Level Description

IthacaLabs has maintained the Threat Level (High) adding a new observation:

Addressing the broad nature of the threat in order to reach an acceptable risk level, requires additional and sustainable protective security measures combined with specific business and geographical vulnerabilities and judgments.

Description

We have identified that ongoing large-scale Distributed Denial of Service (DDoS) attacks are currently targeting various financial organizations in Greece and Cyprus. These attacks, originating from unknown sources, have significantly disrupted normal traffic to targeted servers, services, and networks. As a result, critical services and operations of these organizations have been severely impacted, leading to considerable financial and operational losses.

Given the severity of the situation, all relevant departments are urged to enhance their cybersecurity measures, closely monitor network traffic, and report any suspicious activities immediately. Continued vigilance and proactive defense strategies are essential to mitigate the impact of these ongoing cyber threats.

Note that such cyber-attacks have become increasingly common, highlighting the need for robust cybersecurity frameworks and rapid response mechanisms to safeguard critical infrastructure.

CVE(s)

OC-2025-0004

Affected Systems

• Financial Organizations

Recommendation(s)

The guidelines below will help you protect against DDoS attacks and its associated security threats:

• Create a DDoS Response plan.
• Determine what functionality and quality of service is acceptable to legitimate users of online services, how to maintain such functionality, and what functionality can be lived without during denial-of-service attacks.
• Protect organization domain names by using registrar locking and confirming domain registration details (e.g. contact details) are correct.
• Partition critical online services (e.g. email services) from other online services that are more likely to be targeted (e.g. web hosting services).
• Temporarily transfer online services to cloud-based hosting hosted by a major cloud service provider (preferably from multiple major cloud service providers to obtain redundancy) with high bandwidth and content delivery networks that cache non-dynamic websites. If using a content delivery network, avoid disclosing the IP address of the origin web server, and use a firewall to ensure that only the content delivery network can access this web server.
• Use on premise DDoS solution as part of the defense in depth approach: On-premise DDoS defense solutions installed immediately in front of application and database servers are required to provide a granular response to flooding-type attacks, as well as to detect and deflect the increasingly frequent application-layer DDoS attacks.
• Maintain continued vigilance.