Cybersecurity threats are rising sharply in Cyprus, prompting serious investment in digital defences to protect national infrastructure.
The Surge of DDoS Attacks: A Growing Concern
Recent analysis from Qrator Labs reveals a staggering 74 per cent increase in application-layer Distributed Denial of Service (DDoS) attacks globally in the second quarter of 2025 compared to the previous year. These attacks primarily target web applications, flooding them with malicious traffic that resembles legitimate user requests, thus making detection and mitigation challenging.
Cyprus is not immune to these threats. Financial institutions are particularly vulnerable, accounting for 43.6 per cent of all application-layer DDoS attacks observed during this period. E-commerce platforms follow closely, experiencing 22.6 per cent of recorded attacks, while information and communication technology services were targeted in 18.2 per cent of these instances.
The Local Landscape: An Urgent Response
The rise in global DDoS threats coincides with a heightened state of alert within Cyprus. A menacing announcement from a group known as the “Tunisian Maskers Cyber Force” recently warned of significant DDoS attacks aimed at critical Cypriot infrastructure. Experts suggest that this threat is likely motivated by political or religious factors.
Cyprus’s history with cybersecurity vulnerabilities is troubling. In March 2023, a series of serious cyberattacks affected several prominent institutions, including the University of Cyprus and the Land Registry, leading to operational disruptions and data breaches. Such incidents highlight the pressing need for enhanced cybersecurity measures in the region.
Government Initiatives and Challenges
In response to these escalating threats, the Cypriot government has allocated €8.5 million to bolster national cybersecurity—a significant move considering the previous years of underinvestment that left public infrastructure at risk. Deputy Minister of Research, Nicodemos Damianou, informed the House audit committee that while steps have been taken towards improvement, existing security systems across government entities remain fragmented. Achieving full integration will take time and sustained effort.
Damianou highlighted that eleven critical infrastructures received cyber-defence upgrades after the major cyberattacks in October 2024. The government has also relocated all servers following flooding at the finance ministry in 2023, marking a step towards improving overall infrastructure resilience.
The Rise of Botnets and Their Implications
Complicating the situation further, Qrator Labs has discovered the largest-ever DDoS botnet, composed of 4.6 million infected devices—almost 20 times larger than previously observed networks. Such an expansive botnet significantly increases the threat level to digital services, capable of overwhelming them in a matter of moments, which could severely disrupt economic activities.
Andrey Leskin, Chief Technology Officer at Qrator Labs, pointed to the explosive growth in application-layer DDoS attacks as a direct consequence of the increasing number of vulnerable devices connected to fast internet. “The size of botnets we observe today would have been unimaginable just a year ago,” he stated.
These massive botnets can generate tens of millions of requests in an attack, rendering online services inaccessible, causing critical transactions to fail, and halting entire digital operations. Leskin cautioned that not every DDoS protection provider is equipped to handle such large-scale assaults, meaning businesses with existing defences may still find themselves unprepared for the potential impact.
Future Steps: Enhancing Cyber Resilience
To mitigate these significant risks, Qrator Labs recommends that organisations enhance their incident response plans and invest in advanced DDoS mitigation tools. Regular stress testing of existing infrastructure is also essential for building long-term digital resilience against evolving threats.
On a legislative level, Cyprus is keen to align with the European Union’s Network and Information Systems (NIS) Directive and the Digital Services Act (DSA), which aim to strengthen cybersecurity protocols across member states. These frameworks could provide the necessary support for local businesses and public entities to better manage and respond to cyber threats.
As Cyprus navigates this challenging landscape, the collaboration between government agencies, private sector organisations, and cybersecurity experts will be crucial in fortifying the nation’s digital defences. With rising threats, a proactive approach to cybersecurity is not just advisable; it’s essential for protecting the country’s critical infrastructure and economic stability.
