Powerful cyber attack on the website of public services in Greece, including the tax and medical systems

One of the largest cyberattacks in Greece took place on Friday morning against the information systems of the Ministry of Digital Governance, incl. website of public services and the tax administration, focused on TAXISnet, whose work was “blocked” for more than 48 hours.

It was an unprecedented DDoS attack, which according to authoritative sources originated in the Netherlands, and with which unknown cybercriminals tried to temporarily or even completely stop the work of about 800 government websites. It should be noted that hundreds of Gov.gr services now work using TAXISnet codes, as well as authentications for banking services.

Among the problems caused was the failure of their e-prescription service. Doctors could only write prescriptions by hand during the weekend for emergencies, while duty pharmacies could not write them. Even hospital doctors could not prescribe medications to patients admitted to emergency departments.

During DDoS attacks, a series of bots or botnets flood a website or service with HTTP requests, interrupting data transfer between hosts. In fact, several thousand computers attack the victim’s servers at a certain time (for several minutes, hours or even days), blocking its use by legitimate users. This causes the service to respond slowly or not work at all for a period of time.

Also, during an attack, attackers can penetrate the database of affected computer systems, gaining access to all kinds of confidential information. That is, DDoS attacks can exploit security vulnerabilities and target any endpoint that is publicly accessible over the Internet. So-called Denial of Service (DDoS) attacks can last hours or even days.

Competent sources reported that during the attack on the information systems of the Ministry of Digital Management, the operation of more than 800 government websites connected to them was “blocked”. Specific websites either couldn’t “open” or were very slow to “open”. The National Cyber ​​Security Administration was immediately called in and worked urgently until Sunday evening to restore the websites with the help of technicians. OTE (This is the telecommunications provider of the state, through which the websites and servers of various services and organizations operate).

Characteristically, in order to stop attacks by unknown attackers, technical specialists carried out geo-blocking (geographic blocking) throughout the Netherlands, as they found that the “blocking” of government websites occurred from there, and the attack itself was directed through Azure Cloud from Microsoft , which hosts the government sites of Greece.

As of Sunday afternoon, about 600 websites had been “cleaned up” and were allowed access again after the settings had been initialized.

Source link