Greek authorities have ordered an investigation into a recent cyber attack on school exams, to be conducted with the assistance of the Police Force’s Cyber Crime Unit.
Supreme Court Public Prosecutor Isidoros Dogiakos ordered the investigation into the attack that targeted the data bank containing school exam questions.
Final year high school exams were disrupted across Greece on Monday and Tuesday by a major cyber attack on school exams database, including delays, exam cancellations, and confusion among teachers and students.
In a shared press release, the Ministries of Education and Religious Affairs and Digital Governance said the school exams platform was subject to large-scale and sustained denial-of-service, or DDoS attacks, of up to 280,000 connections per second.
DDoS attacks typically aim to bring down a system by disrupting the normal flow of traffic.
“The exam bank platform received 165 million hits from 114 countries. It is the most significant attack ever made on a Greek public government organization,” said the ministries, explaining that the DDoS attack was not indicative of a system breach, nor that hackers were able to gain access to database components and data.
Office of the caretaker PM Ioannis Sarmas warned that the cyber attack on school exams was powerful, and was evidence of strong motive and technical know-how by attackers. The attacks were ultimately deflected by a coordination of different ministries.
The statement said the state’s organizational and operational capabilities would activate the defense necessary to properly manage future cyber-attacks.
This is not the first time Greek authorities have been subject to hackers.
In March 2022, hackers used ransomware to bring down computer systems used by the Greek Post. On 17 January this year, two hospitals in the Attika region were targeted by cyber blackmailers who used the same ransomware.
Cyber attacks are a growing threat to governments in the Balkan region. In November last year, Albanian prosecutors moved to arrest and question five public officials in relation to a round of cyber attacks that successfully crippled a number of state institutions.
The prosecution request in this instant related to the crime of “abuse of duty,” and charged five employees of failing to implement adequate safety regulations against cyber attacks.
“The IT staff at DAP (public administration) could and should have requested a report from the economic operator contracted by DAP for the implementation and maintenance of the system in time… despite the lack of knowledge about how to implement the contract for the implementation of the administration system,” said prosecutors.
Image via Pexels
