Cyprus on High Alert as Global DDoS Attacks Surge and Record-Breaking Botnet Emerges

Cyprus is facing mounting cybersecurity concerns amid a sharp global rise in Distributed Denial of Service (DDoS) attacks, with national infrastructure under renewed pressure and fresh investment being directed toward digital defences. A new report from Qrator Labs has revealed that application-layer DDoS attacks surged by 74 per cent worldwide in the second quarter of 2025 compared to the same period last year. These attacks specifically target web applications, flooding them with malicious traffic that imitates legitimate user requests, making them especially challenging to detect and mitigate.

Financial institutions were the most frequent targets, absorbing 43.6 per cent of all application-layer attacks during the quarter. E-commerce platforms were next at 22.6 per cent, while information and communication technology services accounted for 18.2 per cent of recorded incidents. The escalation of such threats comes at a time when Cyprus is already on heightened alert following a warning from a group calling itself the “Tunisian Maskers Cyber Force.” The group threatened a “powerful, massive and extensive” DDoS attack aimed at the island’s critical infrastructure, a threat experts believe is politically or religiously motivated.

Previous cyber incidents have already exposed Cyprus’s digital vulnerabilities. In March 2023, the University of Cyprus, the Land Registry, and the Open University of Cyprus suffered major cyberattacks, leading to operational disruptions and data breaches. Responding to the increasingly hostile digital environment, the Cypriot government earlier this year allocated €8.5 million to strengthen national cybersecurity, marking a significant shift after years of underinvestment that left public systems exposed.

Deputy Minister of Research Nicodemos Damianou, addressing the House audit committee, acknowledged that while progress had been made, security systems across government entities remain fragmented, and full integration will take time. He noted that eleven critical infrastructures received cyber defence upgrades in the aftermath of the October 2024 cyberattacks. He also referenced the relocation of all government servers after flooding at the finance ministry in 2023, describing it as part of a broader set of infrastructure improvements.

Adding to the urgency, Qrator Labs recently identified the largest DDoS botnet ever recorded, comprising 4.6 million infected devices—nearly 20 times larger than any botnet observed in 2024. Such an expansive network has the capacity to overwhelm online services within minutes, threatening to severely disrupt economic activity. “The explosive growth of application-layer DDoS attacks is a direct consequence of the rapidly expanding number of vulnerable devices with fast internet connections,” said Andrey Leskin, Chief Technology Officer at Qrator Labs. “The size of botnets we observe today would have been unimaginable just a year ago,” he added.

Leskin warned that “an attack launched by a botnet of this scale, if not properly mitigated, can generate tens of millions of requests, overwhelming online services until websites become inaccessible, critical transactions fail, and entire digital operations come to a halt.” He further cautioned that “not every DDoS protection provider is equipped to handle an assault of this magnitude, which means that even businesses with defences in place may find themselves unprepared for the impact.”

To counter these risks, Qrator Labs recommends that organisations strengthen their incident response plans, invest in advanced DDoS mitigation solutions, and perform regular stress tests on their infrastructure to develop long-term resilience against increasingly large and sophisticated attacks.

By fLEXI tEAM