All
Cart0 item(s) - 0.00€ 0

  • Your shopping cart is empty!

Research and Studies

RESEARCH
AND STUDIES

24/7 security monitoring.
Your website may look functional, but is it secure?

 

 

 

Trends and Threats in Cybersecurity

 

 

1. State-Sponsored Attacks and Hybrid Warfare

France has officially accused the Russian group APT28 (also known as Fancy Bear) of cyberattacks against government organizations and the 2024 Paris Olympics. These attacks are part of a broader hybrid warfare strategy, aimed at gathering intelligence and destabilizing Europe. (WSJ)

2. Government Collaboration with Cybercriminals

According to a Microsoft report, authoritarian regimes such as Russia, China and Iran are collaborating with cybercriminal groups to carry out attacks against the United States and its allies. This collaboration enhances the scale and effectiveness of the attacks. (AP News)

3. Threats to Aviation Security

The aviation industry is facing increasing threats, such as attacks on GPS systems and coordinate spoofing, which can cause serious accidents. These attacks are attributed to state actors and highlight the need to strengthen cybersecurity in the aviation sector.

4. Growing Attacks on Critical Infrastructure

Cooperation between government agencies and cybercriminals has led to increased attacks on critical infrastructure, such as utility networks and transportation. These attacks jeopardize the security and operation of essential services. (Axios)

Best Practices for Protection

The "Never Trust, Always Verify" approach becomes essential. Implementing a Zero Trust architecture involves strict user and device identification, restricted access, and constant monitoring.

Η MFA προσθέτει ένα επιπλέον επίπεδο ασφάλειας, απαιτώντας περισσότερες από μία μορφές επαλήθευσης για την πρόσβαση σε συστήματα και δεδομένα. Αυτό μειώνει σημαντικά τον κίνδυνο μη εξουσιοδοτημένης πρόσβασης.

Human weakness remains one of the main factors in successful attacks. Regular staff training to recognize threats, such as phishing, is critical to enhancing security.

Keeping systems and software up to date with the latest security patches is crucial to preventing exploitation of known vulnerabilities.

Having a well-defined security incident response plan allows for rapid and effective response to attacks, reducing impact and recovery time.

Perspectives and Challenges

The evolution of artificial intelligence (AI) presents both opportunities and challenges for cybersecurity. While AI can enhance threat detection and response, it can also be used by attackers to develop more sophisticated attacks. Adopting responsible AI practices and continuously monitoring developments are essential to addressing these challenges.

Conclusions

Studies and surveys from 2023 and 2024 highlight the need for constant vigilance and adaptation to new cybersecurity threats. Adopting best practices, investing in cutting-edge technologies, and training staff are key elements to protecting organizations from ever-evolving threats.

The Windows vulnerability

CVE-2024-49112 is a critical remote code execution (RCE) vulnerability in Microsoft Windows' Lightweight Directory Access Protocol (LDAP). It was discovered by security researcher Yuki Chen and publicly disclosed by Microsoft in December 2024. The vulnerability is rated 9.8/10 on the CVSS scale, indicating the highest possible risk.

What is the CVE-2024-49112

The vulnerability concerns an integer overflow error in LDAP, which could allow a remote, unauthenticated attacker to execute arbitrary code within the LDAP service. This can lead to complete compromise of a Domain Controller or other critical systems.

Which systems are affected

The vulnerability affects multiple versions of Windows, including:

  • Windows 10 (versions 1507, 1607, 1809, 21H2, 22H2)
  • Windows 11 (versions 22H2, 22H3, 23H2, 24H2)
  • Windows Server 2008 SP2, 2008 R2 SP1, 2012, 2016, 2019, 2022, and 2025

The full list of affected versions is available in Microsoft's official guide at msrc.microsoft.com.

How attackers exploit the vulnerability

Exploitation can be done in two main ways:

1. Against Domain Controllers:

The attacker sends specially crafted Remote Procedure Calls (RPCs) to cause the target to lookup its own domain.

2. Against LDAP clients:

The attacker tricks the user into connecting to a malicious LDAP server or performing a domain controller lookup for the attacker's domain.Trend Micro
SafeBreach Labs has published a proof-of-concept (PoC) tool, known as "LDAPNightmare", which can crash unpatched Windows Servers without the need for authentication.

What you should do

Microsoft has released security updates to address the vulnerability. Please ensure that all systems are updated with at least the December 2024 updates.

To ensure that your systems remain protected from future vulnerabilities.

Check for suspicious CLDAP referral responses, DsrGetDcNameEx2 calls, and DNS SRV queries.

Ensure that intrusion detection and prevention tools (IDS/IPS) are up to date to detect potential exploits of the vulnerability.

Possible problems after updating

Some administrators have reported issues with features such as Self-Service Password Reset (SSPR) and Entra Connect after the updates were applied. These issues appear to be related to changes in how the updates handle legacy LDAP commands.

Useful links

  • Microsoft Security Update Guide for CVE-2024-49112
  • Proof-of-Concept tool "LDAPNightmare" by SafeBreach Labs
  • Vulnerability Analysis by Trend Micro

Critical Vulnerabilities in Windows Server and Data Centers

  1. CVE-2024-43574 – Use After Free in Windows Server 2022
    This vulnerability concerns a "use-after-free" error, which could allow an attacker to execute arbitrary code or cause a system crash. Microsoft has released a patch to address it.
  2. CVE-2024-43589 – Heap-based Buffer Overflow in Windows Server 2019
    This vulnerability allows an attacker to execute arbitrary code via a buffer overflow in heap memory, leading to a possible complete system compromise.
  3. CVE-2024-43592 – Improper Input Validation in Windows Server 2019
    This vulnerability allows attackers to execute arbitrary code due to insufficient input validation, compromising the integrity of the system.
  4. CVE-2024-43575 – Uncontrolled Resource Consumption in Windows Server 2019
    This vulnerability could lead to a denial of service (DoS) attack via uncontrolled resource consumption, rendering the server unavailable.
  5. CVE-2024-43607 – Heap-based Buffer Overflow in Windows Server 2019
    Similar to CVE-2024-43589, this vulnerability allows arbitrary code execution via a buffer overflow in heap memory.
  6. CVE-2023-35638 – Denial of Service in Windows Server 2019
    This vulnerability allows attackers to cause a denial of service (DoS) by sending specially crafted packets, leading to exhaustion of system resources.
  7. CVE-2022-21907 – Wormable RCE via HTTP.sys
    This vulnerability allows remote code execution via the HTTP Protocol Stack (http.sys), making it particularly dangerous due to its "wormable" propagation potential.
  8. CVE-2025-21389 – DoS via upnphost.dll
    This vulnerability allows attackers to cause a denial of service (DoS) by sending specially crafted packets to the upnphost.dll component, affecting the availability of network services.

Historic Vulnerabilities with a Significant Impact

  • Zerologon (CVE-2020-1472)
    This vulnerability allows unauthenticated attackers to gain administrative access to Domain Controllers via the Netlogon protocol, making it one of the most severe vulnerabilities in Active Directory.
  • SIGRed (CVE-2020-1350)This vulnerability affects the Windows DNS Server and allows remote code execution via specially crafted DNS queries, with the potential for "wormable" propagation.

Recommendations for Administrators and Security Managers

  • Apply Updates: Ensure all systems are up to date with the latest Microsoft security patches.
  • Restrict Access: Restrict access to critical services such as LDAP, DNS, and RDP to authorized users and networks only.
  • Monitor and Detect: Use monitoring and detection tools to identify suspicious activity and potential exploits.
  • Review Security Policies: Review security policies and Active Directory settings to ensure the minimum necessary access.

 

Contact us for a free initial security check +30 6933004481, +30 6907398841, 210 5232814 -5232098 or fill out the contact form.

Cybersecurity Services Athens - Cybersecurity Experts Greece.

Cybersecurity Services Athens - Cybersecurity Experts Greece.

Cyberattacks in Greece

Cyberattacks on Public Bodies and Infrastructures

Hackers breached employee computers, extracting 1.2GB of data. The stolen files were mainly administrative documents, without affecting any personal information of citizens. (Business Daily)

The NoName057 group, which is allegedly close to the Kremlin, carried out DDoS attacks on nine Greek entities, including the metro, the port and the international airport of Thessaloniki, as well as the Ministry of Infrastructure and Transport. (Business Daily)

A well-targeted and organized DDoS attack caused excessive system load, making it extremely difficult to deal with. (Business Daily)

The Parliament's IT Department reported attempts to intercept emails from 60 MPs' and staff accounts. During the same period, three major hospitals in Attica (Sotiria, Asklepieion and NIMT) were subjected to cyberattacks. (Business Daily)

Attacks on Corporations and Organizations

  1. ELTA (2022)
    They were attacked by ransomware, resulting in the leakage of corporate documents and personal data on the dark web. (Business Daily)
  2. DESFA (2022)
    The Ragnar Locker group carried out a ransomware attack, with the Administrator stating that it will not negotiate with cybercriminals. (Business Daily)
  3. ETAD (Late 2023)
    They were attacked by ransomware, with limited impact on official functions due to immediate response. (Business Daily)
  4. Aegean University (2023)
    The Lockbit group attacked the university, with files being published on the dark web, although they were of little value. (Business Daily)
  5. Byte and Papaki.gr (2023)
    Byte was attacked by ransomware, while Papaki.gr detected unauthorized third-party access to its systems. (Business Daily)

Επενδυσεις σε Data Centers στην Ελλαδα

Despite cyberattacks, Greece attracts significant investments in data centers:

  • Microsoft: Construction of three data centers in Attica, with an investment of 976 million euros. (InfoCom)
  • Google: Plans three data centers in Attica, with an investment of 2.2 billion euros, creating 19,400 jobs by 2030. (Kathimerini)
  • Digital Realty (via Lamda Hellix): Already operates three data centers in Athens and is building Heraklion-1 in Crete, with planned operation in the first quarter of 2025. (Revelations)
  • Lancom: Has three privately owned data centers in Athens and Thessaloniki and is investing in a new center in Heraklion, Crete. (Economic Post)
    These investments strengthen Greece's position as a data hub in Southeast Europe. (Liberal)

Cyberattacks on businesses

Cyberattacks on businesses across a range of sectors, including supermarkets, industries and large corporations, both internationally and in Europe, have caused serious disruptions to operations, financial losses and, in some cases, leaks of sensitive data.

Attacks on Supermarkets and Retail

Marks & Spencer (M&S) – United Kingdom
In April 2025, M&S suffered a major cyberattack that lasted over a week. The attack, attributed to the "Scattered Spider" group, caused contactless card payments to be disrupted, online orders to be suspended and product shortages to occur in stores. The company reported sales losses of around £3.8 million per day and a drop in its stock market value of almost £700 million. (Financial Times)

Co-op – United Kingdom
A few days after the attack on M&S, the Co-op chain was hit by an attempted cyberattack. As a precautionary measure, it disabled parts of its IT network, affecting functions such as virtual offices and customer service centres. However, stores and deliveries continued to operate as normal. (Reuters)

Ahold Delhaize – US
Dutch company Ahold Delhaize reported a cyberattack that affected its US chains, including Giant Food and Hannaford. The attack caused network outages and a temporary suspension of operations, although physical stores continued to serve customers. (eucif.org)

Attacks on Industries and Large Enterprises

Targus – USA
In April 2024, Targus, a company known for its computer accessories, was attacked by a ransomware attack by the Red Ransomware group. The attack caused disruptions to its business operations and a data leak. (ics-cert.kaspersky.com)

Lemken – Germany
German agricultural machinery company Lemken suffered a cyberattack in May 2024 that affected its global operations, causing disruptions to production and parts orders. The company temporarily suspended all of its IT systems to contain the attack. (ics-cert.kaspersky.com)

Crown Equipment – ​​USA
Crown Equipment, a forklift manufacturer, was attacked by a cyberattack that disrupted its production operations in the US and Germany. The attack resulted in the leakage of sensitive employee personal data. (ics-cert.kaspersky.com)

Attacks in the Agri-Food Sector

The agri-food sector has been the target of increasing cyberattacks:

  • In 2021, JBS S.A., the world’s largest meat producer, suffered a ransomware attack that disrupted its operations in the US, Canada and Australia. The company paid a ransom of $11 million to restore its systems. (Wikipedia)
  • In 2022, HP Hood Dairy, owner of Lactaid, suffered a ransomware attack that shut down all of its factories. (Forbes)
  • In 2023, companies such as Dole, Sysco and Mondelez suffered significant cyberattacks that disrupted their operations. (Forbes)
  • In the first quarter of 2024, 40 incidents of cyberattacks were reported in the US agri-food sector. (Forbes)

Statistics

Cyberattack Statistics in Greece

  • In the first quarter of 2024, 1,104 cyberattacks were recorded, marking a 43% increase compared to the same period in 2023. (902.gr)
  • These attacks include financial fraud, malware attacks, phishing, as well as attacks on critical infrastructure and government services. (902.gr)

Attacks on Enterprises and Organizations

While there are no published details of specific attacks on Greek businesses, the general increase in cyberattacks suggests that the private sector has also been affected. These attacks can include data breaches, ransomware attacks and other forms of digital threats.

Recommendations for Strengthening Cybersecurity

To address the growing threats, the following measures are recommended:

1. Software Update:

Keep all systems and applications up to date with the latest security patches.

2. Staff Training:

Train employees to recognize and avoid phishing attacks and other social mechanisms.

3. Secure Access Practices:

Implement strong password policies and, where possible, multi-factor authentication (MFA).

4. Backups:

Keep regular backups of critical data and test the recovery process.

5. Risk Assessment:

Conduct regular risk assessments to identify and address potential vulnerabilities.

Cyberattacks at Microsoft Windows

Known vulnerabilities in the HTTP.sys component of Microsoft Windows that could allow a remote attacker to cause a denial of service (DoS) or even remote code execution (RCE). These vulnerabilities are particularly critical, as HTTP.sys is a core Windows kernel component responsible for handling HTTP requests, and is used by services such as Internet Information Services (IIS).

Main Vulnerabilities in HTTP.sys

  • Description: This vulnerability allows a remote attacker to execute arbitrary code by sending specially crafted HTTP requests to a vulnerable system.
  • Affected Systems: Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012, and 2012 R2.
  • CVSS Score: 10.0 (Critical)
  • Impact: Successful exploitation could lead to complete control of the system by the attacker.
  • Fixes: Microsoft released the relevant patch in April 2015. (Microsoft Learn)

  • Description: This vulnerability allows an unauthenticated attacker to cause a buffer overflow by sending specially crafted HTTP packets, leading to arbitrary code execution or denial of service.
  • Affected Systems: Windows 10 (versions 20H2, 21H1, 21H2), Windows 11, Windows Server 20H2, Windows Server 2022.
  • CVSS Score: 9.8 (Critical)
  • Impact: The vulnerability is considered "wormable", meaning it can be used to automatically spread malware between vulnerable systems without human intervention.
  • Fixes: Microsoft released the relevant patch in January 2022. (Sangfor Technologies)

  • Description: This vulnerability allows a remote attacker to cause a denial of service or execute arbitrary code via specially crafted HTTP requests.
  • Affected Systems: Windows 10, Windows Server 2019, Windows Server 2022.
  • CVSS Score: 9.8 (Critical)
  • Impact: The vulnerability could lead to a system crash (Blue Screen of Death) or arbitrary code execution.
  • Fixes: Microsoft released the relevant patch in May 2021.

Recommendations for Protection

  1. System Update: Apply all available security updates from Microsoft immediately to fix known vulnerabilities.
  2. Disable Vulnerable Features: If you are not using specific features such as HTTP Trailer Support, consider disabling them via the registry.
  3. Restrict Access: Restrict access to services that use HTTP.sys to only trusted networks and users.
  4. Network Monitoring: Use monitoring tools to identify unusual activity that may indicate exploitation attempts.
  5. Staff Training: Educate IT staff on the latest threats and best practices (Sangfor Technologies)

Cyberattacks on B2B eshops with ERP

In today's B2B world, many retail and wholesale businesses rely on e-shops connected to ERP systems such as SoftOne, Epsilon Net, Megasort, etc. to automate ordering, invoicing, and inventory management. This "bridge" between the two systems is a critical point of operation — but also a potential gateway for cyberattacks.

Vulnerabilities & Protection Tips

Vulnerabilities in eShop (Frontend or Backend):

  • Poor session cookie management → Stealing B2B customer identities.
  • Insecure APIs for communication with ERP → Injection attacks (SQL/Command).
  • Insufficient control of incoming data (XSS, CSRF).
  • Admin panel exposed to the internet without MFA.

Vulnerabilities in ERP (ERP-to-Web interface):

  • Insufficient encryption during data transfer (SSL/TLS misconfiguration).
  • Use of shared users or default credentials.
  • ERP software without security updates.
  • Access to ERP from eshop without firewall or VLAN segregation.

Vulnerabilities in the "Bridge" (synchronization):

  • Synchronization with XML or FTP files without source control.
  • Lack of change/access control in APIs.
  • Custom development bridge without security code or logging.

  • Ransomware that entered via eshop plugin and encrypted ERP Server.
  • Data leakage from B2B eshop to customers with access to other customers' price lists.
  • Man-in-the-middle attacks when there was no proper HTTPS implementation.
  • Malicious order via REST API that created fake documents in ERP.

eShop Enhancement:

  • Enable SSL with HSTS.
  • 2FA (Two-Factor Authentication) support for admin and B2B users.
  • Restrict access to the admin panel with IP Whitelisting.
  • WAF (Web Application Firewall) such as Cloudflare or ModSecurity.

Security in the "Bridge":

  • Use REST API with Token-based authentication or OAuth2.
  • Data encryption in transit (TLS 1.3).
  • Logging of every action that passes through the ERP bridge.
  • Rate Limiting and protection from Brute Force attacks.

ERP Security (e.g. SoftOne, Epsilon Net):

  • Updated patches and checking for CVE vulnerabilities.
  • Infrastructure separation (VLAN for ERP, DMZ for eshop).
  • Audit logs enabled and regularly checked.
  • No access to ERP directly from the Internet – use VPN.
  • Enable MFA for ERP users where supported.

  • Perform regular penetration testing on the bridge.
  • Establish a CI/CD pipeline with static code analysis.
  • Do not store credentials in plain code or config files.
  • Use a reverse proxy (e.g. nginx) to control requests to ERP API.

  • Eshop-ERP Security Audit (Penetration Test & CVE Scan).
  • ERP staff training for cybersecurity.
  • API/Bridge transaction logging and monitoring.
  • Notification system for unauthorized price or stock changes.

Conclusion

The eShop – ERP interface can become a development tool, but also a vulnerable point for cyberattacks. With the right technical and organizational practices, you can ensure data integrity and protect your business from threats.

How Hackers Steal Data

In the era of digital transformation, B2B businesses that operate through an online store and interface with ERP software (such as SoftOne, Epsilon Net, Megasort) are an ideal target for cyberattacks. Behind every automated order or inventory synchronization, lies a huge volume of valuable data that cybercriminals want to acquire.

Why are they targeting B2B businesses with ERP;

  1. High value data
    Complete B2B customer data (name, address, VAT number, price lists).
    Order information, discounts, agreements.
    Access to financial data and banking transactions via ERP.
  2. Automatic data flow = potential security “holes”
    Many of these businesses interconnect ERP and eShop without strong encryption or firewall.
    Use of APIs without authentication or rate limiting.
  3. Usually without adequate IT infrastructure
    Many small and medium-sized B2B businesses do not have specialized IT or Cybersecurity staff.

How are the attacks done?

  • Man-in-the-middle attacks on poorly secured ERP – eShop connections.
  • Stealing credentials via phishing or malware on employee devices.
  • Exploiting vulnerabilities in Windows server platforms, such as http.sys, for remote access.
  • Malicious orders that exploit backend weaknesses.
  • Posting fake API requests to extract data from the ERP.

What can be stolen?

  • The entire customer and supplier database.
  • Sensitive commercial data such as wholesale prices, credit limits.
  • Invoicing documents and financial transactions.
  • Administrator and ERP account passwords.

What should B2B businesses do

  1. Security check on the “bridge” eShop – ERP
    Use of Token-based APIs or VPN protection.
    Logging and monitoring of each interface.
  2. Employee training
    Identification of phishing emails.
    Secure use of ERP and web applications.
  3. Proactive check for CVEs
    Regular scanning for known vulnerabilities such as the recent CVE-2024-49112 or previous ones in Windows http.sys.
  4. Security strategy with firewall and WAF
    Restriction of access to ERP via whitelist IPs.
    Web Application Firewall for eShop.

Conclusion

Cybercriminals are increasingly targeting businesses that “run” valuable data in the background, such as B2B eShops with ERP. If action is not taken today, a breach is only a matter of time. Don’t let them in through the back door. Shield your data before you lose it.

How Hackers Target Industries and Crafts through ERP.

Modern industry and crafts are no longer just a matter of machines and raw materials. They are digitalized, interconnected and vulnerable. With the use of ERP systems such as SoftOne, Epsilon Net, Megasort for production, distribution, orders and warehousing, businesses in the secondary sector are becoming a high-value target for cybercriminals.

  1. Sensitive commercial data
    Production recipes, material costs, product codes, suppliers.
    Order details from large customers (B2B).
    Production plans and schedules – ideal targets for espionage.
  2. Infrastructures with incomplete digital security
    Old or incomplete network models.
    Disconnected ERP, SCADA, IoT systems that do not communicate securely.
  3. Absence of IT staff in small & medium-sized units
    Very often, security remains the responsibility of an external accountant or technician.

  • Intrusion via Windows server and http.sys vulnerabilities (such as CVE-2024-49112) that remain unprotected on internal networks.
  • Targeted phishing emails to accounting or production managers.
  • Malicious access to ERP via remote workers without VPN.
  • Malware introduction via USB or printers into storage areas.

  • Production trade secrets (recipes, machine settings).
  • Supplier financial data & contracts.
  • Customer data – B2B & government agencies.
  • Use of your infrastructure for attacks on third parties (Botnet use).

  1. Secure ERP - production interface
    Connection via secure VPN.
    Data encryption and access restriction.
  2. Firewall and http.sys port control
    Windows Server update.
    Web Application Firewall activation.
  3. Network separation
    Separate network for IoT, ERP, production and internet browsing.
  4. Staff training
    Simple guide to safe use of ERP and computers in production.
    Non-acceptance of suspicious files or emails.

  • Attacks on factories and industries worldwide have increased by 87% since 2021.
  • In Greece, there have been recorded incidents of attacks on manufacturing, food, paper, and export companies that rely on ERP.

If you think "who cares about us", then you may already be a target. Hackers don't just target multinationals. If you have an ERP system and valuable data, you're in the crosshairs. Don't let them get into your factory through a forgotten Windows server or an "innocent" email.

Hackers Target Medical Centers and Clinics

Healthcare is evolving, but so are the threats. Today, medical centers, diagnostic laboratories, polyclinics, private clinics and hospitals are on the front lines of cyberattacks. Medical data is more valuable than banking data, and hackers know it.

Why are health facilities being targeted?

  1. Sensitive personal data
    Medical history, diagnoses, medications, tests.
    Social security number, contact details and financial information.
  2. ERP – HIS – LIS systems with insufficient security
    Many medical systems are not updated frequently or operate on old versions of Windows.
    Internal networks without firewall or separation.
  3. Human error – phishing
    Medical staff focus on the patient, not on email or password security.

Types of attacks that have been observed

  • Ransomware (encryption of files with ransom demand).
  • Theft of medical files and leakage on the dark web.
  • Attacks through vulnerabilities in Windows servers or http.sys (such as CVE-2024-49112).
  • Fake emails from "EOPYY" or "Ministry of Health" to install malware.

What risks does a medical center face?

  • Violation of GDPR → fines up to 2-4% of turnover.
  • Loss of trust from patients & partners.
  • Operation outage for days.
  • Used as a "bridge" for attack on public organizations.

What should health facilities do:

  1. Secure access to medical information systems (HIS/LIS/ERP)
    VPN for remote users.
    Access rights only for authorized personnel.
    Communication encryption.
  2. Modern Firewall & Antivirus on all workstations
    Especially at reception, secretariat and accounting points.
  3. Backups & off-network storage
    Daily, with read control.
  4. Staff training
    Phishing email recognition, use of strong passwords, non-disclosure policy.
  5. Regular updates (patches) on Windows Server, http.sys, Office
    Vulnerabilities in Windows and IIS services are a common entry point (e.g. CVE-2024-21410, CVE-2024-49112).

Did you know that:

  • A medical record is worth €50-100 on the dark web, compared to €1 for a credit card.
  • In 2023, a Greek private hospital was attacked by Ransomware, encrypting examination files and financial data.
  • In 2024, attacks were carried out on small private clinics and laboratories in Attica and Thessaloniki, targeting ERP-Accounting connections.

Conclusion

Your medical center may have modern equipment, but if it doesn't have a modern digital shield, then it's exposed. Hackers don't care about the size of the clinic - they care about the lifeblood of your data.

Hackers Target shipping, cruise and travel agencies.

Shipping and travel agencies have become undisputed pillars of the global economy, however, as they increasingly rely on digital systems to manage ships, reservations and international transport, they are exposed to cyberattacks that put both customer data and their operations at risk.

Why are they targeting shipping and travel agencies?

  1. Sensitive customer and cargo data
    Booking details, personal data of passengers and organizations.
    Invoices, conditions of carriage, shipping contracts, cargo data.
  2. Interconnected systems and networks
    Booking, payment and fleet management systems with connection to third-party providers.
    Booking websites, online payments, mobile apps.
  3. Supply chain security
    Use of IoT and SCADA systems to monitor ships, cargo, and goods, which makes shipping companies vulnerable.

What attacks have been recorded in the shipping industry?

  • Ransomware on shipping companies, encrypting critical data such as ship plans, itinerary information, customer data.
  • Phishing attacks via emails pretending to be from shipping organizations or travel agencies, aiming to obtain money or passwords.
  • Leakage of trade secrets and shipping information on the Dark Web.
  • Attacks on IoT devices used for fleet monitoring, allowing hackers to gain access to critical data on ships and cargo.

What are the consequences for shipping and travel agencies?

  1. Loss of trust from customers and partners
    Customer data is the A and Z for shipping and travel companies. Its leakage can mean the loss of important customers and partnerships.
  2. Fines for violating GDPR regulations and other international regulations.
    Personal passenger data, such as AMKA or passports, require strong protection.
  3. Slowdown or shutdown
    Disruption of reservations, fleet management, collections and payments due to the attack.
  4. Risk of sending malicious cargo due to the insecurity of management systems.

What are the solutions and protection measures for shipping and travel companies?

1. Strengthen IT and network security

Use VPN and strong firewalls to protect internal systems and communication networks. Ensure the security of ERP, reservation systems and applications that communicate with third parties.

2. Secure data storage and encryption

All customer and merchandise data must be encrypted and stored securely in data centers with ISO/IEC 27001 certifications. Backup of critical data with encryption and restore off-site.

3. Staff training

Continuous training on phishing and social engineering techniques used by hackers. Policy on the use of strong passwords and multi-factor authentication.

4. System Upgrade and Maintenance

Regularly upgrade Windows servers, applications, and ERP systems to protect against known vulnerabilities. Implement the latest version of software and security codes.

5. Secure ship and cargo data management via IoT

Use encrypted systems for fleet monitoring and cargo management. Ensure that SCADA systems and IoT devices are properly protected.

Did you know that:

  • In 2023, a shipping company in South Korea was hit by a ransomware attack, resulting in the encryption of 30% of its data and the suspension of shipping for 48 hours.
  • Travel agencies worldwide have been hit by attacks targeting customers' reservations and credit card information.

Conclusion

Shipping and travel companies are extremely vulnerable to cyberattacks, mainly due to their continued reliance on technology to process customer and cargo data. By using the right security measures and enhancing staff training, the industry can drastically reduce risks and protect both customer data and its reputation.

Hackers target brokerage and insurance companies

Brokerage and insurance companies, as well as insurance agents, handle highly sensitive data, such as personal customer information, financial statements, insurance policies, and financial transactions. Because of this data, this sector is one of the most attractive targets for cyberattacks. From phishing attacks to ransomware and data breach issues, the need for cybersecurity strategies is more urgent than ever.

  1. Sensitive financial data
    Customer details (e.g. VAT numbers, bank accounts, investments).
    Insurance policies, financial statements and other high-value documents.
  2. Valuable targets for ransomware attacks
    Brokerage and insurance companies are often targets of ransomware attacks due to the large volume of money they handle and the criticality of their data.
  3. Excellent connectivity and external partnerships
    Connection with third-party service providers, partners and external entities. These partnerships increase vulnerabilities and the possibility of attack through interconnected systems.
  4. Physical security and governance management
    Managing customer and investment data must comply with regulations such as GDPR and MiFID II, increasing the risk and consequences in the event of a breach.

  1. Ransomware attacks
    An attack on a brokerage firm that resulted in the encryption of financial data and the demand for large sums of money to restore the data.
  2. Phishing and spear-phishing attacks
    The attack targeted staff and partners to gain access to systems and steal credentials.
  3. Personal data breaches
    External attacks that exploited vulnerabilities in corporate systems to gain access to personal customer data.
  4. Attacks via third-party partners
    Intrusion into interconnected networks via insurance product service providers or brokerage platforms.

  1. Loss of trust and customers
    A data breach can lead to a loss of trust from customers, partners and shareholders, causing significant financial loss.
  2. Financial damages and fines
    Fines from the Data Protection Authority for violating the GDPR, as well as financial losses due to suspension of transactions or legal claims.
  3. Slowdown of operations and transactions
    Delay in executing transactions, restoration of platform operation or suspension of the payment system.
  4. Legal consequences
    Disputes and lawsuits from customers, partners or other entities for failure to fulfill regulatory obligations.

  1. Secure ERP - production interface
    Connection via secure VPN.
    Data encryption and access restriction.
  2. Firewall and http.sys port control
    Windows Server update.
    Web Application Firewall activation.
  3. Network separation
    Separate network for IoT, ERP, production and internet browsing.
  4. Staff training
    Simple guide to safe use of ERP and computers in production.
    Non-acceptance of suspicious files or emails.

  1. Upgrade the security of IT systems
    Use of strong firewalls, VPNs and built-in protection systems to ensure the integrity of customer data and financial information.
    Constant upgrade of all ERP systems, CRM platforms and insurance management applications.
  2. Identify and protect against Ransomware
    Securely backup data to remote data centers with encryption.
    Implement recovery procedures to limit recovery time in the event of a ransomware attack.
  3. Train staff and partners
    Regular training on phishing, social engineering and good cybersecurity practices.
    Teach the importance of multi-factor authentication (MFA) to ensure access to critical data.
  4. Strengthen the security of interconnected systems
    Adopt secure protocols to protect APIs used in interfaces with third parties.
    Use of VPN and other encrypted communication channels to interface with partners.
  5. Data management strategy and regulatory compliance
    Continuous monitoring for compliance with GDPR and other regulatory requirements related to the protection of customer personal data.
    Implementation of access policies and risk assessments for data protection.

  • In 2023, an insurance company was successfully phished, resulting in the forgery of insurance policies and the embezzlement of a large amount of money.
  • Brokerage firms around the world are particularly vulnerable to ransomware attacks, with hackers attempting to steal sensitive financial data or disrupt trading operations.

The protection of data and the security of systems are of critical importance for financial and insurance companies. The development of a strong cybersecurity strategic plan, employee training, and the adoption of appropriate technological tools can significantly help reduce risks and protect the reputation and financial interests of businesses.

Hackers Target Business Customers

In the digital information age, data is a valuable asset for any business, especially in the e-commerce sector. For cybercriminals, the most desirable “loot” is not just personal information, but customer lists, a goldmine of data that can be sold and used for financial gain. Customer list theft through cyberattacks has become a profitable industry, with hackers attacking businesses to gain access to key data, such as names, addresses, payment details, and other sensitive customer information. But what exactly happens after this data is stolen? The answer is simple: selling the customer lists to other businesses, usually those involved in e-commerce.

Why are hackers targeting the customer base?

Cybercriminals understand the importance of customer base to e-commerce businesses. Here are some of the reasons why customer lists are a prime target for cyberattacks:

  1. High value of data
    Customer lists include information that can be used for commercial purposes: advertising messages, targeted campaigns, and other marketing strategies. Hackers understand that this information is of high value and can be sold to other companies or used for future attacks.
  2. Easy sale on the dark web
    Customer data can be easily sold on dark web marketplaces or made available to competing e-commerce businesses, who are looking for targeted customer lists to expand their base. In many cases, hackers sell the data in large quantities and at low prices, which makes it tempting for businesses.
  3. Strategy for expanding customer lists
    For e-commerce companies, acquiring new customers is a constant challenge. Acquiring a ready-made customer base through illegal channels may seem like an easy solution for rapidly expanding the market. This creates a breeding ground for a “black market” of customer bases, while at the same time exposing companies to enormous cybersecurity risks.

The Battle for Customer Expansion in the E-Commerce Sector

The battle to expand the customer base is fierce, as e-commerce businesses constantly strive to acquire new customers and increase their sales. However, the “ease” of acquiring customers through illegal channels exposes these businesses to enormous risks. This practice creates a vicious cycle, as hackers steal and sell data, while businesses ignore the risks and put their customers’ sensitive data at risk in order to achieve faster business growth. Expanding the customer base through e-commerce may seem attractive, but businesses must understand that the risk of data leakage and involvement in illegal transactions can have serious legal and financial consequences.

How to Protect Yourself from Customer Theft: Tips for Businesses

  1. Strengthen your systems’ security
    Use modern firewalls, data encryption, and modern security tools to prevent attacks.
  2. Staff training
    Regularly train your employees on how to recognize phishing attacks, manage passwords, and use company tools securely.
  3. Use Multi-Factor Authentication (MFA)
    Strengthen the security of your customer and employee accounts with MFA to prevent unauthorized access.
  4. Evaluate and audit your third-party tools
    Ensure that all tools and services you use (such as CRM or ERP systems) are secure and comply with data security standards.
  5. Restrict access to sensitive data
    Restrict access to customer and user data to only authorized individuals and use role-based access control.
  6. Regular reviews and updates
    Perform regular security reviews on your systems and update passwords and data protection systems.

Conclusion

The risk of falling victim to customer account theft is not only about protecting your customer data, but also about the reputation and legitimate operation of your business. E-commerce attacks that focus on customer account theft put your business and its continued operation at immediate risk. Protecting your customer account is essential for the security of your business, your customers, and your revenue. For this reason, developing a strong cybersecurity strategy is crucial to growing and protecting your business in the digital world.

SQL Injection & XSS Protection

Ασφάλεια βάσεων δεδομένων και κώδικα.

Web Application Security

Cyber security για ιστοσελίδες.

Προστασία από Hacking, SQL Injection και Cross-Site Scripting (XSS)

Προστασία web εφαρμογών και e-shop από επιθέσεις.

There are no products to list in this category.

Continue