xorl %eax, %eax

BSides Athens 2020: Threat Landscape: Greece

leave a comment »

In June 2020 I got the opportunity to present at BSides Athens for the first time. As you can see in the agenda, the event had a wide variety of topics ranging from security engineering, to exploitation, case studies, and others.

In my case, I decided to do something to help me better understand what threats my home country is dealing with. So, I spent a few weekends in a period of 2-3 months to study this topic and the outcome was the presentation I did for that conference. You can find the slide deck here.

Of course, the slides themselves are not that useful since they lack the required context. However, BSides Athens recorded all the sessions and made them available through YouTube. This means that you can watch my talk here.

It’s always an honor being able to use your knowledge to give back something to your home country and hopefully that threat landscape provided some insights into the cyber threats that Greece had been dealing with and what this means for the future.

Now that we are almost a year after this presentation, it’s an excellent time to revisit some of the assessments that I made in the final section of the talk, and whether or not those actually reflect what’s happening.

  • In hacktivism my assessment was a medium risk of geopolitically motivated hacktivism movements with low sophistication (DDoS and website defacements) mainly from Turkish threat actorts due to the tensions in East Mediterranean region. This unfortunately was proven true with several such cases during August 2020, others in September 2020, and continuing to this day, clearly following geopolitical tensions between Greece and Turkey. This was reflected also at PwC’s “Cyber Threats 2020: A Year in Retrospective” report from December 2020.
  • Regarding cyber-crime I had assessed that there is medium risk mainly from non-targeted/commodity malware with the domestic activity being mainly around scams. As we can see in the news Greece was involved in some high-profile cyber-crime cases but not targeting Greece. In October 2020 the Hellenic Bank Association (HBA) issued a warning for increase of tech support scams in Greece.
  • Finally, on cyber-espionage due to the continuously increased tensions in East Mediterranean region I was assessing that there is a high risk of cyber-espionage operations mainly from Turkey, Russia, FIVE EYES and China targeting government entities but also specific industries such as telcos. Publicly available attribution is usually non-existent for those types of operations but in October 2020 one of the biggest telcos of Greece responded to a cyber-espionage operation, on September 2020 there were reports on APT35 (although allegedly with tasking from Turkish liaison officers) compromising personal accounts of Greek Navy officers, and even more recently, in March 2021 several Greek journalists started receiving a nation-state attack warning from Google Security that some government actor is trying to infiltrate in their accounts. If you have access to premium threat intelligence reporting it’s easy to validate my other assessments for cyber-espionage too but I was unable to find any public reports to attach here.

In conclusion, one side of me is happy that my threat landscape was quite accurate in the future assessment section, but on the other side I’d wished that none of that would have happened. In any case, I’d like to thank the BSides Athens team once again for giving me this opportunity and I’m looking forward to dive more into some of those specific threats against my home country in the future.

Written by xorl

April 2, 2021 at 16:22

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s