The State Service of Special Communication and Information Protection of Ukraine: War in Ukraine: Pulse of Cyber Defense – analytics, September–December 2022.
The largest since World War II, war on the European continent continues not only on the land and in the air, but also in cyberspace. The State Service of Special Communication and Information Protection of Ukraine is responsible for the standards of cybersecurity in the country and takes an active part in its defense. The lessons of this war are extremely important for enhancing the protection of democratic states attacked by aggressive countries like russia.
In this regard, the SSSCIP initiates making available a public analytical report on the state and means of cyber defense. The SSSCIP CyberHub will make public its data and conclusions that may be used by the global cyber community for their own defense.
Overall statistics of cyber incidents and cyberattacks registered and investigated by the Computer Emergency Response Team for Ukraine (CERT-UA) has reached 2,100 over the year and above 1,500 since the beginning of the full-scale military invasion. It is not military but civil infrastructure that has been the primary target for russian hackers throughout the year.
- The primary goals of russia’s attacks on Ukrainian cyberspace are the following: 1. espionage (obtaining intelligence as regards logistics, armaments, plans and operations of the Security and Defense Forces). This is why the adversary tries to remain as discreet as possible, while retaining access to and presence in Ukrainian commercial IT systems and public institutions for as long as possible; 2. PsyOps and fake information aimed at undermining public confidence in capabilities of the public authorities, the Security and Defense Forces, and spreading panic among the people; 3. Maximum destructive effect, i.e. attempts to disable critical information infrastructure facilities, deprive citizens of access to public, banking services, etc.
- What is Targeted by russian hackers: The public sector traditionally ranks first by cyberattack quantity, accounting for about one fourth of all the cases investigated by the Computer Emergency Response Team for Ukraine (CERT-UA) both throughout the year and during the reporting period; russian hackers’ focus remains on the energy sector with regard to consistency of their sectoral targets at the strategic level; CERT-UA detected an increasing number of attacks on the commercial sector early in the second half of the year. Besides, russian hackers keep attacking Ukrainian telecom sector and software developers.Attacks on the logistics sector in cyberspace come as a natural next step in supply chain disruption and affecting logistics capacities of critical equipment and means to both civil and military sectors
- How russian hackers attack: Usually, distribution of malware that steals data or destroys information systems is the most widespread tactics used by russian military hackers in Ukraine. Such attacks make up over a quarter of their total number and may be part of more complex and powerful operations.
- International cooperation: Ukraine is tightening cooperation with the U.S., the EU and other partners to build a collective cyber defense system against russia’s aggression in cyberspace. For instance, the SSSCIP continues active cooperation with the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE). A delegation of the National Cyber Security Directorate of Romania (DNSC) visited the SSSCIP. Members of the Internet 2.0 Inc. from Australia specializing in cybersecurity and cyber defense solutions, also visited the SSSCIP to share their experience and discuss joint initiatives, in particular, the introduction of a cyber security course for veterans. The SSSCIP representatives took part in a number of global cybersecurity events, where practical steps for protection from russia’s cyber aggression and tightening cooperation among the partners were developed: Cybersecurity Dialogue, Singapore International Cyber Week (SICW), the Second International Counter Ransomware Initiative Summit, 2022 Trust Services Forum, the Conference “Building societal resilience by raising public awareness of cyber threats and enhancing the role of cyber education,” held by the Polish 2022 OSCE Chairmanship-in-Office, etc.