Main Highlights: November 28 – December 12

Executive summary

On December 8, the 2022 final meeting of the National Cyber Security Cluster was held, dedicated to the war in cyberspace waged by russia against Ukraine.

Director of the Cyber Protection Department of the State Service of Special Communications Administration, Danylo Myalkovskii, reminded that a number of important laws were passed in 2022. Legislative changes, in particular, relate to active countermeasures against aggression in cyberspace, cloud services and placement of state information resources in the “clouds”, protection of Ukraine’s critical infrastructure. Work continues on other legal acts that will allow to regulate the response to various types of events in cyberspace, to strengthen the protection against cyberattacks of state information resources and objects of critical information infrastructure and others.

He also emphasized the strengthening of international cooperation. Among the reliable partners of the State Service of Special Communications are the US Cybersecurity and Infrastructure Security Agency (CISA), the European Union Agency for Cybersecurity (ENISA), the CERT-EU Computer Emergency Response Team. Efforts to counter cyber threats are joined with many European countries – Romania, Poland, etc. ¹

After February 24, the world order has changed. The full-scale war waged by russia against Ukraine is being waged, including in cyberspace. Moreover, not only Ukraine is under the crosshairs of russian hackers, but also its allies – practically the entire democratic, civilized world. ²

Microsoft says that russia will intensify cyberattacks on Ukraine and its partners in the winter. Clint Watts, general manager of Microsoft’s Digital Threat Analysis Center, urged customers to prepare for new russian cyberattacks in a blog post on the company’s “About the Issues” blog. ³

An interesting observation regarding the cyberattacks on Ukraine is that russian cybercriminals have compromised the networks of many global organizations based in the UK, France, USA, Brazil and South Africa to conduct their cyberattacks through rerouting through their networks. ⁴

In general, russian cyberattacks turned out to be weaker than expected. “We expected much more serious consequences,” said Mike Eoyang, the Pentagon’s senior cyber officer. – russian cyber troops, like their regular army, turned out not to be as formidable as it was believed to be.

The main reason for russian failures was Ukrainian cyber defense. The head of Britain’s National Cyber Security Center (NCSC), Lindy Cameron, believes that the russian offensive was “probably the longest and most intense cyber campaign in history.” But as Jeremy Fleming, the head of the British Office of Government Communications, noted, Ukraine’s response was “perhaps the most effective in the history of cyber defense.” ⁵

Ukraine in Cyberspace

International interaction

The Google company provides a grant in the amount of 2 million US dollars and the support of the Google.org Fellowship for the development of digital education in Ukraine. The company will also provide 50,000 Google Workspace licenses for the government of Ukraine. This will ensure the protection and security of data for authorities, given the constant cyber threats. ⁶
The EU funded and supplied cyber lab equipment, security software and hardware to the Armed Forces of Ukraine as part of its ongoing support to Ukraine under the European Peace Fund. The cyber laboratory was opened on Friday in Kyiv.

Thanks to this support, Ukraine can build and develop the cyber defense capacity of its armed forces to detect intrusions into information systems, combat cyber attacks and strengthen their overall cyber security capabilities. ⁷

Deputy head of the State Service of Special Communications Viktor Zhora became one of the key speakers at the international Cybersecurity@CEPS Summit 2022, held in Brussels. He called on the international community to actively participate in building a global cyber security system. ²
State Service of Special Communications was visited by the US Deputy Secretary of State for Political Affairs Victoria Nuland, ⁸ as well as colleagues from the National Cyber Security Directorate of Romania (DNSC) ⁹

As part of the EU4DigitalUA project of the European Union, a cyber security training tour was organized for representatives of Ukrainian state bodies to Madrid to exchange experience on the implementation of the national cyber security strategy. ¹⁰

Development of the Cyber Sphere

From December 5 to 11, the Ministry Digital Transformation of Ukraine is holding a Digital Literacy Week aimed at raising the digital skills of Ukrainians, including in the areas of media literacy and cyber hygiene. ¹¹
In order to increase the cyber protection capacity of state institutions, the State Service of Special Communications, together with the EU project “Supporting the Comprehensive Reform of Public Administration in Ukraine” (EU4PAR) and the National Agency of Ukraine for Civil Service, conducted the first training for civil servants of category “A” on the development of cyber protection in state institutions. ¹²
The National Defense Hackathon 2022 was held in Ukraine – a large-scale event that brought together the best Ukrainian specialists in cyber security, combating disinformation, IT experts from the public and private sectors. And also – representatives of NATO and many international specialists. ¹³
State Service of Special Communications is reforming professional education of Ukraine in the field of cyber security by introducing the best global practices, which take into account the experience of the European Qualification Framework and the American Strategic Educational Initiative in the field of cyber security, meet the standards of the EU and the USAД. ¹⁴^,¹⁵
A series of practical cyber trainings took place on the basis of the UA30 Cyber Center Training operating under the State Cyber Defense Center of the State Service of Special Communications. ¹⁶^,¹⁷
Strategic-level command and staff exercises on cyber security were held in Kyiv. ¹⁸
The National Qualifications Agency held a large-scale International Forum “Human Capital: Security, Recovery, European Integration”. Representatives of the Government, ministries, state bodies, educational institutions, deputies, Ukrainian and international experts discussed the task of developing the National Qualifications System and its inclusion in the European Qualifications System. One of the panels of the Forum was devoted to professional qualifications in the field of security and defense – considerable attention was also paid to the issue of reforming the system of training professional personnel in the field of cyber security.¹⁹

Resistance to Cyber Attacks

At the “Information War of Ukraine” Forum, the deputy head of the State Service of Special Communications, Viktor Zhora, said that countering cyber threats and protecting critical infrastructure facilities are among the priorities of the State Service of Special Communications. ²⁰
Cyber security expert and CEO of “Hackcontrol.org” Mykyta Knysh said that it is currently impossible to hack the Ukrainian banking system, and if there are problems, they will be solved within 1-2 days. ²¹
The State Service of Special Communications strengthens and monitors the security of state information resources. Since the beginning of 2022, specialists of the State Cyber Protection Center, which operates under the State Service of Special Communications, have conducted 310 targeted scans of web resources in the .UA and GOV.UA zones. Scans made it possible to detect 1,784 vulnerabilities on 310 resources. Among them, vulnerabilities with a high level of criticality make up 16%, 63% of vulnerabilities have an average level of criticality, 21% of vulnerabilities have a low level of .²²

russia in Cyberspace

The government proposed to issue domestic security certificates to russian sites. ²³
The deputy of the State Duma of the russian federation Matveichev called for the creation of cyber troops in russia. ²⁴

Cyber attacks on Ukraine

Malware:

City halls and courts in the regions of russia were attacked by CryWiper encryption. ²⁵
A cyber attack on government organizations using the theme of Iranian Shahed-136 kamikaze drones and DolphinCape malware was recorded. ²⁶

Dos/DDos:

russian hackers attacked the website of the online publication “Detector Media”. ²⁷

Cyber attacks on russia

Deface:

On Tuesday, December 6, congratulations of defenders of Ukraine on Armed Forces Day appeared on russian websites. ²⁸

Data Breach:

Databases of two jewelry chains were merged into the network: UVI.RU and Adamas. The total volume of the Adamas leak is estimated at tens of millions of lines, and the uvi.ru database contains 53 thousand users and includes passwords and order information. ²⁹
Data on users of the “VkusVill” store became publicly available. The total amount of published information is 534 Mbytes in the form of 30 files in JSON format. ³⁰

IT ARMY of Ukraine:

During November, the IT army of Ukraine attacked more than 900 russian sites and online resources. ³¹ Among them:

military dealers and stores of drones and radio devices;
the central bank of the russian federation;
platform of pro-putin volunteers Dobro;
Alfa Bank;
Ozone;
urgent update of 1C;
tenders;
russian AI.