Key international and Ukrainian news in cybersecurity domain, January 2024

The United States keeps looking for effective ways to protect its own critical infrastructure, especially in the sectors that are currently under the most pressure – healthcare and water. In the healthcare sector, the situation is becoming particularly acute, with attacks against hospitals becoming commonplace, as well as patient data theft.

In January, we focused on the Ivanti Connect Secure vulnerability, which became a tool for cyber espionage activity by the Chinese UNC5221 group. This zero-day vulnerability is so potentially dangerous that CISA has issued an urgent directive on the matter, binding on all federal agencies. The U.K. National Cyber Security Centre has also issued its own warning about this threat.

Although the debate over the extent of artificial intelligence’s impact on cybersecurity continues, almost all organisations point to it as an element that is changing the cybersecurity landscape. Malicious actors are preparing to use generative AI (GenAI) to aggregate the data they have already stolen and, in effect, create new attack vectors or ransomware opportunities. Defenders are looking for opportunities to make greater use of AI to analyse cyber threats. The U.K. National Cyber Security Centre has come out with its own long-term assessment of how AI is affecting the situation – in their view, AI will increase the volume and impact of cyberattacks over the next two years.

In January, Ukrainian organisations suffered several cyberattacks – one targeting the banking sector, and another significantly affecting one of Ukraine’s data centres. The latter resulted in the disruption of the availability of services of several government organisations and information systems. In general, this correlates with russia’s increased cyber activity against Ukrainian information systems – according to the State Special Communications Service, the number of cyber incidents increased by 62.5% last year.

The problems of quantum computing and post-quantum encryption are again a concern for security agencies. As NATO has adopted its first quantum strategy, cybersecurity authorities in Europe are drawing attention to the need to pay more attention to this issue and not be distracted by approaches that are questionable in terms of effectiveness. The US National Security Agency is launching open discussions on the future of quantum computing and how it will affect the security sector, and IBM believes that in 2024 there will be more cyberattacks to steal encrypted data in the hope of gaining access to its contents with the advent of quantum computers.

The National Coordination Centre for Cybersecurity at the National Security and Defence Council of Ukraine has warned of a high level of cyber threats to communications companies. Major cybersecurity agencies have recorded an increase in cyberattacks on Ukraine's critical infrastructure. At the same time, the fight between Ukraine and russia in cyberspace is intensifying. russia is targeting Ukrainian government officials and military personnel through phishing and trying to sow panic among the Ukrainian population. The Defence Intelligence of Ukraine reported successful attacks on the Far Eastern Research Centre for Space Hydrometeorology, the russian Ministry of Defence’s special communications server, and the IT infrastructure of IPL Consulting, which specialised in implementing information systems in russian industry.

More about legislative changes, initiatives of national entities, trends, forecasts and analytical assessments, international and Ukrainian news in the field of cyber security of Ukraine at the link.