Major international and Ukrainian cybersecurity news in February 2024

An important event in February 2024 was a successful operation by British law enforcement against the powerful Lockbit ransomware group. This group is responsible for a significant part of ransomware attacks around the world, and the termination of their activities will reduce the negative dynamics of such attacks. The joint efforts of British and Ukrainian law enforcement resulted in the arrest of two members of the Lockbit group. This is the second significant success of law enforcement agencies in the fight against a large ransomware group.

Vulnerabilities in Ivanti products have been causing problems for users and cybersecurity authorities around the world for two months now, and ENISA and CERT-EU have even issued joint recommendations for European consumers. This situation comes against the backdrop of a significant shift in EU cybersecurity policy – the launch of the first European certification mechanism for ICT products in accordance with the Common Criteria. The mechanism combines elements of various national certification procedures and aims to make the use of IT products by European consumers more secure.

On 7-8 February, the capital of Ukraine hosted the Kyiv International Cybersecurity Forum 2024: “Resilience during Cyber Warfare”, organised by the NCCC under the National Security and Defence Council of Ukraine together with their partners. The Forum was attended by more than a thousand participants, including top officials from Ukraine, the US, EU and NATO countries. The event featured 10 panel discussions and more than 40 expert presentations covering the role of cybersecurity in modern warfare, Ukraine’s experience in cyber warfare, cyber warfare and international law, cyber diplomacy, strengthening the resilience of the national cybersecurity system through education, messenger security, the role of cyber threat intelligence, regional cybersecurity, and more. KICRF also hosted a cybersecurity competition involving 21 teams of specialists from the public and private sectors.

The Forum also brought together representatives of the Tallinn Mechanism. They issued a joint statement of all participating states, which states that the partners of the Tallinn Mechanism will support Ukraine in countering russian destructive cyber operations for as long as necessary. Also during the meetings on the sidelines of the KICRF, Ukrainian and American officials acknowledged the successful cooperation between the United States and Ukraine in sharing cybersecurity expertise and discussed Ukraine's short- and long-term cyber defence needs.

Governmental concerns about offensive actions in cyberspace have also affected the commercial sector. In February, the United Kingdom and France jointly held the first inaugural conference to combat the uncontrolled proliferation of commercial tools that could be used in offensive cyber actions. As a result, the participants signed the Pall Mall Process Declaration, which sets out the participants' plans to explore alternative policies and innovative methods to combat this threat. Currently, Israel is hardly involved in these initiatives, as Israeli companies have a significant share of the export market for spyware.

russian hacker groups continue to conduct cyber-espionage operations against Ukraine (in particular, one such attack against the Ukrainian military is being monitored by Securonix Threat Research) or attack government websites. Ukrainian cyber experts are actively countering these attempts, including by continuing to investigate the consequences of the large-scale cyber attack in 2023 against Kyivstar. According to the State Security Service of Ukraine (SBU), russian hackers were preparing a second wave of attacks that would have caused even more damage to the operator.

More about legislative changes, initiatives of national entities, trends, forecasts and analytical assessments, international and Ukrainian news in the field of cyber security of Ukraine at the link: Overview of developments in the field of cyber security, February 2024.