Highlights of international and Ukrainian cybersecurity news in March 2024

Information and cybersecurity were identified by President of Ukraine Volodymyr Zelenskyy as one of the five priorities of the NSDC of Ukraine during the presentation of the newly appointed Secretary of the NSDC of Ukraine Oleksandr Lytvynenko. These include enhancing defence against enemy destabilisation operations and strengthening the coordination of all state institutions in this domain, as well as developing Ukraine's cyber strike capabilities. According to Deputy Secretary of the National Security and Defence Council of Ukraine Serhii Demediuk, given its experience in the cyber war with russia, Ukraine can become a regional leader in cybersecurity, initiating changes in international approaches to aggression in cyberspace.

In March, the Defence Intelligence of the Ministry of Defence of Ukraine reported a successful special operation against the russian Ministry of Defence, during which access was gained to servers and a large amount of classified documentation. The SSU's cyber specialists stopped the supply of components for russian drones and cruise missiles, and are working at the front to destroy enemy electronic warfare and electronic warfare systems and intercept drones that coordinate missile and artillery strikes against the defence forces.

The diplomatic confrontation between Western countries and China is escalating due to cyberattacks on parliamentary structures by Chinese hackers. The United States, the United Kingdom, Finland, and New Zealand accuse China of interfering in the work of their parliamentary structures. In addition, a number of democratic countries will hold elections in 2024, so ENISA has updated its guide to ensuring cybersecurity of the electoral process, and the US CISA has practised procedures for protecting the electoral process on the example of Super Tuesday in March 2024.

The Ivanti vulnerability continues to pose challenges for cybersecurity organisations and consumers around the world. In particular, the Five Eyes Alliance agencies warn that attackers can actively exploit this vulnerability and maintain their presence in affected systems. For its part, the U.S. National Security Agency has confirmed that attackers are already exploiting this vulnerability to target defence companies, and CISA was even forced to shut down several of its systems to prevent a cyberattack.

Russian cyber activity is growing, with Russian hackers attacking NGOs in Europe and political parties in Germany. It is also known that they are actively testing the AcidPour ransomware, a virus that is supposed to destroy data on the affected system. It appears that the updated virus targets Linux x86 systems and could be used against a number of telecoms operators in Ukraine.

The European Union is finalising the process of adopting and launching the Cyber Resilience Act, which will change security rules in the EU. This is complemented by the development of measures to regulate the use of AI - the European Parliament plans to adopt the Artificial Intelligence Act, which will regulate AI with due regard to potential risks. At the same time, the EU's main efforts are focused on building cyber defences. Analysts assess how existing cybersecurity structures (such as the CSIRT) can be more useful in the pan-European context of cybersecurity and believe that they should become more proactive.

Read more about legislative amendments and changes, initiatives of national actors, trends, forecasts and analytical assessments, international and Ukrainian news in Ukrainian cybersecurity by following the link: Overview of developments in the field of cyber security, March 2024