Highlights of international and Ukrainian cybersecurity news in May 2024

The United States has begun assessing the effectiveness of the President's strategic cybersecurity instructions. According to the U.S. Government Accountability Office, 90% of the tasks under Presidential Decree 14028 "Improving the Nation's Cybersecurity" have been completed. In addition, an updated National Cybersecurity Strategy Implementation Plan was adopted, which includes 31 new tasks. The Office of the National Cyber Director (ONCD) also evaluated the implementation of the first Implementation Plan, and about 90% of the tasks were completed. The US government has increased oversight and made assessment procedures more regular and public.

This month, Ukraine focused on international cooperation. At the First Scientific and Practical Conference on Cyber Diplomacy, Ukraine's Foreign Minister Dmytro Kuleba stressed that Ukraine, with its experience in countering russian federation and reputation as an innovator, is an integral part of the European and Euro-Atlantic security systems, while Deputy Secretary of the National Security and Defence Council Serhiy Demediuk called for joint strategies to predictably and continuously strengthen collective cyber resilience. Ukrainian representatives took part in the Asian Leadership Conference and RSA 2024.

The human factor remains a key source of cyber threats for organisations. According to Verizon's research, 68% of security breaches are related to insider errors or social engineering schemes. A Proofpoint study found that 74% of CISO companies consider human error to be the largest vulnerability. The problem goes beyond staff training to general cyber awareness. That is why CISA launched a second nationwide cyber awareness programme in May 2024, reaching various target audiences through television, radio, digital advertising, shopping malls, social media, and outdoor advertising.

AI development and its impact on cybersecurity are becoming key topics for cybersecurity organisations and researchers. China and the United States are increasing their investments in AI research and are engaged in a high-level dialogue on this matter. Cyber specialists are already facing challenges: for example, Unit42 has taught AI to create effective malware that can be quickly modified. Horizon3.ai offers AI-enabled services to prioritise cyber defence and fix vulnerabilities. AI is also becoming a target of cyber espionage: in May, the ART group attacked US AI researchers to access their data.

In May, law enforcement agencies of 13 countries conducted a special operation Endgame, destroying the infrastructure of the IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee, and Trickbot criminal groups. Ukrainian law enforcement actively participated in this operation, conducting most of the arrests and searches. The identity of the leader of the LockBit cybercrime group, Russian Dmitry Khoroshev, was also revealed. The US State Department has announced a $10 million reward for information leading to his capture.

Read more about legislative changes, initiatives of national actors, trends, forecasts and analytical assessments, international and Ukrainian news on cybersecurity in Ukraine here.