Throughout Q3 2023, the Vulnerability Detection and Cyber Incident and Cyberattack Response System detected 1.5 million suspicious information security events (at initial analysis), and processed 12,000 critical information security events (potential cyber incidents detected through filtering suspicious information security events and secondary analysis). In addition, 355 cyber incidents were recorded and processed through security analysts directly. Compared to Q2 2023, the number of recorded cyber incidents has increased by 46%.

14 new cyber defense objects of the government, energy, and military sectors have been connected to the Vulnerability Detection and Cyber Incident and Cyberattack Response System over the reporting period.

As compared to Q2 2023, the number of cyber defense objects per subsystem has increased as follows:

• network telemetry collection — by 3;

• end-point protection — by 18;

• vulnerability scanning — by 8.

310,696 suspicious unique files were automatically detected over the reporting period by the subsystems included in the Vulnerability Detection and Cyber Incident and Cyberattack Response System. At that, SmokeLoader, Agent Tesla, Formbook, Guloader, StrRAT, RmsRAT, and Emotet prevail among the malware families detected in information security events under the category “02 Malicious software code” during the reporting period.

Analysts of the Cyber Incident Response Operations Center have analyzed 957 phishing attacks correlating with the following email threat categories over Q3 2023:

●       stealing authentication data (507);

●       malware distribution (340);

●       extortion (108);

●  vulnerability exploit attempt (2).

406 out of 507 phishing attacks aimed at stealing users’ authentication data were associated with the use of legitimate services and technologies, amounting to 80% of their total number. It proves the efficiency of the approach based on exploiting legitimate means to arrange phishing emails. Specifically, Firebase, Weebly, Webflow, IPFS, Mailchimp, and Formspark were exploited over the reporting period.

In addition, 202 cyberattacks initiated by pro-russian hacking groups have been detected over Q3 2023, by 26% less than in the previous quarter. So, Q3 2023 keeps showing a downtrend in the total number of cyberattacks targeting Ukrainian organizations of various sectors and ownership forms, observed since early 2023. Meanwhile, the attack periodicity chart is rather uniform, which implies absence of any notable changes in the attack frequency and intensity, with even distribution of attacks across the timeline of the reporting period.

Народная CyberАрмия, BLUENET, NoName057(16), PHOENIX, and Lira are the most active pro-russian hacktivist groups. The number of attacks waged by them during Q3 2023 accounts for 90% of the total recorded attacks carried out by similar groups. The majority of their attacks targeted the financial, government, telecommunication, education sectors, as well as the civil sector.

Download this report in PDF here.