The Cyber Incident Response Operational Centre has published its annual report detailing the performance of the Vulnerability Detection and Cyber Incidents / Cyber Attacks Response System in 2024.
The Vulnerability Detection and Cyber Incidents / Cyber Attacks Response System is a combination of software and hardware tools to provide 24/7 monitoring of events in the information and communication systems of government institutions and critical infrastructure / critical information infrastructure. The State Cyber Protection Center of the State Service of Special Communications and Information Protection installs sensors within organizations' networks. These sensors collect data on suspicious activity and instantly transmit it to the Cyber Incident Response Operational Centre. This enables experts to detect cyberattacks in real time and promptly contain them, which is critical for protecting state information resources.
During the reporting period, the system processed approximately 3 million information security events, of which 28,000 were critical and required immediate expert intervention. As a result of the analysis, 1,042 cyber incidents were detected and processed.
According to the statistics, the most common types of information security events were:
● Malicious Code (58.8% of all events)
● Intrusion attempts (17.6%)
● Information Gathering (12.1%)
● Other (8.3%)
● Information content security (2.7%)
● Availability (0.5%)
Over the year, experts at the State Cyber Protection Centre significantly expanded the system's coverage across government bodies: 9 new organizations were connected to the sensor subsystem (NDR) and 10 telemetry collection sensors were installed, also more than 28,000 servers and workstations were protected through the endpoint protection subsystem (EDR).
In 2024, the most active cyber threat clusters were UAC-0010, UAC-0050, and UAC-0006, specializing in cyberespionage, financial theft, and information-psychological operations.
"This data highlights the increasing complexity of cyber threats and the need for continuous improvement of defense systems. Malicious actors are increasingly leveraging legitimate services and tools, making detection and response more challenging," the report states.
Government institutions seeking to enhance their cybersecurity and gain access to the services provided by the Vulnerability Detection and Cyber Incidents / Cyber Attacks Response System can contact the State Cyber Protection Centre. The Vulnerability Detection and Cyber Incidents / Cyber Attacks Response System offers three core services: network sensors (NDR), endpoint protection sensors (EDR), and attack surface management (ASM). Each of these services can be tailored to meet the specific needs of an organization.
For inquiries about gaining access to the services listed above, please contact the State Cyber Protection Centre:
Email: info_scpc@cip.gov.ua
Phone: +38 (044) 281 87 37
