MODERN CYBER THREATS TO CRITICAL INFRASTRUCTURE IN UKRAINE AND THE WORLD
DOI:
https://doi.org/10.28925/2663-4023.2023.27.719Keywords:
cybersecurity; data protection; attacks; cyber threats; social engineering; critical infrastructure; disinformation; information security; vulnerabilities.Abstract
Critical infrastructure is the basis for the stable functioning of the state and society, but its dependence on digital technologies makes it vulnerable to cyber threats. In 2024, more than 3 million information security events were recorded, of which 28,000 were classified as critical, requiring in-depth analysis and development of new approaches to risk management. This article examines the current cyber threats to critical infrastructure, including cyber espionage, embezzlement, information and psychological operations, and attacks on industrial systems. Based on the analysis, the main types of attacks are identified: ransomware, DDoS attacks, social engineering and zero-day exploits. Particular attention is paid to the energy, transport, finance and digital infrastructure sectors, which are the most vulnerable to attacks. The article also contains an analysis of international experience and standards, such as the ENISA Threat Landscape and the NIS2 directive, which demonstrate effective cybersecurity practices. Analysis of international experience shows that effective cyber defence requires a multi-level approach. This includes real-time network monitoring, automated vulnerability management tools, improved risk assessment systems, implementation of multi-factor authentication, and increased cyber awareness of staff. The use of innovative approaches will significantly reduce the impact of cyber threats and ensure the uninterrupted operation of critical infrastructure. The results of this study indicate the importance of integrating modern approaches and technologies into critical infrastructure
Downloads
References
On Critical Infrastructure, Law of Ukraine No. 1882-IX (2024) (Ukraine). https://zakon.rada.gov.ua/laws/show/1882-20#Text
The government’s CERT-UA team handled 2543 cyber incidents in 2023. (2024). State Service for Special Communications and Information Protection of Ukraine. https://cip.gov.ua/en/news/uryadova-komanda-cert-ua-v-2023-roci-opracyuvala-2543-kiberincidenti
Bratel, S. (2023). Experience of foreign countries in ensuring the security of critical infrastructure facilities. Theoretical and practical aspects of national security, 3, 261–265.
Skitsko, O., & Shyrshov, R. (2024). Topical issues of ensuring cybersecurity of critical infrastructure facilities. Legal scientific electronic journal, 20, 312–315.
Melnyk, D. S. (2022). Protection of the national critical information infrastructure: current problems and solutions. Administrative law and process: a scientific and practical journal, 3(38), 5–16.
Enisa Threat Landscape 2024. July 2023 to June 2024. September 2024. (n. d.). https://www.enisa.europa.eu/sites/default/files/2024-11/ENISA%20Threat%20Landscape%202024_0.pdf/
The Evolution of DDoS: Return of the Hacktivists. (2023). https://www.akamai.com/site/en/documents/research-paper/the-evolution-of-ddos-return-of-the-hacktivists.pdf
Framework. (n. d.). DISARM Foundation. https://www.disarm.foundation/framework
Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022. (2022). Official Journal of the European Union.
Common Vulnerabilities and Exposures. (n. d.). https://www.cve.org/
Common Vulnerability Scoring System. (n. d.). https://www.first.org/cvss/
CWE - Common Weakness Enumeration. (2024). CWE - Common Weakness Enumeration. https://cwe.mitre.org/index.html
Cyber Digest Cybersecurity Overview. (2024). https://www.rnbo.gov.ua/files/2024/NATIONAL_CYBER_SCC/Cyber%20digest/Cyber%20digest_Jan_2024_UA.pdf?utm_source=chatgpt.com
Countering Cyber Proliferation: Zeroing in on Access-as-a-Service. (2021). Atlantic Council. Countering Cyber Proliferation. https://www.atlanticcouncil.org/wp-content/uploads/2021/03/Offensive-Cyber-Capabilities-Proliferation-Report-1.pdf
CERT-UA handled 4315 cyber incidents last year. (2025). State Service of Special Communications and Information Protection of Ukraine. https://cip.gov.ua/ua/news/cert-ua-minulogo-roku-opracyuvala-4315-kiberincidentiv
Hulak, H. M., Zhiltsov, O. B., Kyrychok, R. V., Korshun, N. V., & Skladannyi, P. M. (2024). Information and cyber security of the enterprise. Textbook. Lviv: Publisher Marchenko T. V.
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Анна Ільєнко, Валентина Телющенко, Олена Дубчак
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
