The SBU Cyber upgraded the MISP-UA data platform. The platform aims to exchange data on cyber-attacks and cyber incidents at critical infrastructure facilities and government electronic information resources.

Using the best practices of the EU and NATO, the SBU implemented a system based on the open source software Malware Information Sharing Platform - MISP-UA in 2018.

After joining the MISP-UA platform, the organization, institution or enterprise has the opportunity to exchange relevant information about real and potential cyber threats, find ways and tools to detect and neutralize them with other participants and the SBU.

During 2021, the special service implemented a number of fundamental upgrades to MISP-UA, which allowed counteracting modern cyber security challenges the state is currently facing.

As of now, the Cyber Security Situation Center have introduced the following new tools and features:

• updated 2.4.141version of the MISP platform, which is used by leading cyber security experts including CIRCL, CERT, CSIRT, NATO, etc.;
• upgraded event export feature, allowing the users to receive only current compromise identifiers;
• upgraded flexibility of settings for the events distribution mechanism between the users in order to experience the most relevant information sharing automatically;
• introduced the lifecycle of the compromise identifier, allowing automatically exclude from export the obsolete identifiers;
• CyberChef and Cuckoo Sandbox services were integrated to expand the capabilities of the platform - tools used by cyber security experts to analyze data and investigate malware;
• introduced new function of informing users after the publication of an event added by them, including one published as part of another event;
• updated the operation instructions for the MISP-UA platform;
• introduced a number of other important improvements.

The SBU Cyber Security Situation Center reminds that the upgraded MISP-UA platform allows users to keep their cyber security systems up-to-time in order to eliminate potential hacker attacks, including zero-day attacks. To join the platform, please visit: https://misp.gov.ua.

Note:

Almost 800 users have already joined the MISP-UA platform. The platform is currently monitoring three million of unique compromise identifiers.