The Cyber Incident Response Team in the Banking System of Ukraine (CSIRT-NBU) offers banks the following services:
1. Incident Response
CSIRT-NBU assists its constituency in handling the technical aspects of cyberincidents. It includes incident report acceptance, technical data analysis and assistance, incident management coordination
Incident Report Acceptance
Incident Response Support
Incident Response Coordination
2. Proactive Risk Monitoring
CSIRT-NBU offer proactive risk monitoring service, including intelligence on current cyber threats and potential vulnerabilities, collecting information from various sources, researching and analysing data
detection of phishing domains
detection of data leakage
detection of compromised data of bank users' and customers' accounts
monitoring of potential vulnerabilities
3. Information services
Service of informing banks about current cyber threats and vulnerabilities, measures to counter cyber attacks and security measures necessary to protect customer information systems
Information exchange and interaction in responding to cyber incidents/cyber attacks is carried out in accordance with the requirements of the Procedure for Information Exchange between Ukrainian Banks and the Cyber Security Centre of the NBU on cyber defence and is carried out through:
The portal of the Cyber Security Centre – is a specialised website of the NBU designed to organise interaction and provide services by the Cyber Security Centre. For authorised connection to the portal of the Cyber Defence Centre, you need to register in accordance with the Connection Procedure.
MISP-NBU – is a specialised website of the NBU built on the basis of the MISP open source platform for the joint exchange of information on malware and cybersecurity threats. For authorised connection to MISP-NBU, you need to complete the registration procedure in accordance with the Connection Procedure.
Corporate messenger – a special system for the exchange of information messages between the participants of the information exchange. For an authorized connection, you need to go through the registration procedure in accordance with the Connection Procedure.
E-mail – for the exchange of information messages, the Cyber Security Centre uses the following e-mail accounts:
[email protected] – for the exchange of technical information.
[email protected] – for the exchange of information of a general organisational nature.
4. Training and education
CSIRT-NBU provides service for conducting trainings and educational sessions to raise awareness and understanding in the field of cyber defence, cyber incident response, and countering current cyber threats.