This study aimed to analyze the nature, scale, and consequences of cyberattacks on critical cyber-physical systems in Ukraine over the past decade, using a methodology based on classifying attacks by type, threat actor (including Russian hacking groups Sandworm, Fancy Bear, and Ember Bear responsible for half of the 22 analyzed incidents), target sector, and temporal patterns. It also included comparative analysis of cyber defense strategies. The Chinese group Volt Typhoon also demonstrated high risk through living-off-the-land techniques. While phishing remained the primary attack vector (7 cases), sophisticated supply chain attacks like NotPetya caused significant damage, with the energy sector being most targeted (7 incidents) due to its strategic importance. Six attacks involved manipulation of Industrial Control Systems/Operational Technology protocols, while four employed destructive wiper malwares. The Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege (STRIDE) analysis of digital platforms concluded that modern challenges require innovative solutions like Cybersecurity Mesh Architecture, digital immunity systems, and artificial intelligence, along with international coordination, while addressing barriers such as legacy systems, workforce shortages, and regulatory fragmentation, ultimately providing an evidence base for improving cybersecurity strategies at national and international levels. 

Background. The Software Bill of Materials (SBOM) is a machine-readable list of all the software dependencies included in a software. SBOM emerged as way to assist securing the software supply chain. However, despite mandates from governments to use SBOM, research on this artifact is still in its early stages.

Aims. We want to understand the current state of SBOM in open-source projects, focusing specifically on policy-driven SBOMs—i.e., SBOM created to achieve security goals, such as enhancing project transparency and ensuring compliance, rather than being used as fixtures for tools or artificially generated for benchmarking or academic research purposes.

Method. We performed a mining software repository study to collect and carefully select 620 SBOM files hosted on GitHub. We analyzed the information reported in policy-driven SBOMs and the vulnerabilities associated with the declared dependencies by means of descriptive statistics.

Results. We show that only 0.56% of popular GitHub repositories contain policy-driven SBOM. The declared dependencies contain 2,202 unique vulnerabilities, while 22% of them do not report licensing information.

Conclusion. Our findings provide insights for SBOM usage to support security assessment and licensing. 

This paper explores the challenges of cyberattack attribution, specifically APTs, applying the case study approach for the WhisperGate cyber operation of January 2022 executed by the Russian military intelligence service (GRU) and targeting Ukrainian government entities. The study provides a detailed review of the threat actor identifiers and taxonomies used by leading cybersecurity vendors, focusing on the evolving attribution from Microsoft, ESET, and CrowdStrike researchers. Once the attribution to Ember Bear (GRU Unit 29155) is established through technical and intelligence reports, we use both traditional machine learning classifiers and a large language model (ChatGPT) to analyze the indicators of compromise (IoCs), tactics, and techniques to statistically and semantically attribute the WhisperGate attack. Our findings reveal overlapping indicators with the Sandworm group (GRU Unit 74455) but also strong evidence pointing to Ember Bear, especially when the LLM is fine-tuned or contextually augmented with additional intelligence. Thus, showing how AI/GenAI with proper fine-tuning are capable of solving the attribution challenge.

Background: As Large Language Models (LLMs) reshape software development across industries, they also reshape the associated threat landscape. Traditional threat modeling methods, which assume predictable system behavior, struggle to accommodate the inherent nondeterminism of LLMs. Paradoxically, LLMs themselves offer capabilities, such as pattern recognition, natural language understanding, and semi-structured reasoning, that can support the automation of threat elicitation and mitigation.

Aims: This research project, ThreMoLIA, aims to design, develop, and empirically evaluate a threat modeling tool that leverages LLMs to assist practitioners in identifying and analyzing security threats in LLM-integrated applications (LIAs).

Method: To this end, we apply a mixed-methods exploratory case study to define and validate threat modeling metrics, and a comparative case study to evaluate the ThreMoLIA tool against existing threat modeling practices.

Results: The current prototype of the ThreMoLIA tool uses cloud or local models. We have established, and partiallyvalidated, a measurement framework and a benchmark for the tool evaluation.

Conclusions: The project is conducted in close collaboration with industry and contributes to the ESEM community by advancing Security-by-Design practices and sharing reproducible artifacts such as metrics, benchmarks, and threat models. 

Large Language Models (LLMs) are currently being integrated into industrial software applications to help users perform more complex tasks in less time. However, these LLM-Integrated Applications (LIA) expand the attack surface and introduce new kinds of threats. Threat modeling is commonly used to identify these threats and suggest mitigations. However, it is a time-consuming practice that requires the involvement of a security practitioner. Our goals are to 1) provide a method for performing threat modeling for LIAs early in their lifecycle, (2) develop a threat modeling tool that integrates existing threat models, and (3) ensure high-quality threat modeling. To achieve the goals, we work in collaboration with our industry partner. Our proposed way of performing threat modeling will benefit industry by requiring fewer security experts' participation and reducing the time spent on this activity. Our proposed tool combines LLMs and Retrieval Augmented Generation (RAG) and uses sources such as existing threat models and application architecture repositories to continuously create and update threat models. We propose to evaluate the tool offline - i.e., using benchmarking - and online with practitioners in the field. We conducted an early evaluation using ChatGPT on a simple LIA and obtained results that encouraged us to proceed with our research efforts.  

Under modern business conditions, it is necessary to increase its competitiveness through the digital transformation of enterprise management, particularly by introducing the latest and modern technologies to improve business operations. It helps businesses to become scalable, efficient, and more profitable. To increase the strategic potential for the possibility of simultaneous implementation of a larger number of projects, the providers of housing and communal services need to constantly improve their organizational management model under conditions of uncertainty. The development of a business management information system is proposed, which allows managing business processes of any degree of complexity in all areas of activity, regardless of their labor intensity, as well as the number of personnel and equipment involved. The implementation of a business management information system in the activities of housing and communal services providers optimizes their activities while taking into account the features of their services, which include intangibility, immediacy, changeability, individuality, irreplaceability, continuity and saturation of needs. The implementation of digital transformation in the activities of housing and communal services providers helps to maximize their efficiency and social significance, which is a key element for improving the quality of life of citizens.