MODELING PHISHING SCENARIOS IN UKRAINIAN CYBERSPACE: AN ANALYTICAL APPROACH USING GRAFANA-BOARD
DOI:
https://doi.org/10.28925/2663-4023.2025.29.881Keywords:
phishing analytics, Grafana dashboard, Ukrainian cyberspace, SIEM, financial loss, cyber threat intelligence, AI-based detection, phishing taxonomyAbstract
The article presents an innovative methodology for modeling phishing scenarios in Ukrainian cyberspace based on data integration in the Grafana environment. The main attention is paid to the detection, classification and typification of phishing domains and malicious content delivery channels (social networks, SMS, messengers, mobile applications). The use of data from HTTP proxy logs, DNS API and NetFlow traffic is proposed to build interactive dashboards that visualize time patterns, top domains, delivery channels and campaigns. Special attention is paid to the economic assessment of damage: financial losses of users are calculated taking into account the number of transitions, average losses per incident and attack topics. The paper also considers the use of machine learning algorithms (decision trees, XGBoost) for automated detection of phishing URLs based on behavioral, content and technical features. A concept for integrating visualization results into SIEM systems (Splunk, QRadar) for rapid response to threats is proposed. The research results are of practical importance for the formation of national cyber defense platforms, the development of state registries of phishing domains, and the implementation of educational programs on cyber hygiene. The presented approach combines technical, analytical, and political and educational components, which ensures its comprehensive nature and relevance in the conditions of the modern hybrid war against Ukraine. Particular attention is paid to visual tools: the implemented Grafana dashboards allow you to track peaks of phishing activity, assess delivery channels, attack themes, and regional distribution features. The proposed visualization model helps increase the efficiency of responding to cyber incidents due to interactivity, adaptability, and the ability to perform deep data analysis in real time. The study also takes into account the socio-cultural context of Ukraine - Ukrainian-language social engineering patterns and demographic factors that affect the effectiveness of phishing campaigns are analyzed. The use of regionalized approaches allows for increased accuracy in threat prediction and flexibility of protective mechanisms. The proposed methodology can be adapted to the needs of government agencies, banking structures, and the corporate sector to build effective digital security strategies.
Downloads
References
ACIG Journal. (2024). Russia’s cyber campaigns and the Ukraine war – from gray zone to red zone. https://acigjournal.com/russia-cyber-campaigns-ukraine-war
Barichella, G. (2022). The cybersecurity dimension of the war in Ukraine. Institut Delors. https://institutdelors.eu/wp-content/uploads/2022/06/CybersecurityUkraine.pdf
Brandefense.io. (2022). Analysis of hybrid warfare through Russia–Ukraine cyber war. https://brandefense.io/hybrid-warfare-russia-ukraine-cyber
Center for Security Studies, ETH Zurich. (2018). Hotspot analysis: Cyber and information warfare in the Ukrainian conflict. https://css.ethz.ch/content/dam/ethz/special-interest/gess/cis/center-for-securities-studies/pdfs/Cyber-Ukraine.pdf
Chrysanthou, A., Pantis, Y., & Patsakis, C. (2023). The anatomy of deception: Technical and human perspectives on a large-scale phishing campaign. arXiv. https://arxiv.org/abs/2305.03123
Center for Strategic & International Studies. (2025). Russia’s shadow war against the West. https://www.csis.org/analysis/russias-shadow-war-against-west
Digital Front Lines. (2023). The face of modern hybrid warfare. https://www.digitalfrontlines.com/hybrid-warfare-ukraine
The Economist. (2025, March 2). How Elon Musk’s satellites have saved Ukraine and changed warfare. https://economist.com/elon-musk-satellites-ukraine
Financial Times. (2023, February 10). Europe battles “avalanche of disinformation” from Russia. https://ft.com/europe-disinformation-russia
Finkle, J. (2016, January 7). U.S. firm blames Russian “Sandworm” hackers for Ukraine outage. Reuters. https://reuters.com/article/us-ukraine-cybersecurity-sandworm-idUSKCN0UL1ZZ20160107
Geissler, D., Bär, D., Pröllochs, N., & Feuerriegel, S. (2022). Russian propaganda on social media during the 2022 invasion of Ukraine. arXiv. https://arxiv.org/abs/2205.12382
Grafana Labs. (2025). Success stories and case studies. https://grafana.com/success
The Guardian. (2024, June 3). Russia launching more sophisticated phishing attacks. https://theguardian.com/russia-phishing-attacks-2024
Hazell, J. (2023). Spear phishing with large language models. arXiv. https://arxiv.org/abs/2305.06972
Ho, G., Thomas, K., Lee, K., & Grace, A. (2019). Detecting and characterizing lateral phishing at scale. arXiv. https://arxiv.org/abs/1908.00051
Microsoft. (2022, April 27). The hybrid war in Ukraine. Microsoft On the Issues. https://blogs.microsoft.com/hybrid-war-ukraine
NATO CCD COE & FireEye. (2015). Cyber war in perspective: Russian aggression against Ukraine. https://ccdcoe.org/uploads/2015/cyber-war-russian-aggression-ukraine.pdf
Nemec, M., Sys, M., Svenda, P., Klinc, D., & Matyas, V. (2017). The return of Coppersmith’s attack: Practical factorization of widely used RSA moduli. In Proceedings of the 24th ACM SIGSAC Conference on Computer and Communications Security (pp. 1637–1649). https://doi.org/10.1145/3139563.3139696
OpenThreat. (2025). Real time security analytics – Grafana dashboard integration with Wazuh. https://openthreat.ro/real-time-security-analytics-grafana-dashboard-integration-with-wazuh
ProjectPro. (2025). Grafana vs Power BI: Which tool is better? https://www.projectpro.io/grafana-vs-power-bi-comparison
ResearchGate. (2023). Cybersecurity in the context of hybrid warfare in Ukraine. https://www.researchgate.net/publication/366774293
Reuters. (2024, August 5). Russia’s critics targeted with global hacking campaign. https://reuters.com/russia-global-hacking-campaign
Sanger, D. E., & Barnes, J. E. (2021, December 21). U.S. and Britain help Ukraine prepare for potential Russian cyberassault. The New York Times. https://nytimes.com/us-britain-ukraine-cyberassault.html
SharePoint Europe. (2024). Azure cost analysis dashboards on Grafana. https://www.sharepointeurope.com/azure-cost-analysis-dashboards-grafana
Time Staff. (2022, December 14). Inside the Kremlin’s year of Ukraine propaganda. Time. https://time.com/kremlin-ukraine-propaganda
UpGuard. (2025). Grafana security rating, vendor risk report, and data breaches. https://www.upguard.com/security-report/grafana
Wired. (2025, March 12). Gamaredon: The turncoat spies relentlessly hacking Ukraine. https://wired.com/gamaredon-ukraine-hacking
Wired. (2025, January 18). A signal update fends off a phishing technique used in Russian espionage. https://wired.com/signal-update-fends-off-phishing
Wikipedia contributors. (2025, July 18). Emotet. In Wikipedia, The Free Encyclopedia. https://en.wikipedia.org/wiki/Emotet
Wikipedia contributors. (2025, July 18). Fancy Bear. In Wikipedia, The Free Encyclopedia. https://en.wikipedia.org/wiki/Fancy_Bear
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Дмитро Прокопович-Ткаченко, Артем Бакута , Володимир Звєрєв , Ігор Козаченко , Олександр Черкаський
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
