Confirmed Zero-Day vulnerabilities in Microsoft Exchange Server

Cyber security update: Confirmed Zero-Day vulnerabilities in Microsoft Exchange Server

As of 4th October 2022, Microsoft have confirmed that two Zero-day vulnerabilities affect Microsoft Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019. Microsoft have stated that Exchange Online customers do not need to take any action, however if you have a Hybrid Exchange infrastructure this advice still applies.

Further updates and details on the potential vulnerability can be found here

In addition to Microsoft guidance, Solace Cyber recommend that the mitigation be further tightened by altering the URL block string:

.*autodiscover\.json.*Powershell.*

Solace Cyber are offering an initial consultation to determine if a compromise has already occurred and can action any implementation required to secure your operations.

This update is correct as of 12.23 GMT on 4th October 2022. The situation continues to develop rapidly, so please contact the team for an initial conversation with the latest advice.

Determine if you have been affected by Windows Exchange vulnerability

Receive a free initial consultation to determine if a compromise has already occurred and can action any implementation required to secure your operations.

    Military deployed in Ouagadougou

    At around 0400 local time, gunfire and explosions were reported from military bases inside Ouagadougou. Eyewitnesses and social media also reported gunfire from the vicinity of the Presidential Palace and Camp Baba Sy, where the current transitional government headquarters are located. Multiple roads inside the capital are reportedly blocked and military personnel have deployed on the streets. Local media claim that the immediate vicinity of the national television offices (RTB) is inaccessible due to military roadblocks. Images posted to social media appear to indicate state TV outages in Burkina Faso, although this has not been confirmed.

    Heavily armed personnel are now reportedly present along the “strategic axes” of Ouagadougou, although no further details regarding their exact location are currently available. The current whereabouts of Burkina Faso’s President Paul Henri Damiba, who came to power after a military coup in January 2022, are also unconfirmed, although he reportedly remains inside the capital.

    Sporadic gunfire continues several hours after the initial reports of violence. The situation remains highly volatile, with violence ongoing throughout the capital, and the current tactical situation remains unclear due to difficulties obtaining accurate information from the ground. Burkina Faso has rapidly become the epicentre of the violence that began in neighbouring Mali in 2012 but which has since spread across the Sahel region south of the Sahara Desert. The Burkina Faso military has been conducting a series of operations against Islamist militants across the country’s East and Sahel regions in recent months, with military forces claiming to have killed over 100 militants in the past month alone.

    Although not yet confirmed, this incident bears all the hallmarks of an attempted military coup. Burkina Faso last experienced a military coup in January 2022 and has been under transitional military rule since then. During the January coup, gunfire was reported from military bases across the capital and soldiers were reported to have seized the Sangoulé Lamizana barracks and surrounded the RTB offices. Soldiers subsequently appeared on national TV to announce the overthrow of former President Roch Kabore. Around eight days later, the military junta restored the constitution and appointed Paul-Henri Sandaogo Damiba as interim president.

    Control of state television apparatus appears to be a reliable coup indicator. In 2021, soldiers appeared on national television in Guinea to announce a military coup which deposed longstanding President Alpha Conde. In this way, further reports of soldiers entering the RTB offices in Ouagadougou should be considered likely indicators of a confirmed coup attempt.

    Although unclear, ‘strategic axes’ of the capital very likely refer to the Boulevard des Tensoba, the area around the US Embassy and Presidential Palace near Boulevard Muammar Kaddafi, Avenue Kadiogo and Avenue de la Nation.

    The situation in the capital comes just 24 hours after protests against President Damiba, blaming him for the deteriorating security situation in the country, and just days after at least ten soldiers were killed and 30 injured in an attack on a military convoy near Gaskindé. These incidents follow a sustained pattern of violence in the north of the country which appears to be spreading to the capital, as security forces battle to contain an expanding Islamist militancy. On 7 August, the government were forced to deny reports that they intended to sign a truce with militant groups until their planned transition to democracy was complete.

    It therefore remains likely that elements within the Burkina Faso military have attempted to launch a coup against the current junta. The situation will almost certainly remain delicate and highly volatile in the immediate term.

    Solace Global Advice

    • Widespread unrest and violence remain possible in the short term. Travellers should avoid all ongoing military activity and any large public gatherings as the security situation may deteriorate quickly and without warning.
    • In the event of a significant security development, travellers in Burkina Faso should follow any instructions issued by the government or military authorities.
    • If violence escalates inside the capital, consider departing from Ouagadougou whilst commercial options are available.
    • Key military and political infrastructure inside the capital are very likely to remain focal points for violence. You should be particularly vigilant in these areas and follow any specific advice from the local
    security authorities.
    • Expect significant travel disruption and an enhanced security force posture inside Ouagadougou in the short term.
    • Always follow all instructions and orders from security forces. ​Where possible, avoid areas of active conflict and remain inside a secure location away from windows.

    • Ensure that you always carry personal identification documents. Consider making photocopies of important documents in case of confiscation, theft or loss.​
    • Emergency services may be unable to support you in the short term. Be aware of what consular support may be available to you in-country.
    • Exercise increased caution, remain vigilant, be aware of your surroundings and report any suspicious activity to security personnel as soon as possible.
    • If caught in the vicinity of a security incident, seek shelter immediately and leave the area if safe to do so. Continue to adhere to all instructions issued by authorities and obey any security cordons in place.
    • Monitor the Solace Secure platform and trusted local media for updates.

    Election violence in Kenya

    Situation Summary of Election Violence in Kenya

    On 15 August, violence erupted at the Bomas of Kenya in Nairobi, as the Independent Electoral and Boundaries Commission (IEBC) had been scheduled to release the results of the Kenyan general election. Live footage from the venue showed physical altercations breaking out between attendees, with military
    personnel intervening to break up the violence.

    Earlier on 15 August the IEBC had announced a delay in releasing the results, although did not specify a reason for the delay. Separately, four commissioners of the IEBC held a press conference at the Serena Hotel in Nairobi, in which they stated that they could not “take ownership of the results” due to concerns over their opaqueness. As the violent scenes emerged and news broke of the division within the IEBC, it
    was announced that riot police across the country had been placed on standby, with Kenya’s highest bishop calling for calm and peace to prevail.

    In the days since the 9 August election, the IEBC has been verifying the vote tallies provided by the country’s polling stations. In this interim period, both main presidential candidates have alluded to voting irregularities and of fighting the result in courts. Meanwhile, the delay between voting and the announcement of a result had only led to further speculation and disinformation around the legitimacy
    of the vote.
    Around 20 minutes after the initial chaotic scenes at the Bomas of Kenya, and despite four of the seven IEBC commissioners stating they could not back the results, the IEBC announced that William Ruto had won the election with 7,176,141 votes – amounting to 50.49 percent of the total valid votes. The pre-election favourite, Raila Odinga, received 6,942,930 votes – representing 48.85 percent of the votes cast.

    Solace Global Comment

    In 2007, post election violence resulted in more than 1,500 civilian deaths, whilst in 2017 at least fifty were killed and the election result was seen as so contentious that the country’s Supreme court ruled the vote should be re-run. Odinga has run for president on five occasions and has lost each time he has run.
    He has also disputed the final election result following each loss, which set the conditions of suspicion and mistrust, and ultimately precipitated previous outbreaks of post-election violence. Given that Odinga was seen as the favourite to win the Presidency during the 2022 election, the closeness of the declared result and the inconsistency from the IEBC on 15 August, it is highly likely that he will once more
    attempt to contest the election results.


    Regardless of whether Odinga officially disputes the result, it is highly likely that his supporters will rally against the result. Any such unrest is highly likely to become violent. The city of Kisumu, which is home to a large pro-Odinga voting bloc, has already begun to see protests break out against alleged vote rigging, whilst in the Kibera area of Nairobi there are reports that riots have begun to break out. Further
    unrest is likely to remain centred on the political centres of gravity in Nairobi, with the State House, Central Business District, and Serena Hotel all probable areas of unrest in the short term.

    It is noteworthy that this was the first election in which there was no candidate from Kenya’s largest tribe, the Kikuyu. As a result, if election violence and unrest begins to spread across the country, there is a realistic possibility that it will avoid the traditional split along ethnic and tribal lines. Consequently, post-election violence may occur more widely across Kenya, as it would not be centred on tribal population centres, although it may be less extreme than levels observed during previous elections in which a Kikuyu candidate was participating.

    Solace Global Advice

    • Widespread unrest and violence remains possible in the short term. Travellers should avoid all demonstrations and large public gatherings as they may escalate quickly and without warning. Immediately vacate the area if caught in unrest.
    • In the event of a significant security development, travellers in Kenya should follow any instructions issued by the Kenyan government or local authorities.
    • Areas where political figures are known to gather are likely to be focal points for political activism and unrest, especially sites associated with the Presidential office or known protest hotspots. You should be particularly vigilant in these areas and follow any specific advice from the local security authorities.
    • Expect localised travel disruption and an enhanced security force posture in the short-term. Allow for additional time when travelling in-country, as protest action and increased security force presence may result in road closures or blockades.
    • Ensure that you always carry personal identification documents. Consider making photocopies of important documents in case of confiscation, theft or loss.​

    • Make sure you are familiar with contact details for the emergency services in Kenya – dial 999 / 112 / 911 to request police, medical assistance or fire brigade.
    • Exercise increased caution, remain vigilant, be aware of your surroundings and report any suspicious activity to security personnel as soon as possible.
    • If caught in the vicinity of a security incident, seek shelter immediately and leave the area if safe to do so. Continue to adhere to all instructions issued by authorities and obey any security cordons in place.
    • Report any suspicious items and behaviours to the nearest security or police officials.
    • Monitor the Solace Secure platform and local media for updates.


    Support for operations in Kenya

    Our team of risk management specialists and intelligence analysts, combined with on-the-ground security support from our global partner network can help secure your operations.

    Learn more about how we can secure your operations

    US speaker Nancy Pelosi visits Taiwan

    A delegation of American politicians, including House Speaker and senior Democratic politician Nancy Pelosi, landed at Taipei Shongshan Airport in the Republic of China (ROC, or Taiwan) on 2 August. The visit to Taiwan comes amidst an ongoing tour of the Asia-Pacific by the high-profile delegation, which has been conducted for the purpose of reaffirming American commitments to the region. Countries such as Singapore, Malaysia, South Korea, and Japan were included on the official itinerary list, but the visit to Taiwan was hidden, likely out of concerns that any official confirmation would prompt a harsh response from the People’s Republic of China (PRC, or China).

    Intelligence suggesting that Nancy Pelosi would visit Taiwan prompted a series of warnings from the Chinese government and state media broadcasters. China warned that any visit to Taiwan would be considered as a provocation that would necessitate a diplomatic and, in some communications, military response from Chinese authorities. Speculation of Nancy Pelosi’s visit prompted China to engage in aggressive military maneuvers in the Taiwan Strait during the morning of 2 August, including the positioning of warships and aircraft along the contested Median Line. A Distributed Denial-of-Service (DDoS) attack was later recorded against the website of Taiwan’s presidential office.

    Four US Navy warships, including the USS Ronald Reagan aircraft carrier and the USS Tripoli amphibious assault ship, have been operating east of Taiwan. US officials have stressed that their positioning was prompted by a “routine deployment”, but US military authorities remain on high alert due to the increased risk of miscommunication and miscalculation stemming from the elevated number of both US and Chinese military assets in the region.

    In response, Chinese authorities announced three-day military drills will commence near Taiwan from 4 August.

    Nancy Pelosi’s visit to Taiwan represents the most senior visit by a US official since the visit of House Speaker and Republican politician Newt Gingrich to  Taipei in 1997. Newt Gingrich’s visit prompted irritation within China but was tolerated at the time. Since 1997, however, China’s role in the global economy has grown exponentially, and China has begun to exercise a more assertive role in both regional and global diplomacy. There is now an increased willingness within the Chinese government to adopt a more hawkish stance towards Taiwan, which is actively considered to be one of China’s core national interests, alongside increasingly bellicose rhetoric regarding reunification.

    Taiwanese self-governance and the perception of Taiwan as an integral territory of China has prompted the Chinese government to enforce a ‘One China’ policy in its global relations; a practice which the US has acknowledged since President Richard Nixon’s decision to thaw relations between the US and China in 1972. Despite this, the incumbent Chinese Foreign Minister Wang Yi has accused US President Joe Biden of conducting a “fake” One China policy, and Chinese President Xi Jinping has warned the US “not to play with fire” over the legal and diplomatic status of Taiwan.

    Although an invasion of Taiwan remains highly unlikely in the near-term due to the complexity of an amphibious assault across the Taiwan Strait, geopolitical and economic impact, and the potential for US involvement in the conflict, Nancy Pelosi’s visit is certain to escalate tensions further and will very likely lead to an increased Chinese military presence in the region over the coming weeks. Chinese officials have likely calculated that there is a need to reassert Chinese credibility over their red lines in Taiwan, given the current trajectory of US-Taiwan relations. A further military response remains realistically possible, such as live-fire exercises, significant naval and aerial posturing off Taiwan, or potentially missile tests in the vicinity of the Taiwan Strait. A Taiwanese response should be anticipated, and the potential for miscalculation should not be ruled out. China may also seek to conduct retaliatory actions towards the US through economic levers.

    •In the event of a significant security development, travellers in Taiwan should follow any instructions issued by the Taiwanese government.

    •Political tensions may disrupt airspace in both China and Taiwan. It is advised to monitor flight information and check with your travel provider if you are unsure of the status of your flight.

    •Instances of civil unrest within Taiwan cannot be ruled out. Travellers should avoid all demonstrations and large public gatherings as they may escalate quickly and without warning.

    •Areas where political figures are known to gather are likely to be focal points for political activism and unrest, especially sites due to be attended by Nancy Pelosi or other delegates. You should be particularly vigilant in these areas and follow any specific advice from the local security authorities.

    •Expect localised travel disruption and an enhanced security force posture in the short-term as Taiwanese authorities increase measures to protect the US delegation.

    • Be aware that China may seek to retaliate for Nancy Pelosi’s visit within the economic, cyber, and diplomatic domains, which could place additional restrictions on business operations and travel within China, Taiwan, and the wider region.

    • Make sure you are familiar with contact details for the emergency services (in Taiwan – dial 110 for the police, 119 for medical assistance or the fire brigade).

    • Exercise increased caution, remain vigilant, be aware of your surroundings and report any suspicious activity to security personnel as soon as possible.

    • If caught in the vicinity of a security incident, seek shelter immediately and leave the area if safe to do so. Continue to adhere to all instructions issued by authorities and obey the security cordon in place. 

    • Report any suspicious items and behaviours to the nearest security or police officials. 

    • Monitor the Solace Secure platform and local media for updates. 


    Understand the situation with bespoke intelligence

    Be in the know with intelligence reports built directly around your operational requirements.


    Alert Plus – Ecuador Protests – June 2022

    SITUATION SUMMARY On 12 June large scale protests were organised by the powerful Confederation of Indigenous Nationalities of Ecuador (CONAIE). These protests are about Ecuador’s rising cost of living and high inflation, in particular the rising cost of fuel. The country has seen demonstrators block roads with burning tires and barricades of sands, rocks and tree branches. Routes in and out of the capital city, Quito, have been blocked, whilst in the capital police vehicles have been set alight. The protests have been severe enough to disrupt some public services and the functioning of some economic sectors. For example, state oil company Petroecuador has had to halt operations at its facilities as a result of the unrest. On 14 June it was reported that the President of CONAIE, Leonidas Iza, had been arrested on charges of “inciting protests” and “sabotage”. His arrest only further inflamed the situation with a spokesperson for CONAIE stating that there would be a “deepening of the struggle” and a “radicalization of the great indigenous and popular uprising”. The arrest saw hundreds of indigenous activists gather outside a military base in Latacunga where he had been taken. After riot police clashed with protestors, overnight on, it was announced on 15 June that Mr Iza had been released. He will still be charged and will face up to three years in prison. Despite his release, CONAIE are continuing to call for widespread protests across the country to continue. At the time of writing the protests have affected at least 10 of Ecuador’s provinces plus the capital. SOLACE GLOBAL COMMENT As stated, the protests were called for by CONAIE, to protest the rising cost of living, and in particular the rising cost of fuel. Recent months have seen Ecuador face mounting economic issues, such as rising inflation, rising unemployment, and rising poverty. In tandem to this, protestors are also aggrieved that the government has yet to address issues with the country’s price controls on agricultural products and have not acted on electoral promises to rollback mining concessions granted in Indigenous territories, create more jobs, and renegotiate farmers’ debts with banks. Given that over one million people in the country are indigenous peoples, CONAIE can be a powerful political and social force. Indeed, protests organized by CONAIE have directly led to the downfall of three Ecuadorian presidents between 1997 and 2005. In recent years to try and stave of that fate, the current Conservative government led by President Lasso has held several rounds of talks with CONAIE on some the economic and social issues. These talks have ultimately produced little of substance for either Lasso or CONAIE, and this combined with the mounting economic problems have led to the calls by CONAIE for protests and demonstrations. In at least releasing Mr Iza less than 24 hours after his arrest, the government likely realized that was a course of action which only served to inflame the situation. It is unlikely that the government will be able to swiftly create better economic conditions, and as such discontent is likely to continue into the short to medium term, however the threat of further protest action could be dissipated through good faith offers of talks and negotiations between the government and CONAIE. SOLACE GLOBAL ADVICE
    • Be aware that demonstrations are currently widespread and may lead to a significant deterioration in the security environment. ​
    • Large gatherings can escalate into violence with little or no warning. As such, avoid all gatherings or immediately vacate the area if caught in unrest. ​
    • If currently in the country, especially the capital, minimise all travel and remain indoors in a secure location.​
    • If carrying out necessary travel, Allow for additional time when conducting journeys, protest action and the increased police presence may result in closed or blocked roads.
    • Avoid all political and governmental buildings across the country, but in particular Quito, due to the likelihood of unrest and clashes. ​
    • Follow local news sources to keep abreast of developments
    • Ensure that you carry personal identification documents at all times. Consider making photocopies of important documents in case of confiscation, theft or loss.​
    • If you find yourself in the vicinity of a protest, seek to leave the area immediately and adhere to all instructions issued by authorities.
    • Anticipate a heightened military and police presence throughout the country with additional security being reported near all major political and media buildings.
    • Exercise vigilance and follow all official directives.​
    • Monitor the Solace Secure platform and local media for updates.
    • If travelling to or currently in Ecuador ensure that you monitor for the latest news for the progress of protests as well as monitoring any political developments.
    • Additionally, ensure contingency measures are in place in case of a sustained period of instability occurs or if violence escalates. This includes evacuation plans. ​
    Solace Global remains available to provide the full range of Travel Risk Management services to clients. Solace Global is also able to provide comprehensive crisis management, response, and evacuation services. For further details please contact +44 (0) 1202 308 810 or email us.

    Alert Plus – Berlin Vehicle Incident – June 2022

    SITUATION SUMMARY On 8 June at approximately 10:15 local time, a silver Renault Clio vehicle left the road at the corner of Kurfürstendamm and Rankestraße, mounting the pavement and striking pedestrians. The vehicle stopped as it crashed into a Douglas store on Tauentzienstrasse, where it remains at the time of writing. Berlin police have not yet confirmed whether the incident was caused by traffic accident or is being treated as a terrorist attack. The driver however has been arrested. Eyewitnesses have reported several casualties, with the fire department establishing a patient treatment area on the corner of Kurfürstendamm and Rankestraße. Local media are reporting at least one killed and up to 30 injured. Armed police and emergency services remain at the scene, with many roads nearby cordoned off. SOLACE GLOBAL COMMENT At time of publishing, there has been no confirmation from authorities that this is a terrorist incident, although it certainly bears all the hallmarks of one. Similarly, no group has yet claimed responsibility for the attack. Vehicle ramming attacks are relatively unsophisticated and do not require a great deal of pre-planning. As such, they have become an increasingly valuable tactic for terrorist organisations operating in Europe – where access to firearms is severely limited and armed police are able to interdict attacks with bladed weapons. Indeed, the Islamic State (IS) group released an audio message in April 2022 announcing a renewed campaign of attacks in response to the killings of the group’s leader and spokesman. The message encouraged IS supporters to carry out knife and vehicle ramming attacks specifically, across both the United States and Europe. It therefore remains likely that this represents a lone actor terrorist attack. Recent terrorist attacks in Europe have been conducted by individuals with violent Islamic ideology, extreme right-wing views or by individuals with probable mental health issues. It is noteworthy that this incident has occurred outside of a protestant chapel (Kapelle der Kaiser-Wilhelm), near to the site of the 2016 Christmas Market terror attack – in which an Islamist terrorist drove a truck into a crowded Christmas market. There remains considerable potential for subsequent attacks in the greater Berlin area. The city is a particularly target-rich environment given the abundance of high-value infrastructure and the high population density. Individuals are highly advised to avoid the area and to follow all instructions issued by the police and emergency services at the scene. Be aware of the potential for follow-on attacks. SOLACE GLOBAL ADVICE
    • In the event of a terrorist attack those in the area are reminded to RUN – HIDE – TELL – FIGHT.
    • Terrorists are highly likely to try to carry out attacks across Europe. The possibility of further attacks in the immediate term cannot be ruled out.
    • Attacks are likely to be indiscriminate, including in crowded areas, government, military and police installations and against personnel, civilians, transportation networks, and high-profile locations.
    • Areas where large groupings of residents or tourists are known to gather may be at higher risk of attack. You should be particularly vigilant in these areas and follow any specific advice of the local security authorities.
    • Make sure you are familiar with contact details for the emergency services (in the EU – dial 112).
    • Travellers are advised to avoid the immediate area of any incident as emergency services remain on the scene to conduct their investigations.
    • Expect localised travel disruption and an enhanced security force posture in the short term.
    • Exercise increased caution, remain vigilant, be aware of your surroundings and report any suspicious activity to security personnel as soon as possible.
    • If caught in the vicinity of a shooting, seek cover from fire immediately and leave the area if safe to do so. Continue to adhere to all instructions issued by authorities and obey the security cordon in place.
    • Report any suspicious items to the nearest security or police officials.
    • Monitor the Solace Secure platform and local media for updates.
    Solace Global remains available to provide the full range of Travel Risk Management services to clients. Solace Global is also able to provide comprehensive crisis management, response, and evacuation services. For further details please contact +44 (0) 1202 308 810 or email us.

    Crescent Yamaha WorldSBK join forces with Solace Global

    Solace Global have become official risk and security management partners of Crescent Yamaha for the WorldSBK series, and will be reducing the risk of disruption to races from cyber attacks, along with ongoing travel risk management to keep the team safe. Advanced risk management technology will be integrated into defending 2021 FIM Superbike World Champions, Yamaha, and their official operations, with technical ownership undertaken by Solace Global’s 24/7/365 Security Operations Centre. Solace Global’s team of highly trained security specialists, including ex-military personnel and cyber security experts, will be actively preventing potential security disruptions throughout the season. Crescent Yamaha will be safeguarded against organisational risks by Solace Global, as well as adopting an advanced technological ecosystem to protect against the latest cyber threats.

    Protecting Yamaha’s racing team with cyber security services

    racing team security

    In addition to managing the risk and security landscape, Solace Global will provide an external data repository that is immune to data loss, corruption and cyber attacks. This means that if a successful cyber attack were to take place, Crescent Yamaha would experience minimal disruption to operations while the team travels to 12 different WorldSBK race venues in 2022, as Solace Global would initiate a full managed recovery while business operations are restored. This mitigates the risk from cyber threats, hackers and ransomware, and ensures the team’s future is secure. Some of the biggest organisations in motorsport trust Solace Global to manage all business-impacting risks. All operations are supported by a solid foundation of security, privacy and compliance with ISO 27001:2013, ISO 9001, ISO 45001 and ISO 14001 accreditations.

    “Each year, digital and real-world threats to global racing events have become more problematic. It’s never been in our nature to watch and wait, so we are honoured to be working with an incredible team in Crescent Yamaha to help build a greater culture for security in racing. The goal is to make security technology easier to use and accessible for every race team and organisation. We believe it’s now more important than ever to ensure racing championships are unhindered by external risk, so events can thrive and continue for years to come. We look forward to supporting Paul and the Crescent Yamaha WorldSBK Team off track, so that they can continue to win races around the world. It is a pleasure to welcome Solace Global to our championship-winning Yamaha WorldSBK Team with Crescent.

    We work in a fast-paced environment that requires military-level precision to be able to fight for race wins and championships, and we require protection from outside threats as well as those posed by our competitors on track” said Paul Denning, Team Principal of Crescent Yamaha WorldSBK Team. “By partnership with Solace Global, it gives me both peace of mind and security that our operations are protected against the risk of cyber threats and data corruption so that we can focus on our main goal at circuits around the world – defending our WorldSBK Championship title in 2022.”

    To celebrate the partnership, you can win 2 tickets for the 2022 Donington round of WorldSBK series when you book a free cyber risk assessment. Terms and conditions apply. Applies to risk assessments booked until June 10th 2022. Non-transferrable for cash value.

    Alert Plus – Brooklyn Subway Incident – April 2022

    SITUATION SUMMARY On April 12 at around 08:30 am ET, gunfire and explosions were reported at the 36 th Street subway station in Sunset Park, Brooklyn. Either an explosive or smoke/incendiary device reportedly detonated before an individual opened fire, although it is currently unclear if the attack commenced on a train or at the platform. At least six individuals with gunshot wounds have been reported, with several other casualties being treated for smoke inhalation and panic related injuries. Several unexploded devices were also reportedly left at the scene, although the NYPD has since claimed that there are currently no active devices at the station. Armed police and emergency services are currently at the station, with NYPD reportedly in pursuit of at least one suspect. Explosive Ordnance Disposal units also remain at the scene. Imagery from social media shows multiple casualties and smoke visible in the air, amid unconfirmed reports that the perpetrator was wearing a construction outfit or high vis jacket and wearing a gas mask. Police have now closed roads and subway stations in the vicinity of 36th Street station, whilst the R, D and N train services have been suspended in both directions in Brooklyn and at some Manhattan stations. Local schools are in shelter in place mode. SOLACE GLOBAL COMMENT At time of publishing, there has been no confirmation from authorities that this is a terrorist incident, although it certainly bears all the hallmarks of one. Similarly, no group has yet claimed responsibility for the attack. Combinations of explosive devices, weapons and attempts at clothing concealment almost certainly indicate a considerable amount of pre planning for this attack, which appears to be more sophisticated than a typical mass shooting incident. The attack has been deliberately timed and targeted to inflict large numbers of casualties at a peak time in a busy subway station with large numbers of commuters. Similarly, the ensuing chaos would provide an excellent opportunity for perpetrator(s) to extract from the scene. It therefore remains realistically possible that this represents a lone actor terrorist attack. Recent terrorist attacks in the US have been conducted by individuals with violent Islamic ideology, extreme right wing views or by individuals with probable mental health issues. It is noteworthy that this incident has occurred during the holy month of Ramadan and in the days immediately preceding the Easter holidays. Given that the perpetrator(s) have not yet been detained, there remains considerable potential for subsequent attacks in the greater New York area. New York City is a particularly target rich environment given the abundance of high value infrastructure and the high population density. Individuals are highly advised to avoid the area and to follow all instructions issued by the police and emergency services at the scene. Be aware of the potential for follow on attacks. SOLACE GLOBAL ADVICE
    • In the event of a shooting or explosive incident those in the area are reminded to RUN – HIDE – TELL – FIGHT.
    • Terrorists are highly likely to try to carry out attacks in the US. The possibility of further attacks in the immediate term cannot be ruled out.
    • Attacks are likely to be indiscriminate, including in crowded areas, government, military and police installations and against personnel , civilians, transportation networks, and high profile locations.
    • Areas where large groupings of residents or tourists are known to gather may be at higher risk of attack. You should be particularly vigilant in these areas and follow any specific advice of the local security authorities.
    • Make sure you are familiar with contact details for the emergency services (in the US dial 911).
    • Travellers are advised to avoid the immediate area of any incident as emergency services remain on the scene to conduct their investigations.
    • Expect localised travel disruption and an enhanced security force posture in the short term.
    • Exercise increased caution, remain vigilant, be aware of your surroundings and report any suspicious activity to security personnel as soon as possible.
    • If caught in the vicinity of a shooting, seek cover from fire immediately and leave the area if safe to do so. Continue to adhere to all instructions issued by authorities and obey the security cordon in place.
    • Report any suspicious items to the nearest security or police officials.
    • Monitor the Solace Secure platform and local media for updates.
    Solace Global remains available to provide the full range of Travel Risk Management services to clients. Solace Global is also able to provide comprehensive crisis management, response, and evacuation services. For further details please contact +44 (0) 1202 308 810 or email us.

    Alert Plus – Escalating violence in Israel – March 2022

    SITUATION SUMMARY At least five people were killed in a mass shooting in a Tel Aviv suburb on 29 March. The attack occurred in the ultra Orthodox Jewish area of Bnei Brak and began shortly before 20:00 local time. The perpetrator, identified as a 26 year old Palestinian man from Ya’bad in the West Bank, was shot dead by Israeli police several minutes after the attack began. Footage of the incident was posted on social media and showed the gunman firing indiscriminately at apartment balconies and passers by in the vicinity of Bialik, Hertsel and Ha Shnayim streets. Among the victims were local residents , including a rabbi, as well as a responding police officer and two Ukrainian nationals. The death toll would almost certainly have been greater had the assailant’s rifle not malfunctioned on at least two occasions, as reported by eyewitnesses and survivors of the attack. The attack was quickly declared an act of terrorism and triggered a large scale response from emergency service personnel and Israeli security forces. A heightened Israeli police and military presence was deployed to the scene amid concerns the shooter may have had accomplices. According to Israeli media reports, the assailant was believed to have been working illegally at a construction site in Bnei Brak and had previously served a short prison sentence for security offences. At the time of publishing, it appears the gunman acted alone and was not affiliated to any terrorist group. The killings were swiftly condemned by Israeli Prime Minister Naftali Bennett, other political figures and the international community. In a statement published shortly after the attack, PM Bennett said the country was “dealing with a new wave of terrorism.” He also reassured the population that Israeli security forces are “up to the task” and would prevail, despite the “great and complex challenge” posed by terrorism and violence. Meanwhile, Palestinian terrorist organisations hailed the killings, with a Hamas official reportedly claiming the ‘Tel Aviv operation’ emphasised the unity of the Palestinian people. Moreover, the Palestinian Islamic Jihad group (PIJ), a US designated terrorist organisation , warned the attack was a “harbinger of our people’s operations to come”. The attack in Bnei Brak marked the third fatal attack in Israel in the past week and caps one of the deadliest in recent years. Indeed, attacks were carried out in Hadera and Beersheva , on 27 and 22 March, respectively. Both attacks were indiscriminate in nature and carried out by Israeli Arabs armed with bladed weapons and/or firearms. The assailants in the Hadera and Beersheva attacks were alleged to have links to the so called Islamic State (IS) terrorist group, raising concerns the group may be planning further violence to coincide with Muslim holy month of Ramadan, which begins on 2 April. SOLACE GLOBAL COMMENT The fact that this attack comes so soon after a spate of similar attacks will only fuel concerns that Israel may well be in the middle of another wave of violence. What is likely to be most concerning, however, is the fact that the majority of these recent attacks were carried out not by Palestinians, but by Arab or Bedouin Israeli citizens who have expressed an allegiance to the Islamic State group and were previously known to Israeli security services. This recent shift in the demographics of attackers in Israel if it is seen to continue will spark fears that the country could see a wave of violence and terrorism emanating not from Gaza or the West Bank but from within Israeli borders from Arab and Bedouin majority towns. Such violence was seen in 2021 when towns such as Lod, Acre, Tiberius, and Haifa saw widespread unrest and sectarian violence between Arab and Jewish Israelis. This spate of terror attacks comes at what is often a tense time within both Israel and the Palestinian territories. Ramadan begins on 2 April and is typically associated with an uptick in violence across the entirety of the Middle East, with night prayers drawing worshippers to al Aqsa in Jerusalem and many opting to remain within the vicinity of the mosque for the remainder of the month. Nakba Day also occurs on 15 May, which marks the Palestinian commemoration of the “catastrophe” of the formation of the State of Israel, and often results in protests and clashes between the Israeli Defence Forces and Palestinians. Last year saw at least 29 injured on Nakba day as a result of protests and unrest. Furthermore, there are several events in Jerusalem specifically during the next month, including mass visits to the Western Wall, the Temple Mount, and the city of Jerusalem for the conclusion of Passover. The wider geopolitical context for the uptick in violence is complex and multifactorial. It includes increasing official recognition for the state of Israel. At a summit in the Negev between the US, Israel and assembled Arab leaders , cooperation on several issues was agreed including broadening the nations who have signed the “Abraham Accords”. Alongside this, a meeting of the PLO central committee saw them agree to rescind its recognition of Israel and security cooperation across the West Bank. Recognition or cooperation with Israel from other Arab states is often seen as zero sum game by Palestinians, in which they do not emerge victorious. As a result, such announcements often spark protests and a backlash. Further to this, Iranian influence on Hamas, who often call for protests and civil unrest in the Gaza strip, cannot be discounted especially when negotiations around the JCPOA are still ongoing. In summary the tense geopolitical situation in the region, combined with the forthcoming key dates within Arab and Islamic culture means that more attacks are likely to occur in the short term. If these attacks continue to emanate from within Arab/Bedouin communities within Israel, then this will likely contribute to wider sectarian violence across the country. Attacks emanating from Israeli citizens are also harder for Israeli security services to counteract, as much of their counter terror operations are currently focuses on Palestinian nationals. Key targets for attack are likely to include Israeli governmental and defence buildings, national transportation hubs. Meanwhile key areas for protests tend to be found around points of religious significance such as those around the old town of Jerusalem. SOLACE GLOBAL ADVICE
    • Terrorists are highly likely to try to carry out further attacks in Israel and the Occupied Palestinian Territories. The possibility of further attacks in the immediate term cannot be ruled out.
    • Heightened tensions, brought about by rocket attacks from Gaza into Israel, Israeli airstrikes on Gaza, use of force by Israeli authorities, and regional political developments, increase the risk of retaliatory terrorist attacks in Israel.
    • Attacks are likely to be indiscriminate, including in crowded areas, government, military and police installations and against personnel, transportation networks, businesses with Western interests.
    • Areas where foreign nationals and tourists are known to gather may be at higher risk of attack. You should be particularly vigilant in these areas and follow any specific advice of the local security authorities.
    • Make sure you are familiar with contact details for the emergency services (in Israel dial 100; in the West Bank and Gaza dial 101).
    • Travellers are advised to avoid the immediate area of any incident as emergency services remain on the scene to conduct their investigations.
    • Expect localised travel disruption and an enhanced security force posture in the short term.
    • Exercise increased caution and situational awareness and report any suspicious activity to security personnel as soon as possible.
    • If caught in the vicinity of a shooting, seek cover from fire immediately and leave the area if safe to do so. Continue to adhere to all instructions issued by authorities and obey the security cordon in place.
    • Monitor the Solace Secure platform and local media for updates.

    Want more information on the risk landscape in Israel?

    Enquire using the form below for more information on bespoke intelligence services from our in-house analysts. [wpforms id=”6220″]    

    Penetration testing: Demonstrate your customer’s data is safe

    Win your customers trust

    Data is a valuable commodity and the consequences of a data breach can cause not only a significant fine from the ICO, but irreversible reputation damage for a company too. Penetration Testing is important for organisations of all sizes. A well-structured and scoped penetration test can help reduce the cyber risk exposure of an organisation as well as protect both the organisations and their client’s data. It supports Data Protection compliance by evidencing regular testing (a GDPR requirement). Penetration Testing also assists with marketing. Once all the fixes are in place, the retest report can be a valuable marketing asset.  

    How penetration testing works

    A penetration test from Solace Cyber, sometimes known as a pen test, is the process of replicating a cyber attack performed by a cyber security specialist. Pen testing will uncover security weaknesses by using the same methods that a hacker would, by replicating their approach as closely as possible against new vulnerabilities and exploits that become available daily. A critical part of our testing methodology is to show you you not only what we found, but how we found it. Knowing how we found the issues is the key to your continual improvement, which is why we follow our tried and tested 6-step high level methodology for every penetration test.  

    Experts in finding vulnerabilities your IT team may have missed

    Our team of experts spend 3 months a year keeping their skills up to date, meaning we are always one step ahead of the evolving cyber security threats and have a deep understanding of the latest threat ecosystem. This means  we can evaluate your business and identify your vulnerabilities, configuration weakness and gaps in protection to the highest quality. We use a highly respected Council of Registered Ethical Security Testers (CREST) affiliated penetration testing service, followed up with a complimentary strategic session with our cyber security specialists once you have your results to help address any issues identified. Our services cover all types of Penetration Test including, but not limited to:
    • API and Backend Systems
    • Infrastructure – Internal, External & Cloud
    • Mobile Applications – Android, iOS & Windows
    • PCI-DSS
    • Physical
    • Remote Access & VPN Systems
    • Social Engineering
    • Web Applications – from Blogs to Ecommerce

    The key to a successful penetration test

    In-depth planning is a critical step to ensure a successful penetration test. This is one of the most critical steps in ensuring success in your penetration test. This is where we work together to define the scope, and the goal of the test rigorously to give you assurance every angle has been covered. During the scoping call for your penetration test, we are looking to identify exactly what needs testing, how complex it is and how much time we will need to use to complete the penetration test to the best of our capability. We will also look to identify the goal of the penetration test. The goal could be as simple as “identify all the exploitable vulnerabilities”. It could be a lot more complex such as “pivot through an exploited host and attack the internal network to gain access to client data.” Having a well-defined scope is the key to the success of your penetration test. Therefore, we can never answer the question of “how much is a penetration test” until we have had a call to discuss your penetration testing scope.  

    ➜Download penetration testing technical spec

     

    Speak to a cyber security specialist

    Enquire using the form below [wpforms id=”6216″]      

    Alert Plus – Houthi Drone Attacks – March 2022

    SITUATION SUMMARY

    Following reports of a large explosion in Jeddah on 25 March, it was reported that the North Jeddah Bulk Plant had caught fire after being targeted by a Houthi drone or missile attack The Aramco site is located on the edge of the Al Marwah neighbourhood, approximately 4 km southeast of the King Abdulaziz International Airport and 11 km east of the Jeddah Corniche Circuit. Footage shared on social media showed large plumes of black smoke emanating from the site, with a large fire also clearly visible. Due to the proximity of the strike to Jeddah’s airport considerable disruption to aviation operations was also reported. Flight data from Jeddah’s King Abdulaziz airport indicated that several arriving and departing flights from 16 30 to 19 30 local time were either delayed or diverted to other airports including Medina’s Prince Mohammad Bin Abdulaziz International Airport. At the time of publishing, there had been no official confirmation of the strike on Jeddah from either the Saudi authorities or Aramco, nor had there been any indication of casualty numbers. The strike on the Aramco site in Jeddah followed earlier reports that the Royal Saudi Air Defense Forces had intercepted and destroyed six weaponised drones targeting Jizan, Najran, and Asir near the southern border region with Yemen. Whilst the RSDAF claimed they had successfully intercepted these drones the Saudi Press Agency announced that Houthi projectiles had struck a power distribution centre and water tanks of the National Water Company located in Samtah Jizan Dhahran Al Janub and Asir respectively. As a result, the power centre caught fire leading to localised power outages. Houthi strikes on Jizan and Asir are comparatively frequent, given their proximity to the Yemeni border region and therefore Houthi launch sites.Damage to infrastructure from successful strikes is therefore much more likely to occur in the south of the country. Houthi forces have previously demonstrated a long range strike capability, with hydrocarbon facilities in Jeddah having already been targeted earlier in the week.

    SOLACE GLOBAL COMMENT

    Today’s attack is likely to be the second in less than a week on the North Jeddah Bulk Plant. Five days prior, the Arab coalition confirmed that a fire at a Jeddah Aramco plant had been caused by a Houthi strike. Whilst it is not currently clear if the same facility has been targeted today, this remains a highly credible possibility. In recent times the Houthis have proven the capability to fire at targets deep within Saudi and even Emirati territory, as they benefit from increasingly sophisticated weaponry. Despite this enhanced capability, Saudi Arabian Air forces are frequently successful in intercepting such attacks before they reach populated urban environments. In January it was reported that Saudi Arabian supplies of patriot missiles, which they maintain are key to their air defence, had almost been completely depleted. On 21 March, it was announced that US President Biden had agreed to transfer a “significant number” of Patriot interceptors to the Saudis to replenish their supplies and to ease tensions in the wider US-Saudi relationship over their conduct in Yemen. As result of the successful strikes on Jeddah, the global price of oil immediately spiked amid fears that this attack would lead to further disruption to global oil supplies. The activity observed today represents the broadest Houthi attack on Saudi Arabia in recent months, with at least three locations targeted and multiple weapon systems deployed. Saturation of Saudi airspace by Houthi aerial activity over much of 25 March is likely to explain why the strikes at Jeddah were not successfully intercepted. It is highly likely that these attacks have been timed to occur whilst Saudi missile defences remain partially combat ineffective, before the Saudi Armed Forces can operationally deploy the new patriot interceptors and significantly improve their ability to intercept Houthi projectiles or aerial systems. The decision may have also been taken in relation to the fact that much of the world is currently focused on the price of oil, due to the consequences of the Russian invasion of Ukraine. Houthi forces have likely calculated that an attack on an oil facility in Saudi Arabia will reverberate more forcefully than it would have done even just one or two months previously. Similarly, additional western interest had been focused on Jeddah in anticipation of the scheduled Formula 1 Grand Prix this weekend. Given the close relationship between the Houthis and Iran, it also cannot be definitively ruled out that the current trajectory of the JCPOA negotiations between Iran and other states have also played into the timings of this attack. Further attacks on infrastructure in Jeddah remain realistically possible in the immediate term, whilst it is highly likely that the Houthis will continue to strike targets across wider Saudi Arabia for the foreseeable future. These attacks will mainly target locations close to the Yemeni border, as the likelihood of interception increases for attacks deeper into Saudi territory.

    SOLACE GLOBAL ADVICE

    In general, Saudi Arabian air defence systems have been extremely effective in mitigating the Houthi missile/drone threat, with relatively few projectiles reaching their intended targets, particularly outside of the southern border region. As such, travellers in Saudi Arabia should continue to operate with relevant precautions.
    • Individuals in the kingdom should keep up to date with the latest developments.
    • Individuals are advised to reconfirm itineraries and expect possible travel disruption.
    • Adhere to all instructions issued by the authorities and follow all warnings regarding any further possible rocket attacks.
    • Seek shelter immediately when rocket attack sirens sound.
    • All travel to Saudi Arabia’s southern border region is strongly advised against due to the proximity of the ongoing fighting in Yemen and increased risk of successful airborne attacks.
    • All travel to Yemen is advised against at this time due to the severe risks associated with the ongoing conflict.
    • Due to the frequency of recent Houthi attacks and other security incidents, regional tensions remain high.
    • Further incidents in Saudi Arabia are almost certain in the longer term, whilst Houthis have previously demonstrated the capability and intent to attack targets across the wider Gulf region.

    Want more information on the risk landscape in Saudi Arabia?

    Enquire using the form below for more information on bespoke intelligence services from our in-house analysts. [wpforms id=”6220″]          

    Is Kaspersky antivirus a security concern?

    Many have asked if sanctions against Russia could affect Kaspersky antivirus coverage, we look at the best alternative.

     

    Is Kaspersky at risk of interrupted service?

    Russian owned companies have come under intense pressure from the west, and it is expected there will be more boycotts and sanctions to come, as the conflict continues.

    However, what is uncertain, is what effects the financial or technological sanctions could have on Kaspersky antivirus protection. At the time of writing we understand the software is still updating, however Solace Cyber is advising clients to anticipate the possibility of disruption in service.

     

    Previous warnings from NCSC

    Concerns about Kaspersky antivirus aren’t new. The National Cyber Security Centre issued warnings against Kaspersky back in 2017 relating to the allegations from US government, that Kaspersky Labs had worked on secret projects with Russia’s Federal Security Service.

    NCSC wrote to all government departments warning against the use of Kaspersky’s antivirus software, claiming there could be risks of data being exploited by the Russian government, and therefore compromise national security.

    Although there are no proven links between the Russian FSS, Kaspersky have gone to great lengths to repair the damage with transparency campaigns in an effort to rebuild trust, following boycotts from the US and Dutch governments.

    A better solution

    Solace Cyber technicians have seen antivirus routinely disabled or uninstalled as part of attacks from groups like Conti Ransomware, therefore our advice to all customers is that signature-based antivirus protection is no longer sufficient to deter new advanced cyber attacks.

    While antivirus can prevent some types of ransomware, it lacks the intelligence that next generation machine-learning based solutions provides. We recommend replacing antivirus with Endpoint protection and response (EDR), that uses AI to understand abnormal behaviour, and critically, can stop a virus in its tracks from spreading and exfiltrating data within an organisation.

    If you are looking at changing your antivirus, Solace Cyber can step in quickly and replace your Kaspersky solution with next-generation Fortinet Endpoint Detection and Response (EDR).

    This is part of our 8 step cyber security journey, to optimise your resilience to cyber threats. Learn how it works

     

    Take a virtual 121 test drive

    Free migration from Kaspersky to FortiEDR

    or

    Free 3 months FortiEDR

    [wpforms id=”5650″]

    Cyber Alert – Organisations urged to act following Russia’s invasion of Ukraine

    National Cyber Security Centre (NCSC) urges UK organisations to bolster their online defences following Russia’s invasion of Ukraine

    The NCSC – which is a part of Government Communications Headquarters (GCHQ) – has urged organisations to action the following guidance. Steps to take when cyber threat level is heightened
    • Security patching – Check your systems and endpoints are all patched including third-party software such as browsers and office productivity suites
     
    • Verify access – Ask staff to ensure their passwords are unique to your business systems, multi-factor authentication (MFA) is enabled and administrative privileged access, or other rights, are carefully managed again using MFA.
     
    • Ensure defences are working – Antivirus or EDR software is installed on all active systems, and it is up to date and functioning correctly. For firewalls and other perimeter security devices specifically check there are no temporary rules that have been left in place beyond their expected lifetime and are configured to provide just enough access only.
     
    • Logging and monitoring – Understand what logging you have in place, where logs are stored, and how long logs are retained for. Monitor key logs at a minimum and monitor antivirus logs.
     
    • Review your backups – confirm that your backups are running correctly, perform test restorations so that the process is familiar. Check that there is an offline copy of your backup and that it is recent enough to be useful if an attack results in loss of data or system configuration. Ensure machine state and private keys are also accessible.
     
    • Incident plan – Check you incident response plan is up to date, confirm that escalation routes and contact details are up to date. Ensure that the incident plan contains clarity on who has the authority to make key decisions especially out of normal office hours. Ensure your incident response plan and communication mechanisms will be available.
     
    • Check your internet footprint – check that records of your external internet-facing footprint are correct and up to date including IP and DNS information is held securely. Perform an external vulnerability scan of your whole internet footprint and check that any systems that require patching have been actioned.
     
    • Phishing response –  Ensure that staff know how to report phishing emails and a process is in place to deal with are reported incidents
     
    • Third party access – If third party organisations have access to your IT networks or estate make sure you have a comprehensive understanding of what level of privilege is extended into your systems and to whom. Remove any access that is no longer required.
     
    • Brief your wider organisations – ensure other teams understand the heightened threat.
      If your organisation has deprioritised these areas of the basic Cyber Assessment Framework, you are advised to revisit those decisions immediately when the threat is heightened. Solace Cyber have had many years of experience protecting clients throughout Cyber Risk escalation periods. The NSCC does not make these recommendations lightly and we have seen previous advisories come to fruition with Covid and ransomware.   Solace Cyber Advice
    1. It is recommended to follow NCSC guidance, if you are unsure of your current security posture, Solace Cyber can perform an independent assessment for you.
    2. We can give your organisation a mature incident response plan, that can be live within 24 hours.
    3. There is a specialised emergency threat prevention package that can be taken on a 6 month contract during this period of heightened risk and uncertainty.
    Emergency Threat Prevention Package cyber secure

    Speak to us for further guidance to increase your cyber defences

    [wpforms id=”6100″]

    Alert Plus – Russian Invasion of Ukraine – February 2022

    Situation Summary

    During the early hours of 24 February 2022, President Putin announced that a military operation was underway in the Donbas, urging Ukrainian Armed Forces in the East of the country to surrender and depart the area.   

    Explosions have been reported in multiple cities across Eastern Ukraine, in addition to the capital city of Kyiv and Odessa in the south of the country. Ukrainian President Zelensky confirmed that Ukrainian infrastructure and border regions had been targeted by missile strikes, with at least 50 casualties officially confirmed. Information regarding the extent of damage to infrastructure is currently available. 

    Russia’s Ministry of Defence has claimed that only military infrastructure is being targeted by precision strikes, with Ukrainian air defence installations and Air Force bases the current focus of Russian missile activity. Ukraine’s Interior Ministry has also reportedly stated that Ukraine’s Command and Control Headquarters in Kyiv were targeted in strikes. 

    Russian Armed Forces have also reportedly crossed from Belarus into the north of Ukraine, less than 200km from Kyiv depending on where the crossing occurred. Belarusian President Lukashenko has claimed to have prior knowledge of Russian invasion plans and that there is no threat to Belarus at this time. 

    Civilians in Kyiv are evacuating the city en masse, with a number of people seeking refuge in metro stations whilst many have boarded vehicles in an attempt to leave the city via road. Large traffic jams have also formed outside a number of other key population centres. 

    In a statement of defiance, President Zelensky claims that Ukrainian Armed Forces are actively resisting the Russian military advance. With a state of emergency already declared, President Zelensky announced the imposition of Martial Law on the morning of 24 February.

    Solace Global Comment

    Russia almost certainly intends to rout the Ukrainian Armed Forces and aims to establish aerial superiority as rapidly as possible in order to set the conditions for a successful ground invasion. The extent of any further Russian advance will likely depend on multiple factors, not least whether Ukraine’s Government remains in place and functional, and whether Ukrainian Armed Forces can mount a concerted defence in the face of overwhelming Russian force superiority. 

    Despite President Putin’s announcement that military operations have commenced in the Donbas, reports that Russian Armed Forces have crossed the border from Belarus, deployed into Kharkiv and are amassing in Crimea, represent a significant escalation in the conflict if they are accurate. 

    It remains highly likely that Russia intends to conduct further offensive operations in Eastern Ukraine, beyond the territorial extent of the Donetsk and Luhansk Oblasts, utilising multiple axes of advance from the North, East and South of Ukraine. It is currently undetermined if Russian ground forces intend to advance on Kyiv, but this remains a realistic possibility in the short term.

    Any such operations would almost certainly involve the deployment of additional Russian Armed Forces currently positioned around the Ukrainian border regions, as has already begun in Kharkiv and Belarus, and will likely manifest as a phased approach via key population centres along major supply routes. 

    Vital ground such as airfields would be secured, Ukrainian military command centres destroyed, and extensive missile strikes remain highly likely in the coming days. Missile strikes and aerial bombardment, although ostensibly targeting military infrastructure, are likely to cause considerable collateral damage to civilian infrastructure. 

    The situation in Ukraine has deteriorated rapidly and will almost certainly continue to do so in the short term. There remains considerable potential for the conflict to escalate considerably and with minimal warning, which will significantly impact any attempt to evacuate in what is an already chaotic environment.

    Solace Global Advice

    • Travellers are currently advised against all travel to Eastern Ukraine. Any travellers in-country should immediately evacuate to a safe country by the most secure available route. 
    • Businesses and commercial operations east of the Dnieper River are advised to immediately cease all activity, particularly in the immediate vicinity of the Donbas region, and move their operations to more secure regions either outside of the country or to the West of Ukraine. 
    • Businesses and commercial operations in Kyiv should also seek to evacuate the country at the earliest available opportunity. Where this is not possible, businesses must ensure robust safeguards and evacuation plans are documented and followed when required. 
    • Aerial bombardment and missile strikes will occur with very little warning. Travellers in country should seek secure shelter immediately upon hearing explosions or warning sirens and remain there until instructed otherwise by the authorities or security personnel.
    • Travellers should carefully consider their exit routes from the country. Commercial aviation is unviable in the short term and as such, alternative evacuation routes must be considered. Roads are likely to be gridlocked, particularly around large urban areas. Special evacuation services are being offered by rail services out of the Donbas.
    • Ensure personal identification documents are always carried, in case you need to transit through a checkpoint or are requested to present it by officials.
    • Update your escalation and evacuation plans for Ukraine, focusing on what protocols staff members should follow in the event there is further significant deterioration in the security environment.  
    • Anticipate a heightened military presence throughout the country with additional security being reported near all major political and media buildings. Exercise vigilance and follow all official directives.
    • Travellers should follow local media and use the Solace Secure app to stay up to date with security-related events. Travellers requiring assistance in evacuating the country should do so at the earliest opportunity. 

    As of 24 February 2022, Solace Global can offer full in-country support. 

    As the situation is evolving rapidly, please get in touch on 01202 308810 for further information on what support is available, or complete the enquiry form below. [wpforms id=”6054″]  

    How To Prevent a Security Breach Through Email

    5 questions you should be asking your IT team about Phishing

      Fraudulent Microsoft365 emails and employees clicking on phishing emails could be a significant GDPR risk. The consequences of a security breach are greater than ever, with increasing costs to recover businesses each year. Checking with your IT team the following measures are in place can help decrease your likelihood of a data breach.   1. Do you audit Office365 regularly for security compromises?

    Checking for security compromises regularly is important. We recommend a quarterly audit at a minimum, or monthly audits as best practice. This helps your business identify any breaches which could be lying dormant in your system.

     

    2. Do you enforce additional security features such as Multi-Factor Authentication?

    There are a multitude of security features which can be added, including conditional access and attack surface reduction. Ensure this is enforced across the estate to add an extra layer of security.

     

    3. Do you know what personal data is within your Office365 tenant?

    This is important to understand what information could be exposed if an attacker gains access via a phishing email. Information such as passwords, bank details, date of birth or medical data could be used by cyber criminals to clone an identity.

     

    4. Do you regularly check the security setup of your Office365 tenant?

    We recommend checking the security set up at least four times per year, or monthly checks as best practice.

     

    5. Do you train your employees on the risks of phishing emails? 

    The biggest cause of successful phishing attacks is due to human error. Training staff regularly and performing phishing simulations can decrease your chances of a breach. 

      70% of organisations we tested in 2021 showed evidence of an active or historical breach.    

    Book a free health check

    Don’t leave it to chance, book a Microsoft 365 forensic health check to protect your data. [wpforms id=”5663″]

    Alert Plus – Ukraine Russia Crisis – February 2022

    SITUATION SUMMARY

    In a televised announcement on 21 February 2022, President Putin declared that Russia would officially recognize the rebel-held areas of Donetsk and Luhansk as independent states. Following requests for military assistance from the leaders of the Luhansk and Donetsk People’s Republics, President Putin has reportedly committed to deploying Russian Armed Forces to the rebel held regions, to conduct unspecified peacekeeping operations. UK Defence Secretary Ben Wallace confirmed that military equipment is already beginning to deploy into the region, although tactical force dispositions are not currently known. Although this scenario had been somewhat anticipated, given the rapid deterioration of the security situation over the preceding 48 hours and several Russian claims of false-flag operations, the announcement has been met with ubiquitous condemnation by Western leaders. Extensive, pre-planned and synchronised sanction regimes were announced by Western nations following the release of the Russian statement, details of which will be made public in the immediate term but will almost certainly target key political figures and strategic Russian financial interests. The German Government has already suspended the approval process for the Nordstream2 gas pipeline until further notice. Whether Russia is intending to use sanctions they deem overly excessive or disproportionate as a tripwire for justifying additional incursions beyond the Donbas remains to be seen. Oil prices also surged in the immediate aftermath of the announcements of sanctions, as futures of Brent crude, the international benchmark, reached a seven-year high of almost $98 (£72) amid concerns over supply chain disruption and the impact of sanctions on Russian exports. Discussions are ongoing in the West as to the severity of sanctions. Poland and the Baltic states are arguing for harsh sanctions to be applied immediately, stating that Putin will “taunt” the West with “one thousand cuts”. France and Germany are urging restraint in the short term, to ensure additional leverage can be applied in the event of further escalation by Russia.  

    SOLACE GLOBAL COMMENT

    The extent to which Russia will recognise the entirety of the territory in the Donbas is unclear. At present, rebel-held areas do not comprise the entirety of the Luhansk and Donetsk oblasts of Ukraine. Therefore, any decision by Russia to unilaterally declare the whole regions as independent states will highly likely lead to Russian Armed Forces deploying west of the currently recognised Line of Contact. This will almost certainly increase the likelihood of clashes between conventional forces of the Russian and Ukrainian militaries and risk a rapid, significant deterioration of the security situation and critical escalation of the conflict. The force composition of troops deployed to the Donbas will almost certainly provide an indication as to the operational intent of the Russian Armed Forces in Ukraine: a moderate forward deployment of Russian National Guard personnel or motorised rifle units will most likely indicate that Russia intends to hold ground and consolidate east of the Line of Contact, whilst a large-scale deployment of armoured, airborne and/or artillery formations should be considered a crucial indicator for possible onward incursion into Ukraine. Any Ukrainian Armed Forces operations in the vicinity of the Line of Contact (including reconnaissance, air defense and counter-battery strikes) will almost certainly be perceived as offensive in nature by any deployed Russian Armed Forces, and as such there remains considerable potential for the conflict to escalate rapidly and with minimal warning. It remains realistically possible that Russia intends to conduct further offensive operations in Eastern Ukraine, with seizing and holding localities populated by ethnic Russians or Russian-speakers likely to be key operational objectives. As a result, Solace Global advises that business operations in Kharkiv, Berdyansk and other cities in the vicinity of the Donbas Region should consider evacuating to safer areas in the west of Ukraine.  

    SOLACE GLOBAL ADVICE

    • Travellers are currently advised against all travel to Eastern Ukraine.
    • Businesses and commercial operations are advised to immediately cease all activity in the immediate vicinity of the Donbas region and move their operations to more secure regions either outside of the country or to the west of Ukraine.
    • Where this is not possible, businesses must ensure robust safeguards and evacuation plans are documented and followed when required.
    • Travellers should consider their exit routes from the country. Commercial aviation is likely to become unviable in the short term and as such, alternative evacuation routes must be considered. Already some airlines have temporarily suspended flights to Ukraine, including Lufthansa and KLM.
    • Carry personal identification documents at all times in case you need to transit through a checkpoint or are requested to present it by officials.
    • Update your escalation and evacuation plans for Ukraine, focusing on what protocols staff members should follow in the event there is further significant deterioration in the security environment.
    • Anticipate a heightened military presence throughout the country with additional security being reported near all major political and media buildings. Exercise vigilance and follow all official directives.
    • Travellers should follow local media and use the Solace Secure app to stay up to date with security-related events
     

    Need support with your Ukraine operations?

    Complete the enquiry form to speak to our travel risk management team.  [wpforms id=”6054″]