As of 4th October 2022, Microsoft have confirmed that two Zero-day vulnerabilities affect Microsoft Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019. Microsoft have stated that Exchange Online customers do not need to take any action, however if you have a Hybrid Exchange infrastructure this advice still applies.

Further updates and details on the potential vulnerability can be found here

In addition to Microsoft guidance, Solace Cyber recommend that the mitigation be further tightened by altering the URL block string:

.*autodiscover\.json.*Powershell.*

Solace Cyber are offering an initial consultation to determine if a compromise has already occurred and can action any implementation required to secure your operations.

This update is correct as of 12.23 GMT on 4th October 2022. The situation continues to develop rapidly, so please contact the team for an initial conversation with the latest advice.

At around 0400 local time, gunfire and explosions were reported from military bases inside Ouagadougou. Eyewitnesses and social media also reported gunfire from the vicinity of the Presidential Palace and Camp Baba Sy, where the current transitional government headquarters are located. Multiple roads inside the capital are reportedly blocked and military personnel have deployed on the streets. Local media claim that the immediate vicinity of the national television offices (RTB) is inaccessible due to military roadblocks. Images posted to social media appear to indicate state TV outages in Burkina Faso, although this has not been confirmed.

Heavily armed personnel are now reportedly present along the “strategic axes” of Ouagadougou, although no further details regarding their exact location are currently available. The current whereabouts of Burkina Faso’s President Paul Henri Damiba, who came to power after a military coup in January 2022, are also unconfirmed, although he reportedly remains inside the capital.

Sporadic gunfire continues several hours after the initial reports of violence. The situation remains highly volatile, with violence ongoing throughout the capital, and the current tactical situation remains unclear due to difficulties obtaining accurate information from the ground. Burkina Faso has rapidly become the epicentre of the violence that began in neighbouring Mali in 2012 but which has since spread across the Sahel region south of the Sahara Desert. The Burkina Faso military has been conducting a series of operations against Islamist militants across the country’s East and Sahel regions in recent months, with military forces claiming to have killed over 100 militants in the past month alone.

Although not yet confirmed, this incident bears all the hallmarks of an attempted military coup. Burkina Faso last experienced a military coup in January 2022 and has been under transitional military rule since then. During the January coup, gunfire was reported from military bases across the capital and soldiers were reported to have seized the Sangoulé Lamizana barracks and surrounded the RTB offices. Soldiers subsequently appeared on national TV to announce the overthrow of former President Roch Kabore. Around eight days later, the military junta restored the constitution and appointed Paul-Henri Sandaogo Damiba as interim president.

Control of state television apparatus appears to be a reliable coup indicator. In 2021, soldiers appeared on national television in Guinea to announce a military coup which deposed longstanding President Alpha Conde. In this way, further reports of soldiers entering the RTB offices in Ouagadougou should be considered likely indicators of a confirmed coup attempt.

Although unclear, ‘strategic axes’ of the capital very likely refer to the Boulevard des Tensoba, the area around the US Embassy and Presidential Palace near Boulevard Muammar Kaddafi, Avenue Kadiogo and Avenue de la Nation.

The situation in the capital comes just 24 hours after protests against President Damiba, blaming him for the deteriorating security situation in the country, and just days after at least ten soldiers were killed and 30 injured in an attack on a military convoy near Gaskindé. These incidents follow a sustained pattern of violence in the north of the country which appears to be spreading to the capital, as security forces battle to contain an expanding Islamist militancy. On 7 August, the government were forced to deny reports that they intended to sign a truce with militant groups until their planned transition to democracy was complete.

It therefore remains likely that elements within the Burkina Faso military have attempted to launch a coup against the current junta. The situation will almost certainly remain delicate and highly volatile in the immediate term.

• Widespread unrest and violence remain possible in the short term. Travellers should avoid all ongoing military activity and any large public gatherings as the security situation may deteriorate quickly and without warning.
• In the event of a significant security development, travellers in Burkina Faso should follow any instructions issued by the government or military authorities.
• If violence escalates inside the capital, consider departing from Ouagadougou whilst commercial options are available.
• Key military and political infrastructure inside the capital are very likely to remain focal points for violence. You should be particularly vigilant in these areas and follow any specific advice from the local
security authorities.
• Expect significant travel disruption and an enhanced security force posture inside Ouagadougou in the short term.
• Always follow all instructions and orders from security forces. ​Where possible, avoid areas of active conflict and remain inside a secure location away from windows.

• Ensure that you always carry personal identification documents. Consider making photocopies of important documents in case of confiscation, theft or loss.​
• Emergency services may be unable to support you in the short term. Be aware of what consular support may be available to you in-country.
• Exercise increased caution, remain vigilant, be aware of your surroundings and report any suspicious activity to security personnel as soon as possible.
• If caught in the vicinity of a security incident, seek shelter immediately and leave the area if safe to do so. Continue to adhere to all instructions issued by authorities and obey any security cordons in place.
• Monitor the Solace Secure platform and trusted local media for updates.

On 15 August, violence erupted at the Bomas of Kenya in Nairobi, as the Independent Electoral and Boundaries Commission (IEBC) had been scheduled to release the results of the Kenyan general election. Live footage from the venue showed physical altercations breaking out between attendees, with military
personnel intervening to break up the violence.

Earlier on 15 August the IEBC had announced a delay in releasing the results, although did not specify a reason for the delay. Separately, four commissioners of the IEBC held a press conference at the Serena Hotel in Nairobi, in which they stated that they could not “take ownership of the results” due to concerns over their opaqueness. As the violent scenes emerged and news broke of the division within the IEBC, it
was announced that riot police across the country had been placed on standby, with Kenya’s highest bishop calling for calm and peace to prevail.

In the days since the 9 August election, the IEBC has been verifying the vote tallies provided by the country’s polling stations. In this interim period, both main presidential candidates have alluded to voting irregularities and of fighting the result in courts. Meanwhile, the delay between voting and the announcement of a result had only led to further speculation and disinformation around the legitimacy
of the vote.
Around 20 minutes after the initial chaotic scenes at the Bomas of Kenya, and despite four of the seven IEBC commissioners stating they could not back the results, the IEBC announced that William Ruto had won the election with 7,176,141 votes – amounting to 50.49 percent of the total valid votes. The pre-election favourite, Raila Odinga, received 6,942,930 votes – representing 48.85 percent of the votes cast.

In 2007, post election violence resulted in more than 1,500 civilian deaths, whilst in 2017 at least fifty were killed and the election result was seen as so contentious that the country’s Supreme court ruled the vote should be re-run. Odinga has run for president on five occasions and has lost each time he has run.
He has also disputed the final election result following each loss, which set the conditions of suspicion and mistrust, and ultimately precipitated previous outbreaks of post-election violence. Given that Odinga was seen as the favourite to win the Presidency during the 2022 election, the closeness of the declared result and the inconsistency from the IEBC on 15 August, it is highly likely that he will once more
attempt to contest the election results.

Regardless of whether Odinga officially disputes the result, it is highly likely that his supporters will rally against the result. Any such unrest is highly likely to become violent. The city of Kisumu, which is home to a large pro-Odinga voting bloc, has already begun to see protests break out against alleged vote rigging, whilst in the Kibera area of Nairobi there are reports that riots have begun to break out. Further
unrest is likely to remain centred on the political centres of gravity in Nairobi, with the State House, Central Business District, and Serena Hotel all probable areas of unrest in the short term.

It is noteworthy that this was the first election in which there was no candidate from Kenya’s largest tribe, the Kikuyu. As a result, if election violence and unrest begins to spread across the country, there is a realistic possibility that it will avoid the traditional split along ethnic and tribal lines. Consequently, post-election violence may occur more widely across Kenya, as it would not be centred on tribal population centres, although it may be less extreme than levels observed during previous elections in which a Kikuyu candidate was participating.

Our team of risk management specialists and intelligence analysts, combined with on-the-ground security support from our global partner network can help secure your operations.

Learn more about how we can secure your operations

Be in the know with intelligence reports built directly around your operational requirements.

On 12 June large scale protests were organised by the powerful Confederation of Indigenous Nationalities of Ecuador (CONAIE). These protests are about Ecuador’s rising cost of living and high inflation, in particular the rising cost of fuel.

The country has seen demonstrators block roads with burning tires and barricades of sands, rocks and tree branches. Routes in and out of the capital city, Quito, have been blocked, whilst in the capital police vehicles have been set alight. The protests have been severe enough to disrupt some public services and the functioning of some economic sectors. For example, state oil company Petroecuador has had to halt operations at its facilities as a result of the unrest.

On 14 June it was reported that the President of CONAIE, Leonidas Iza, had been arrested on charges of “inciting protests” and “sabotage”. His arrest only further inflamed the situation with a spokesperson for CONAIE stating that there would be a “deepening of the struggle” and a “radicalization of the great indigenous and popular uprising”.

The arrest saw hundreds of indigenous activists gather outside a military base in Latacunga where he had been taken. After riot police clashed with protestors, overnight on, it was announced on 15 June that Mr Iza had been released. He will still be charged and will face up to three years in prison. Despite his release, CONAIE are continuing to call for widespread protests across the country to continue. At the time of writing the protests have affected at least 10 of Ecuador’s provinces plus the capital.

SOLACE GLOBAL COMMENT

As stated, the protests were called for by CONAIE, to protest the rising cost of living, and in particular the rising cost of fuel. Recent months have seen Ecuador face mounting economic issues, such as rising inflation, rising unemployment, and rising poverty. In tandem to this, protestors are also aggrieved that the government has yet to address issues with the country’s price controls on agricultural products and have not acted on electoral promises to rollback mining concessions granted in Indigenous territories, create more jobs, and renegotiate farmers’ debts with banks.

Given that over one million people in the country are indigenous peoples, CONAIE can be a powerful political and social force. Indeed, protests organized by CONAIE have directly led to the downfall of three Ecuadorian presidents between 1997 and 2005. In recent years to try and stave of that fate, the current Conservative government led by President Lasso has held several rounds of talks with CONAIE on some the economic and social issues.

These talks have ultimately produced little of substance for either Lasso or CONAIE, and this combined with the mounting economic problems have led to the calls by CONAIE for protests and demonstrations. In at least releasing Mr Iza less than 24 hours after his arrest, the government likely realized that was a course of action which only served to inflame the situation. It is unlikely that the government will be able to swiftly create better economic conditions, and as such discontent is likely to continue into the short to medium term, however the threat of further protest action could be dissipated through good faith offers of talks and negotiations between the government and CONAIE.

SOLACE GLOBAL ADVICE

Solace Global remains available to provide the full range of Travel Risk Management services to clients. Solace Global is also able to provide comprehensive crisis management, response, and evacuation services.

For further details please contact +44 (0) 1202 308 810 or email us.

On 8 June at approximately 10:15 local time, a silver Renault Clio vehicle left the road at the corner of Kurfürstendamm and Rankestraße, mounting the pavement and striking pedestrians. The vehicle stopped as it crashed into a Douglas store on Tauentzienstrasse, Berlin, where it remains at the time of writing.

Berlin police have not yet confirmed whether the incident was caused by traffic accident or is being treated as a terrorist attack. The driver however has been arrested.

Eyewitnesses have reported several casualties, with the fire department establishing a patient treatment area on the corner of Kurfürstendamm and Rankestraße. Local media are reporting at least one killed and up to 30 injured.

Armed police and emergency services remain at the scene, with many roads nearby cordoned off.

SOLACE GLOBAL COMMENT

At time of publishing, there has been no confirmation from authorities that this is a terrorist incident, although it certainly bears all the hallmarks of one. Similarly, no group has yet claimed responsibility for the attack.

Vehicle ramming attacks are relatively unsophisticated and do not require a great deal of pre-planning. As such, they have become an increasingly valuable tactic for terrorist organisations operating in Europe – where access to firearms is severely limited and armed police are able to interdict attacks with bladed weapons. Indeed, the Islamic State (IS) group released an audio message in April 2022 announcing a renewed campaign of attacks in response to the killings of the group’s leader and spokesman. The message encouraged IS supporters to carry out knife and vehicle ramming attacks specifically, across both the United States and Europe.

It therefore remains likely that this represents a lone actor terrorist attack. Recent terrorist attacks in Europe have been conducted by individuals with violent Islamic ideology, extreme right-wing views or by individuals with probable mental health issues. It is noteworthy that this incident has occurred outside of a protestant chapel (Kapelle der Kaiser-Wilhelm), near to the site of the 2016 Christmas Market terror attack – in which an Islamist terrorist drove a truck into a crowded Christmas market.

There remains considerable potential for subsequent attacks in the greater Berlin area. The city is a particularly target-rich environment given the abundance of high-value infrastructure and the high population density. Individuals are highly advised to avoid the area and to follow all instructions issued by the police and emergency services at the scene. Be aware of the potential for follow-on attacks.

SOLACE GLOBAL ADVICE

Solace Global remains available to provide the full range of Travel Risk Management services to clients. Solace Global is also able to provide comprehensive crisis management, response, and evacuation services.

For further details please contact +44 (0) 1202 308 810 or email us.

On April 12 at around 08:30 am ET, gunfire and explosions were reported at the 36 th Street subway station in Sunset Park, Brooklyn. Either an explosive or smoke/incendiary device reportedly detonated before an individual opened fire, although it is currently unclear if the attack commenced on a train or at the platform. At least six individuals with gunshot wounds have been reported, with several other casualties being treated for smoke inhalation and panic related injuries. Several unexploded devices were also reportedly left at the scene, although the NYPD has since claimed that there are currently no active devices at the station.

Armed police and emergency services are currently at the station, with NYPD reportedly in pursuit of at least one suspect. Explosive Ordnance Disposal units also remain at the scene.

Imagery from social media shows multiple casualties and smoke visible in the air, amid unconfirmed reports that the perpetrator was wearing a construction outfit or high vis jacket and wearing a gas mask.

Police have now closed roads and subway stations in the vicinity of 36th Street station, whilst the R, D and N train services have been suspended in both directions in Brooklyn and at some Manhattan stations. Local schools are in shelter in place mode.

SOLACE GLOBAL COMMENT

At time of publishing, there has been no confirmation from authorities that this is a terrorist incident, although it certainly bears all the hallmarks of one. Similarly, no group has yet claimed responsibility for the attack.

Combinations of explosive devices, weapons and attempts at clothing concealment almost certainly indicate a considerable amount of pre planning for this attack, which appears to be more sophisticated than a typical mass shooting incident. The attack has been deliberately timed and targeted to inflict large numbers of casualties at a peak time in a busy subway station with large numbers of commuters. Similarly, the ensuing chaos would provide an excellent opportunity for perpetrator(s) to extract from the scene.

It therefore remains realistically possible that this represents a lone actor terrorist attack. Recent terrorist attacks in the US have been conducted by individuals with violent Islamic ideology, extreme right wing views or by individuals with probable mental health issues. It is noteworthy that this incident has occurred during the holy month of Ramadan and in the days immediately preceding the Easter holidays.

Given that the perpetrator(s) have not yet been detained, there remains considerable potential for subsequent attacks in the greater New York area. New York City is a particularly target rich environment given the abundance of high value infrastructure and the high population density.

Individuals are highly advised to avoid the area and to follow all instructions issued by the police and emergency services at the scene. Be aware of the potential for follow on attacks.

SOLACE GLOBAL ADVICE

Solace Global remains available to provide the full range of Travel Risk Management services to clients. Solace Global is also able to provide comprehensive crisis management, response, and evacuation services.

For further details please contact +44 (0) 1202 308 810 or email us.

At least five people were killed in a mass shooting in a Tel Aviv, Israel suburb on 29 March. The attack occurred in the ultra Orthodox Jewish area of Bnei Brak and began shortly before 20:00 local time. The perpetrator, identified as a 26 year old Palestinian man from Ya’bad in the West Bank, was shot dead by Israeli police several minutes after the attack began.

Footage of the incident was posted on social media and showed the gunman firing indiscriminately at apartment balconies and passers by in the vicinity of Bialik, Hertsel and Ha Shnayim streets. Among the victims were local residents , including a rabbi, as well as a responding police officer and two Ukrainian nationals. The death toll would almost certainly have been greater had the assailant’s rifle not malfunctioned on at least two occasions, as reported by eyewitnesses and survivors of the attack.

The attack was quickly declared an act of terrorism and triggered a large scale response from emergency service personnel and Israeli security forces. A heightened Israeli police and military presence was deployed to the scene amid concerns the shooter may have had accomplices.

According to Israeli media reports, the assailant was believed to have been working illegally at a construction site in Bnei Brak and had previously served a short prison sentence for security offences. At the time of publishing, it appears the gunman acted alone and was not affiliated to any terrorist group.

The killings were swiftly condemned by Israeli Prime Minister Naftali Bennett, other political figures and the international community. In a statement published shortly after the attack, PM Bennett said the country was “dealing with a new wave of terrorism.” He also reassured the population that Israeli security forces are “up to the task” and would prevail, despite the “great and complex challenge” posed by terrorism and violence.

Meanwhile, Palestinian terrorist organisations hailed the killings, with a Hamas official reportedly claiming the ‘Tel Aviv operation’ emphasised the unity of the Palestinian people. Moreover, the Palestinian Islamic Jihad group (PIJ), a US designated terrorist organisation , warned the attack was a “harbinger of our people’s operations to come”.

The attack in Bnei Brak marked the third fatal attack in Israel in the past week and caps one of the deadliest in recent years. Indeed, attacks were carried out in Hadera and Beersheva , on 27 and 22 March, respectively. Both attacks were indiscriminate in nature and carried out by Israeli Arabs armed with bladed weapons and/or firearms.

The assailants in the Hadera and Beersheva attacks were alleged to have links to the so called Islamic State (IS) terrorist group, raising concerns the group may be planning further violence to coincide with Muslim holy month of Ramadan, which begins on 2 April.

SOLACE GLOBAL COMMENT

The fact that this attack comes so soon after a spate of similar attacks will only fuel concerns that Israel may well be in the middle of another wave of violence. What is likely to be most concerning, however, is the fact that the majority of these recent attacks were carried out not by Palestinians, but by Arab or Bedouin Israeli citizens who have expressed an allegiance to the Islamic State group and were previously known to Israeli security services.

This recent shift in the demographics of attackers in Israel if it is seen to continue will spark fears that the country could see a wave of violence and terrorism emanating not from Gaza or the West Bank but from within Israeli borders from Arab and Bedouin majority towns. Such violence was seen in 2021 when towns such as Lod, Acre, Tiberius, and Haifa saw widespread unrest and sectarian violence between Arab and Jewish Israelis.

This spate of terror attacks comes at what is often a tense time within both Israel and the Palestinian territories. Ramadan begins on 2 April and is typically associated with an uptick in violence across the entirety of the Middle East, with night prayers drawing worshippers to al Aqsa in Jerusalem and many opting to remain within the vicinity of the mosque for the remainder of the month.

Nakba Day also occurs on 15 May, which marks the Palestinian commemoration of the “catastrophe” of the formation of the State of Israel, and often results in protests and clashes between the Israeli Defence Forces and Palestinians. Last year saw at least 29 injured on Nakba day as a result of protests and unrest. Furthermore, there are several events in Jerusalem specifically during the next month, including mass visits to the Western Wall, the Temple Mount, and the city of Jerusalem for the conclusion of Passover.

The wider geopolitical context for the uptick in violence is complex and multifactorial. It includes increasing official recognition for the state of Israel. At a summit in the Negev between the US, Israel and assembled Arab leaders , cooperation on several issues was agreed including broadening the nations who have signed the “Abraham Accords”. Alongside this, a meeting of the PLO central committee saw them agree to rescind its recognition of Israel and security cooperation across the West Bank.

Recognition or cooperation with Israel from other Arab states is often seen as zero sum game by Palestinians, in which they do not emerge victorious. As a result, such announcements often spark protests and a backlash. Further to this, Iranian influence on Hamas, who often call for protests and civil unrest in the Gaza strip, cannot be discounted especially when negotiations around the JCPOA are still ongoing.

In summary the tense geopolitical situation in the region, combined with the forthcoming key dates within Arab and Islamic culture means that more attacks are likely to occur in the short term. If these attacks continue to emanate from within Arab/Bedouin communities within Israel, then this will likely contribute to wider sectarian violence across the country. Attacks emanating from Israeli citizens are also harder for Israeli security services to counteract, as much of their counter terror operations are currently focuses on Palestinian nationals.

Key targets for attack are likely to include Israeli governmental and defence buildings, national transportation hubs. Meanwhile key areas for protests tend to be found around points of religious significance such as those around the old town of Jerusalem.

SOLACE GLOBAL ADVICE

Enquire using the form below for more information on bespoke intelligence services from our in-house analysts.

Data is a valuable commodity and the consequences of a data breach can cause not only a significant fine from the ICO, but irreversible reputation damage for a company too. Penetration Testing is important for organisations of all sizes. A well-structured and scoped penetration test can help reduce the cyber risk exposure of an organisation as well as protect both the organisations and their client’s data. It supports Data Protection compliance by evidencing regular testing (a GDPR requirement). Penetration Testing also assists with marketing. Once all the fixes are in place, the retest report can be a valuable marketing asset.

A penetration test from Solace Cyber, sometimes known as a pen test, is the process of replicating a cyber attack performed by a cyber security specialist. Pen testing will uncover security weaknesses by using the same methods that a hacker would, by replicating their approach as closely as possible against new vulnerabilities and exploits that become available daily.

A critical part of our testing methodology is to show you you not only what we found, but how we found it. Knowing how we found the issues is the key to your continual improvement, which is why we follow our tried and tested 6-step high level methodology for every penetration test.

Our team of experts spend 3 months a year keeping their skills up to date, meaning we are always one step ahead of the evolving cyber security threats and have a deep understanding of the latest threat ecosystem. This means  we can evaluate your business and identify your vulnerabilities, configuration weakness and gaps in protection to the highest quality.

We use a highly respected Council of Registered Ethical Security Testers (CREST) affiliated penetration testing service, followed up with a complimentary strategic session with our cyber security specialists once you have your results to help address any issues identified.

In-depth planning is a critical step to ensure a successful penetration test. This is one of the most critical steps in ensuring success in your penetration test. This is where we work together to define the scope, and the goal of the test rigorously to give you assurance every angle has been covered.

During the scoping call for your penetration test, we are looking to identify exactly what needs testing, how complex it is and how much time we will need to use to complete the penetration test to the best of our capability. We will also look to identify the goal of the penetration test. The goal could be as simple as “identify all the exploitable vulnerabilities”. It could be a lot more complex such as “pivot through an exploited host and attack the internal network to gain access to client data.”

Having a well-defined scope is the key to the success of your penetration test. Therefore, we can never answer the question of “how much is a penetration test” until we have had a call to discuss your penetration testing scope.

Russian owned companies have come under intense pressure from the west, and it is expected there will be more boycotts and sanctions to come, as the conflict continues.

However, what is uncertain, is what effects the financial or technological sanctions could have on Kaspersky antivirus protection. At the time of writing we understand the software is still updating, however Solace Cyber is advising clients to anticipate the possibility of disruption in service.

Concerns about Kaspersky antivirus aren’t new. The National Cyber Security Centre issued warnings against Kaspersky back in 2017 relating to the allegations from US government, that Kaspersky Labs had worked on secret projects with Russia’s Federal Security Service.

NCSC wrote to all government departments warning against the use of Kaspersky’s antivirus software, claiming there could be risks of data being exploited by the Russian government, and therefore compromise national security.

Although there are no proven links between the Russian FSS, Kaspersky have gone to great lengths to repair the damage with transparency campaigns in an effort to rebuild trust, following boycotts from the US and Dutch governments.

Solace Cyber technicians have seen antivirus routinely disabled or uninstalled as part of attacks from groups like Conti Ransomware, therefore our advice to all customers is that signature-based antivirus protection is no longer sufficient to deter new advanced cyber attacks.

While antivirus can prevent some types of ransomware, it lacks the intelligence that next generation machine-learning based solutions provides. We recommend replacing antivirus with Endpoint protection and response (EDR), that uses AI to understand abnormal behaviour, and critically, can stop a virus in its tracks from spreading and exfiltrating data within an organisation.

If you are looking at changing your antivirus, Solace Cyber can step in quickly and replace your Kaspersky solution with next-generation Fortinet Endpoint Detection and Response (EDR).

This is part of our 8 step cyber security journey, to optimise your resilience to cyber threats. Learn how it works

In response to the high levels of enquiries for trusted intelligence, we will be launching a new weekly Ukraine SITREP subscription, to update you on the latest developments and military movements.

Each report is written by Solace Global Intelligence Analysts and delivers a concise overview of the latest developments over the last 24 hours. Each report will give you a clear understanding on the present threats and a forecast on what could be expected next within the conflict areas.

Example page from 28th February 2022 report

Solace Global has a proven track record with emergency evacuations and operating within hostile or unstable environments. Our 24/7/365 security operations centre provides specialist crisis response and provides trusted, credible intelligence to give you a clear understanding on the present threats.

Our situation reports form part of our ongoing Ukraine security support, to assist those affected by the crisis in Ukraine. At time of writing we can assist with in-country support and emergency evacuations. Learn more here.

Complete the form below to enquire.

During the early hours of 24 February 2022, President Putin announced that a military operation was underway in the Donbas, urging Ukrainian Armed Forces in the East of the country to surrender and depart the area.   ​

Explosions have been reported in multiple cities across Eastern Ukraine, in addition to the capital city of Kyiv and Odessa in the south of the country. Ukrainian President Zelensky confirmed that Ukrainian infrastructure and border regions had been targeted by missile strikes, with at least 50 casualties officially confirmed. Information regarding the extent of damage to infrastructure is currently available. ​

Russia’s Ministry of Defence has claimed that only military infrastructure is being targeted by precision strikes, with Ukrainian air defence installations and Air Force bases the current focus of Russian missile activity. Ukraine’s Interior Ministry has also reportedly stated that Ukraine’s Command and Control Headquarters in Kyiv were targeted in strikes. 

Russian Armed Forces have also reportedly crossed from Belarus into the north of Ukraine, less than 200km from Kyiv depending on where the crossing occurred. Belarusian President Lukashenko has claimed to have prior knowledge of Russian invasion plans and that there is no threat to Belarus at this time. ​

Civilians in Kyiv are evacuating the city en masse, with a number of people seeking refuge in metro stations whilst many have boarded vehicles in an attempt to leave the city via road. Large traffic jams have also formed outside a number of other key population centres. ​

In a statement of defiance, President Zelensky claims that Ukrainian Armed Forces are actively resisting the Russian military advance. With a state of emergency already declared, President Zelensky announced the imposition of Martial Law on the morning of 24 February.

Russia almost certainly intends to rout the Ukrainian Armed Forces and aims to establish aerial superiority as rapidly as possible in order to set the conditions for a successful ground invasion. The extent of any further Russian advance will likely depend on multiple factors, not least whether Ukraine’s Government remains in place and functional, and whether Ukrainian Armed Forces can mount a concerted defence in the face of overwhelming Russian force superiority. ​

Despite President Putin’s announcement that military operations have commenced in the Donbas, reports that Russian Armed Forces have crossed the border from Belarus, deployed into Kharkiv and are amassing in Crimea, represent a significant escalation in the conflict if they are accurate. ​

It remains highly likely that Russia intends to conduct further offensive operations in Eastern Ukraine, beyond the territorial extent of the Donetsk and Luhansk Oblasts, utilising multiple axes of advance from the North, East and South of Ukraine. It is currently undetermined if Russian ground forces intend to advance on Kyiv, but this remains a realistic possibility in the short term.

Any such operations would almost certainly involve the deployment of additional Russian Armed Forces currently positioned around the Ukrainian border regions, as has already begun in Kharkiv and Belarus, and will likely manifest as a phased approach via key population centres along major supply routes. ​

Vital ground such as airfields would be secured, Ukrainian military command centres destroyed, and extensive missile strikes remain highly likely in the coming days. Missile strikes and aerial bombardment, although ostensibly targeting military infrastructure, are likely to cause considerable collateral damage to civilian infrastructure. ​

The situation in Ukraine has deteriorated rapidly and will almost certainly continue to do so in the short term. There remains considerable potential for the conflict to escalate considerably and with minimal warning, which will significantly impact any attempt to evacuate in what is an already chaotic environment.

As the situation is evolving rapidly, please get in touch on 01202 308810 for further information on what support is available, or complete the enquiry form below.

Fraudulent Microsoft365 emails and employees clicking on phishing emails could be a significant GDPR risk. The consequences of a security breach are greater than ever, with increasing costs to recover businesses each year. Checking with your IT team the following measures are in place can help decrease your likelihood of a data breach.

1. Do you audit Office365 regularly for security compromises?

Checking for security compromises regularly is important. We recommend a quarterly audit at a minimum, or monthly audits as best practice. This helps your business identify any breaches which could be lying dormant in your system.

2. Do you enforce additional security features such as Multi-Factor Authentication?

There are a multitude of security features which can be added, including conditional access and attack surface reduction. Ensure this is enforced across the estate to add an extra layer of security.

3. Do you know what personal data is within your Office365 tenant?

This is important to understand what information could be exposed if an attacker gains access via a phishing email. Information such as passwords, bank details, date of birth or medical data could be used by cyber criminals to clone an identity.

4. Do you regularly check the security setup of your Office365 tenant?

We recommend checking the security set up at least four times per year, or monthly checks as best practice.

5. Do you train your employees on the risks of phishing emails? 

The biggest cause of successful phishing attacks is due to human error. Training staff regularly and performing phishing simulations can decrease your chances of a breach.