Research: Potential and Realized Threats to the United Kingdom

March 7, 2018 | Anomali Labs

Anomali recently conducted research to assess the threat landscape of the United Kingdom and determine where adversaries may choose to focus their attention. The report examines various Critical National Infrastructures such as communications, defence, civil nuclear, etc. and identifies past and potential attacks.

Findings indicate that diversification of companies, largely in size, adds additional resilience to those sectors that may be targeted. However, geographical “clusters” that hold a high percentage of key sites and are depend interdependent on one another, such as chemicals, civil nuclear, and energy, produce complications for defencive efforts.

“When reviewing the information related to visible infrastructure in the UK through the Shodan Internet scanning site, it is possible to see open Remote Desktop Protocol (RDP) and Virtual Network Computing (VNC) ports for a number of organisations that are either direct or indirect suppliers of services to the CNI. These exposures could serve as entry points to attackers depending on the underlying systems’ criticality, interconnectedness with other resources, and the presence or absence of other security controls.”

Further areas of possible concern include those sectors that are undergoing technological upgrades, such as emergency services communications, civil  nuclear, energy, and transportation. Perhaps the most widespread concern across all sectors though are the impending effects of Brexit.

“There is anxiety over the loss of long-standing commercial relationships, loss of labour, and loss of participation in ongoing projects. The process of reestablishing trade relationships or current ones being revised may provide opportunities for attackers looking to take advantage of the disruptions in these partnerships.”

Download the report for additional insights and analysis.

Anomali Labs
About the Author

Anomali Labs

Get the latest threat intelligence news in your email.