The vulnerability, which is tracked as CVE-2023-27997 is a pre-authentication remote code execution vulnerability, which if left unpatched, could lead to critical organisational risk.

The SSL-VPN vulnerability would allow an attacker with zero credentials to execute arbitrary code during the pre-authentication stage. This means, the attacker could circumnavigate MFA.

The MOVEit transfer application used to transfer files has a zero-day vulnerability in the form of an SQL injection vulnerability. This in turn allows the adversary to drop a web shell on the host inside the MOVEit wwwroot directory. After which time, the attacker could then download any file within MOVEit and install a backdoor.

A known breach involving Zellis, a supplier of IT services for payroll and human resources says a “small number” of organisations have been affected.

The ransomware group “Cl0p” has posted on their ransomware site that they are exploiting the MOVEit vulnerability. Microsoft have also attributed the attack to Cl0p. The recent attacks do not show signs of encryption, although there is potential for this to occur as well as lateral spread.

The group states on their Darknet page that they’ll post the names of the organisations compromised on June 14th 2023 if the targeted organisation hasn’t already contacted them. In the past 24 hours the BBC, Boots and British Airways have confirmed they’ve been impacted.

The UK’s National Cyber Security Centre said it was “monitoring the situation” and urged organisations using the compromised software to carry out security updates. As of today, results from internet reconnaissance show that there are 127 instances in the UK of the MoveIT Transfer application and 1853 in the US.

Due to the growing number of compromised organisations and the current supply chain spread the impact is still yet to be fully materialised.

Organisations without the vendor’s latest patch against CVE-2023-34362 should assume breach and conduct investigative and remediation efforts where the service is publicly accessible.

The vulnerability has been exploited by the threat group APT28, also known as Fancy Bear, Sofacy, and STRONTIUM since April 2022.

It was initially reported to Microsoft by the Ukrainian CERT. According to Microsoft, “a Russia-based threat actor” exploited the vulnerability in targeted attacks against several European organizations in government, transportation, energy, and military sectors.

Currently 15 organisations are believed to have been targeted or breached using CVE-2023-23397.

Solace Cyber Head of Incident Response believes with high certainty that this particular vulnerability will be used by other threat actors – equating to a vast quantity of attacks in the coming days to weeks.

As of 16/03/2023 proof of concept code has been developed by security researchers and it is likely to be used in subsequent attacks by other threat actors.

The attack involves the attacker sending an Outlook note or task to the victim, triggering the notification sound file mechanism, which sends an NTLM negotiation request to the attacker-controlled SMB share. The threat actors accomplish this using extended MAPI properties that contain UNC paths. The vulnerability can be exploited with a simple, specially crafted email, even if the victim doesn’t open the item.

However, it’s worth noting that this vulnerability cannot be exploited with Outlook for iOS, Mac, or Outlook for Android. Nevertheless, it affects all Windows versions of Outlook that are currently supported.  

Note: Those at a higher risk include remote workers due to home firewalls that do not block SMB traffic.

This can be done by emailing all end users to advise a manual update of Microsoft Office (click-to-run) or updating via alternative methods. If you require assistance with auto-patching solace cyber can assist.

Preferably this is run in audit mode only so that forensic data can be reviewed. If the script produces results it is recommended that you review the UNC paths in the outlook items to ensure no exploitation has occurred. 

At around 06:45 local time on 11 January 2023, several people were injured after a lone individual attacked commuters at the Gare du Nord train station in Paris, France. Those present during the incident suggested that the attacker was targeting passengers indiscriminately.

Police officers responding to the incident reportedly fired several shots at the attacker, who was arrested at the scene and remains in a critical condition. Unverified reports suggest that the attacker was first interdicted by an off-duty police officer, although this has not been officially confirmed.

The French Interior Minister Gérald Moussa Darmanin has confirmed that six people have been injured in the attack, including one police officer. A security cordon remains in place around the station, with emergency services still on site.

Police and security officials have not commented on a suspected motive for the attack, and a criminal investigation has been launched.

In the immediate aftermath of the incident, rail network TER Hauts-de-France noted that rail traffic had been disrupted both to and from Paris Nord, with some services still delayed. Limited disruption has been reported for the local road network.

Although officials have not commented on the exact motive for the attack, the methodology (bladed weapon) and targeting preferences (busy transport hub during morning commute) indicate that this incident is highly likely to be terror-related.

There have been a considerable number of high-profile terror incidents in France in recent years, with most attacks in the 21st century conducted either by violent Islamist extremists, or by individuals with extreme right-wing or racist ideologies.

The apparently indiscriminate nature of this attack likely suggests that this incident was an act of Islamist terror, since racially- motivated attacks are highly targeted.

The attack at the Gare du Nord comes less than three weeks (23 December) after a racially-motivated shooting attack killed three at a Kurdish cultural centre and nearby café on the Rue d’Enghien, in the 10th arrondissement, less than 2km from the Gare du Nord station. That incident prompted extensive unrest amongst the local Kurdish population and was condemned by the Kurdish Democratic Council of France (CDK-F).

Previous Islamist terror attacks in France have been motivated by perceived or genuine attacks against ethnic minority, immigrant or Islamic communities.

As of 4th October 2022, Microsoft have confirmed that two Zero-day vulnerabilities affect Microsoft Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019. Microsoft have stated that Exchange Online customers do not need to take any action, however if you have a Hybrid Exchange infrastructure this advice still applies.

Further updates and details on the potential vulnerability can be found here

In addition to Microsoft guidance, Solace Cyber recommend that the mitigation be further tightened by altering the URL block string:

.*autodiscover\.json.*Powershell.*

Solace Cyber are offering an initial consultation to determine if a compromise has already occurred and can action any implementation required to secure your operations.

This update is correct as of 12.23 GMT on 4th October 2022. The situation continues to develop rapidly, so please contact the team for an initial conversation with the latest advice.

At around 0400 local time, gunfire and explosions were reported from military bases inside Ouagadougou. Eyewitnesses and social media also reported gunfire from the vicinity of the Presidential Palace and Camp Baba Sy, where the current transitional government headquarters are located. Multiple roads inside the capital are reportedly blocked and military personnel have deployed on the streets. Local media claim that the immediate vicinity of the national television offices (RTB) is inaccessible due to military roadblocks. Images posted to social media appear to indicate state TV outages in Burkina Faso, although this has not been confirmed.

Heavily armed personnel are now reportedly present along the “strategic axes” of Ouagadougou, although no further details regarding their exact location are currently available. The current whereabouts of Burkina Faso’s President Paul Henri Damiba, who came to power after a military coup in January 2022, are also unconfirmed, although he reportedly remains inside the capital.

Sporadic gunfire continues several hours after the initial reports of violence. The situation remains highly volatile, with violence ongoing throughout the capital, and the current tactical situation remains unclear due to difficulties obtaining accurate information from the ground. Burkina Faso has rapidly become the epicentre of the violence that began in neighbouring Mali in 2012 but which has since spread across the Sahel region south of the Sahara Desert. The Burkina Faso military has been conducting a series of operations against Islamist militants across the country’s East and Sahel regions in recent months, with military forces claiming to have killed over 100 militants in the past month alone.

Although not yet confirmed, this incident bears all the hallmarks of an attempted military coup. Burkina Faso last experienced a military coup in January 2022 and has been under transitional military rule since then. During the January coup, gunfire was reported from military bases across the capital and soldiers were reported to have seized the Sangoulé Lamizana barracks and surrounded the RTB offices. Soldiers subsequently appeared on national TV to announce the overthrow of former President Roch Kabore. Around eight days later, the military junta restored the constitution and appointed Paul-Henri Sandaogo Damiba as interim president.

Control of state television apparatus appears to be a reliable coup indicator. In 2021, soldiers appeared on national television in Guinea to announce a military coup which deposed longstanding President Alpha Conde. In this way, further reports of soldiers entering the RTB offices in Ouagadougou should be considered likely indicators of a confirmed coup attempt.

Although unclear, ‘strategic axes’ of the capital very likely refer to the Boulevard des Tensoba, the area around the US Embassy and Presidential Palace near Boulevard Muammar Kaddafi, Avenue Kadiogo and Avenue de la Nation.

The situation in the capital comes just 24 hours after protests against President Damiba, blaming him for the deteriorating security situation in the country, and just days after at least ten soldiers were killed and 30 injured in an attack on a military convoy near Gaskindé. These incidents follow a sustained pattern of violence in the north of the country which appears to be spreading to the capital, as security forces battle to contain an expanding Islamist militancy. On 7 August, the government were forced to deny reports that they intended to sign a truce with militant groups until their planned transition to democracy was complete.

It therefore remains likely that elements within the Burkina Faso military have attempted to launch a coup against the current junta. The situation will almost certainly remain delicate and highly volatile in the immediate term.

• Widespread unrest and violence remain possible in the short term. Travellers should avoid all ongoing military activity and any large public gatherings as the security situation may deteriorate quickly and without warning.
• In the event of a significant security development, travellers in Burkina Faso should follow any instructions issued by the government or military authorities.
• If violence escalates inside the capital, consider departing from Ouagadougou whilst commercial options are available.
• Key military and political infrastructure inside the capital are very likely to remain focal points for violence. You should be particularly vigilant in these areas and follow any specific advice from the local
security authorities.
• Expect significant travel disruption and an enhanced security force posture inside Ouagadougou in the short term.
• Always follow all instructions and orders from security forces. ​Where possible, avoid areas of active conflict and remain inside a secure location away from windows.

• Ensure that you always carry personal identification documents. Consider making photocopies of important documents in case of confiscation, theft or loss.​
• Emergency services may be unable to support you in the short term. Be aware of what consular support may be available to you in-country.
• Exercise increased caution, remain vigilant, be aware of your surroundings and report any suspicious activity to security personnel as soon as possible.
• If caught in the vicinity of a security incident, seek shelter immediately and leave the area if safe to do so. Continue to adhere to all instructions issued by authorities and obey any security cordons in place.
• Monitor the Solace Secure platform and trusted local media for updates.

On 15 August, violence erupted at the Bomas of Kenya in Nairobi, as the Independent Electoral and Boundaries Commission (IEBC) had been scheduled to release the results of the Kenyan general election. Live footage from the venue showed physical altercations breaking out between attendees, with military
personnel intervening to break up the violence.

Earlier on 15 August the IEBC had announced a delay in releasing the results, although did not specify a reason for the delay. Separately, four commissioners of the IEBC held a press conference at the Serena Hotel in Nairobi, in which they stated that they could not “take ownership of the results” due to concerns over their opaqueness. As the violent scenes emerged and news broke of the division within the IEBC, it
was announced that riot police across the country had been placed on standby, with Kenya’s highest bishop calling for calm and peace to prevail.

In the days since the 9 August election, the IEBC has been verifying the vote tallies provided by the country’s polling stations. In this interim period, both main presidential candidates have alluded to voting irregularities and of fighting the result in courts. Meanwhile, the delay between voting and the announcement of a result had only led to further speculation and disinformation around the legitimacy
of the vote.
Around 20 minutes after the initial chaotic scenes at the Bomas of Kenya, and despite four of the seven IEBC commissioners stating they could not back the results, the IEBC announced that William Ruto had won the election with 7,176,141 votes – amounting to 50.49 percent of the total valid votes. The pre-election favourite, Raila Odinga, received 6,942,930 votes – representing 48.85 percent of the votes cast.

In 2007, post election violence resulted in more than 1,500 civilian deaths, whilst in 2017 at least fifty were killed and the election result was seen as so contentious that the country’s Supreme court ruled the vote should be re-run. Odinga has run for president on five occasions and has lost each time he has run.
He has also disputed the final election result following each loss, which set the conditions of suspicion and mistrust, and ultimately precipitated previous outbreaks of post-election violence. Given that Odinga was seen as the favourite to win the Presidency during the 2022 election, the closeness of the declared result and the inconsistency from the IEBC on 15 August, it is highly likely that he will once more
attempt to contest the election results.

Regardless of whether Odinga officially disputes the result, it is highly likely that his supporters will rally against the result. Any such unrest is highly likely to become violent. The city of Kisumu, which is home to a large pro-Odinga voting bloc, has already begun to see protests break out against alleged vote rigging, whilst in the Kibera area of Nairobi there are reports that riots have begun to break out. Further
unrest is likely to remain centred on the political centres of gravity in Nairobi, with the State House, Central Business District, and Serena Hotel all probable areas of unrest in the short term.

It is noteworthy that this was the first election in which there was no candidate from Kenya’s largest tribe, the Kikuyu. As a result, if election violence and unrest begins to spread across the country, there is a realistic possibility that it will avoid the traditional split along ethnic and tribal lines. Consequently, post-election violence may occur more widely across Kenya, as it would not be centred on tribal population centres, although it may be less extreme than levels observed during previous elections in which a Kikuyu candidate was participating.

Our team of risk management specialists and intelligence analysts, combined with on-the-ground security support from our global partner network can help secure your operations.

Learn more about how we can secure your operations

Be in the know with intelligence reports built directly around your operational requirements.

On 12 June large scale protests were organised by the powerful Confederation of Indigenous Nationalities of Ecuador (CONAIE). These protests are about Ecuador’s rising cost of living and high inflation, in particular the rising cost of fuel.

The country has seen demonstrators block roads with burning tires and barricades of sands, rocks and tree branches. Routes in and out of the capital city, Quito, have been blocked, whilst in the capital police vehicles have been set alight. The protests have been severe enough to disrupt some public services and the functioning of some economic sectors. For example, state oil company Petroecuador has had to halt operations at its facilities as a result of the unrest.

On 14 June it was reported that the President of CONAIE, Leonidas Iza, had been arrested on charges of “inciting protests” and “sabotage”. His arrest only further inflamed the situation with a spokesperson for CONAIE stating that there would be a “deepening of the struggle” and a “radicalization of the great indigenous and popular uprising”.

The arrest saw hundreds of indigenous activists gather outside a military base in Latacunga where he had been taken. After riot police clashed with protestors, overnight on, it was announced on 15 June that Mr Iza had been released. He will still be charged and will face up to three years in prison. Despite his release, CONAIE are continuing to call for widespread protests across the country to continue. At the time of writing the protests have affected at least 10 of Ecuador’s provinces plus the capital.

SOLACE GLOBAL COMMENT

As stated, the protests were called for by CONAIE, to protest the rising cost of living, and in particular the rising cost of fuel. Recent months have seen Ecuador face mounting economic issues, such as rising inflation, rising unemployment, and rising poverty. In tandem to this, protestors are also aggrieved that the government has yet to address issues with the country’s price controls on agricultural products and have not acted on electoral promises to rollback mining concessions granted in Indigenous territories, create more jobs, and renegotiate farmers’ debts with banks.

Given that over one million people in the country are indigenous peoples, CONAIE can be a powerful political and social force. Indeed, protests organized by CONAIE have directly led to the downfall of three Ecuadorian presidents between 1997 and 2005. In recent years to try and stave of that fate, the current Conservative government led by President Lasso has held several rounds of talks with CONAIE on some the economic and social issues.

These talks have ultimately produced little of substance for either Lasso or CONAIE, and this combined with the mounting economic problems have led to the calls by CONAIE for protests and demonstrations. In at least releasing Mr Iza less than 24 hours after his arrest, the government likely realized that was a course of action which only served to inflame the situation. It is unlikely that the government will be able to swiftly create better economic conditions, and as such discontent is likely to continue into the short to medium term, however the threat of further protest action could be dissipated through good faith offers of talks and negotiations between the government and CONAIE.

SOLACE GLOBAL ADVICE

Solace Global remains available to provide the full range of Travel Risk Management services to clients. Solace Global is also able to provide comprehensive crisis management, response, and evacuation services.

For further details please contact +44 (0) 1202 308 810 or email us.

On 8 June at approximately 10:15 local time, a silver Renault Clio vehicle left the road at the corner of Kurfürstendamm and Rankestraße, mounting the pavement and striking pedestrians. The vehicle stopped as it crashed into a Douglas store on Tauentzienstrasse, Berlin, where it remains at the time of writing.

Berlin police have not yet confirmed whether the incident was caused by traffic accident or is being treated as a terrorist attack. The driver however has been arrested.

Eyewitnesses have reported several casualties, with the fire department establishing a patient treatment area on the corner of Kurfürstendamm and Rankestraße. Local media are reporting at least one killed and up to 30 injured.

Armed police and emergency services remain at the scene, with many roads nearby cordoned off.

SOLACE GLOBAL COMMENT

At time of publishing, there has been no confirmation from authorities that this is a terrorist incident, although it certainly bears all the hallmarks of one. Similarly, no group has yet claimed responsibility for the attack.

Vehicle ramming attacks are relatively unsophisticated and do not require a great deal of pre-planning. As such, they have become an increasingly valuable tactic for terrorist organisations operating in Europe – where access to firearms is severely limited and armed police are able to interdict attacks with bladed weapons. Indeed, the Islamic State (IS) group released an audio message in April 2022 announcing a renewed campaign of attacks in response to the killings of the group’s leader and spokesman. The message encouraged IS supporters to carry out knife and vehicle ramming attacks specifically, across both the United States and Europe.

It therefore remains likely that this represents a lone actor terrorist attack. Recent terrorist attacks in Europe have been conducted by individuals with violent Islamic ideology, extreme right-wing views or by individuals with probable mental health issues. It is noteworthy that this incident has occurred outside of a protestant chapel (Kapelle der Kaiser-Wilhelm), near to the site of the 2016 Christmas Market terror attack – in which an Islamist terrorist drove a truck into a crowded Christmas market.

There remains considerable potential for subsequent attacks in the greater Berlin area. The city is a particularly target-rich environment given the abundance of high-value infrastructure and the high population density. Individuals are highly advised to avoid the area and to follow all instructions issued by the police and emergency services at the scene. Be aware of the potential for follow-on attacks.

SOLACE GLOBAL ADVICE

Solace Global remains available to provide the full range of Travel Risk Management services to clients. Solace Global is also able to provide comprehensive crisis management, response, and evacuation services.

For further details please contact +44 (0) 1202 308 810 or email us.

On April 12 at around 08:30 am ET, gunfire and explosions were reported at the 36 th Street subway station in Sunset Park, Brooklyn. Either an explosive or smoke/incendiary device reportedly detonated before an individual opened fire, although it is currently unclear if the attack commenced on a train or at the platform. At least six individuals with gunshot wounds have been reported, with several other casualties being treated for smoke inhalation and panic related injuries. Several unexploded devices were also reportedly left at the scene, although the NYPD has since claimed that there are currently no active devices at the station.

Armed police and emergency services are currently at the station, with NYPD reportedly in pursuit of at least one suspect. Explosive Ordnance Disposal units also remain at the scene.

Imagery from social media shows multiple casualties and smoke visible in the air, amid unconfirmed reports that the perpetrator was wearing a construction outfit or high vis jacket and wearing a gas mask.

Police have now closed roads and subway stations in the vicinity of 36th Street station, whilst the R, D and N train services have been suspended in both directions in Brooklyn and at some Manhattan stations. Local schools are in shelter in place mode.

SOLACE GLOBAL COMMENT

At time of publishing, there has been no confirmation from authorities that this is a terrorist incident, although it certainly bears all the hallmarks of one. Similarly, no group has yet claimed responsibility for the attack.

Combinations of explosive devices, weapons and attempts at clothing concealment almost certainly indicate a considerable amount of pre planning for this attack, which appears to be more sophisticated than a typical mass shooting incident. The attack has been deliberately timed and targeted to inflict large numbers of casualties at a peak time in a busy subway station with large numbers of commuters. Similarly, the ensuing chaos would provide an excellent opportunity for perpetrator(s) to extract from the scene.

It therefore remains realistically possible that this represents a lone actor terrorist attack. Recent terrorist attacks in the US have been conducted by individuals with violent Islamic ideology, extreme right wing views or by individuals with probable mental health issues. It is noteworthy that this incident has occurred during the holy month of Ramadan and in the days immediately preceding the Easter holidays.

Given that the perpetrator(s) have not yet been detained, there remains considerable potential for subsequent attacks in the greater New York area. New York City is a particularly target rich environment given the abundance of high value infrastructure and the high population density.

Individuals are highly advised to avoid the area and to follow all instructions issued by the police and emergency services at the scene. Be aware of the potential for follow on attacks.

SOLACE GLOBAL ADVICE

Solace Global remains available to provide the full range of Travel Risk Management services to clients. Solace Global is also able to provide comprehensive crisis management, response, and evacuation services.

For further details please contact +44 (0) 1202 308 810 or email us.

At least five people were killed in a mass shooting in a Tel Aviv, Israel suburb on 29 March. The attack occurred in the ultra Orthodox Jewish area of Bnei Brak and began shortly before 20:00 local time. The perpetrator, identified as a 26 year old Palestinian man from Ya’bad in the West Bank, was shot dead by Israeli police several minutes after the attack began.

Footage of the incident was posted on social media and showed the gunman firing indiscriminately at apartment balconies and passers by in the vicinity of Bialik, Hertsel and Ha Shnayim streets. Among the victims were local residents , including a rabbi, as well as a responding police officer and two Ukrainian nationals. The death toll would almost certainly have been greater had the assailant’s rifle not malfunctioned on at least two occasions, as reported by eyewitnesses and survivors of the attack.

The attack was quickly declared an act of terrorism and triggered a large scale response from emergency service personnel and Israeli security forces. A heightened Israeli police and military presence was deployed to the scene amid concerns the shooter may have had accomplices.

According to Israeli media reports, the assailant was believed to have been working illegally at a construction site in Bnei Brak and had previously served a short prison sentence for security offences. At the time of publishing, it appears the gunman acted alone and was not affiliated to any terrorist group.

The killings were swiftly condemned by Israeli Prime Minister Naftali Bennett, other political figures and the international community. In a statement published shortly after the attack, PM Bennett said the country was “dealing with a new wave of terrorism.” He also reassured the population that Israeli security forces are “up to the task” and would prevail, despite the “great and complex challenge” posed by terrorism and violence.

Meanwhile, Palestinian terrorist organisations hailed the killings, with a Hamas official reportedly claiming the ‘Tel Aviv operation’ emphasised the unity of the Palestinian people. Moreover, the Palestinian Islamic Jihad group (PIJ), a US designated terrorist organisation , warned the attack was a “harbinger of our people’s operations to come”.

The attack in Bnei Brak marked the third fatal attack in Israel in the past week and caps one of the deadliest in recent years. Indeed, attacks were carried out in Hadera and Beersheva , on 27 and 22 March, respectively. Both attacks were indiscriminate in nature and carried out by Israeli Arabs armed with bladed weapons and/or firearms.

The assailants in the Hadera and Beersheva attacks were alleged to have links to the so called Islamic State (IS) terrorist group, raising concerns the group may be planning further violence to coincide with Muslim holy month of Ramadan, which begins on 2 April.

SOLACE GLOBAL COMMENT

The fact that this attack comes so soon after a spate of similar attacks will only fuel concerns that Israel may well be in the middle of another wave of violence. What is likely to be most concerning, however, is the fact that the majority of these recent attacks were carried out not by Palestinians, but by Arab or Bedouin Israeli citizens who have expressed an allegiance to the Islamic State group and were previously known to Israeli security services.

This recent shift in the demographics of attackers in Israel if it is seen to continue will spark fears that the country could see a wave of violence and terrorism emanating not from Gaza or the West Bank but from within Israeli borders from Arab and Bedouin majority towns. Such violence was seen in 2021 when towns such as Lod, Acre, Tiberius, and Haifa saw widespread unrest and sectarian violence between Arab and Jewish Israelis.

This spate of terror attacks comes at what is often a tense time within both Israel and the Palestinian territories. Ramadan begins on 2 April and is typically associated with an uptick in violence across the entirety of the Middle East, with night prayers drawing worshippers to al Aqsa in Jerusalem and many opting to remain within the vicinity of the mosque for the remainder of the month.

Nakba Day also occurs on 15 May, which marks the Palestinian commemoration of the “catastrophe” of the formation of the State of Israel, and often results in protests and clashes between the Israeli Defence Forces and Palestinians. Last year saw at least 29 injured on Nakba day as a result of protests and unrest. Furthermore, there are several events in Jerusalem specifically during the next month, including mass visits to the Western Wall, the Temple Mount, and the city of Jerusalem for the conclusion of Passover.

The wider geopolitical context for the uptick in violence is complex and multifactorial. It includes increasing official recognition for the state of Israel. At a summit in the Negev between the US, Israel and assembled Arab leaders , cooperation on several issues was agreed including broadening the nations who have signed the “Abraham Accords”. Alongside this, a meeting of the PLO central committee saw them agree to rescind its recognition of Israel and security cooperation across the West Bank.

Recognition or cooperation with Israel from other Arab states is often seen as zero sum game by Palestinians, in which they do not emerge victorious. As a result, such announcements often spark protests and a backlash. Further to this, Iranian influence on Hamas, who often call for protests and civil unrest in the Gaza strip, cannot be discounted especially when negotiations around the JCPOA are still ongoing.

In summary the tense geopolitical situation in the region, combined with the forthcoming key dates within Arab and Islamic culture means that more attacks are likely to occur in the short term. If these attacks continue to emanate from within Arab/Bedouin communities within Israel, then this will likely contribute to wider sectarian violence across the country. Attacks emanating from Israeli citizens are also harder for Israeli security services to counteract, as much of their counter terror operations are currently focuses on Palestinian nationals.

Key targets for attack are likely to include Israeli governmental and defence buildings, national transportation hubs. Meanwhile key areas for protests tend to be found around points of religious significance such as those around the old town of Jerusalem.

SOLACE GLOBAL ADVICE

Enquire using the form below for more information on bespoke intelligence services from our in-house analysts.