Penetration Testing: Demonstrate your Customer’s Data is Safe

Win Your Customers’ Trust

Data is a valuable commodity and the consequences of a data breach can cause not only a significant fine from the ICO, but irreversible reputation damage for a company too. Penetration Testing is important for organisations of all sizes. A well-structured and scoped penetration test can help reduce the cyber risk exposure of an organisation as well as protect both the organisations and their client’s data. It supports Data Protection compliance by evidencing regular testing (a GDPR requirement). Penetration Testing also assists with marketing. Once all the fixes are in place, the retest report can be a valuable marketing asset.

How Penetration Testing Works

A penetration test from Solace Cyber, sometimes known as a pen test, is the process of replicating a cyber attack performed by a cyber security specialist. Pen testing will uncover security weaknesses by using the same methods that a hacker would, by replicating their approach as closely as possible against new vulnerabilities and exploits that become available daily.

A critical part of our testing methodology is to show you you not only what we found, but how we found it. Knowing how we found the issues is the key to your continual improvement, which is why we follow our tried and tested 6-step high level methodology for every penetration test.

Experts in Finding Vulnerabilities Your IT Team May have Missed

Our team of experts spend 3 months a year keeping their skills up to date, meaning we are always one step ahead of the evolving cyber security threats and have a deep understanding of the latest threat ecosystem. This means  we can evaluate your business and identify your vulnerabilities, configuration weakness and gaps in protection to the highest quality.

We use a highly respected Council of Registered Ethical Security Testers (CREST) affiliated penetration testing service, followed up with a complimentary strategic session with our cyber security specialists once you have your results to help address any issues identified.

Our services cover all types of Penetration Test including, but not limited to:

  • API and Backend Systems
  • Infrastructure – Internal, External & Cloud
  • Mobile Applications – Android, iOS & Windows
  • PCI-DSS
  • Physical
  • Remote Access & VPN Systems
  • Social Engineering
  • Web Applications – from Blogs to Ecommerce

The Key to a Successful Penetration Test

In-depth planning is a critical step to ensure a successful penetration test. This is one of the most critical steps in ensuring success in your penetration test. This is where we work together to define the scope, and the goal of the test rigorously to give you assurance every angle has been covered.

During the scoping call for your penetration test, we are looking to identify exactly what needs testing, how complex it is and how much time we will need to use to complete the penetration test to the best of our capability. We will also look to identify the goal of the penetration test. The goal could be as simple as “identify all the exploitable vulnerabilities”. It could be a lot more complex such as “pivot through an exploited host and attack the internal network to gain access to client data.”

Having a well-defined scope is the key to the success of your penetration test. Therefore, we can never answer the question of “how much is a penetration test” until we have had a call to discuss your penetration testing scope.

Speak to a cyber security specialist

Enquire using the form below

Contact Now

    Alert Plus – Houthi Drone Attacks – March 2022

    SITUATION SUMMARY: Houthi Drone Attacks

    March 2022

    Following reports of a large explosion in Jeddah on 25 March, it was reported that the North Jeddah Bulk Plant had caught fire after being targeted by a Houthi drone or missile attack The Aramco site is located on the edge of the Al Marwah neighbourhood, approximately 4 km southeast of the King Abdulaziz International Airport and 11 km east of the Jeddah Corniche Circuit.

    Footage shared on social media showed large plumes of black smoke emanating from the site, with a large fire also clearly visible. Due to the proximity of the strike to Jeddah’s airport considerable disruption to aviation operations was also reported.

    Flight data from Jeddah’s King Abdulaziz airport indicated that several arriving and departing flights from 16 30 to 19 30 local time were either delayed or diverted to other airports including Medina’s Prince Mohammad Bin Abdulaziz International Airport.

    At the time of publishing, there had been no official confirmation of the strike on Jeddah from either the Saudi authorities or Aramco, nor had there been any indication of casualty numbers.

    The strike on the Aramco site in Jeddah followed earlier reports that the Royal Saudi Air Defense Forces had intercepted and destroyed six weaponised drones targeting Jizan, Najran, and Asir near the southern border region with Yemen.

    Whilst the RSDAF claimed they had successfully intercepted these drones the Saudi Press Agency announced that Houthi projectiles had struck a power distribution centre and water tanks of the National Water Company located in Samtah Jizan Dhahran Al
    Janub and Asir respectively. As a result, the power centre caught fire leading to localised power outages.

    Houthi strikes on Jizan and Asir are comparatively frequent, given their proximity to the Yemeni border region and therefore Houthi launch sites.Damage to infrastructure from successful strikes is therefore much more likely to occur in the south of the country.

    Houthi forces have previously demonstrated a long range strike capability, with hydrocarbon facilities in Jeddah having already been targeted earlier in the week.

    SOLACE GLOBAL COMMENT

    Today’s attack is likely to be the second in less than a week on the North Jeddah Bulk Plant. Five days prior, the Arab coalition confirmed that a fire at a Jeddah Aramco plant had been caused by a Houthi strike. Whilst it is not currently clear if the same facility has been targeted today, this remains a highly credible possibility.

    In recent times the Houthis have proven the capability to fire at targets deep within Saudi and even Emirati territory, as they benefit from increasingly sophisticated weaponry. Despite this enhanced capability, Saudi Arabian Air forces are frequently successful in intercepting such attacks before they reach populated urban environments.

    In January it was reported that Saudi Arabian supplies of patriot missiles, which they maintain are key to their air defence, had almost been completely depleted. On 21 March, it was announced that US President Biden had agreed to transfer a “significant number” of Patriot interceptors to the Saudis to replenish their supplies and to ease tensions in the wider US-Saudi relationship over their conduct in Yemen.

    As result of the successful strikes on Jeddah, the global price of oil immediately spiked amid fears that this attack would lead to further disruption to global oil supplies.

    The activity observed today represents the broadest Houthi attack on Saudi Arabia in recent months, with at least three locations targeted and multiple weapon systems deployed. Saturation of Saudi airspace by Houthi aerial activity over much of 25 March is likely to explain why the strikes at Jeddah were not successfully intercepted.

    It is highly likely that these attacks have been timed to occur whilst Saudi missile defences remain partially combat ineffective, before the Saudi Armed Forces can operationally deploy the new patriot interceptors and significantly improve their ability to intercept Houthi projectiles or aerial systems.

    The decision may have also been taken in relation to the fact that much of the world is currently focused on the price of oil, due to the consequences of the Russian invasion of Ukraine. Houthi forces have likely calculated that an attack on an oil facility in Saudi Arabia will reverberate more forcefully than it would have done even just one or two months previously. Similarly, additional western interest had been focused on Jeddah in anticipation of the scheduled Formula 1 Grand Prix this weekend.

    Given the close relationship between the Houthis and Iran, it also cannot be definitively ruled out that the current trajectory of the JCPOA negotiations between Iran and other states have also played into the timings of this attack.

    Further attacks on infrastructure in Jeddah remain realistically possible in the immediate term, whilst it is highly likely that the Houthis will continue to strike targets across wider Saudi Arabia for the foreseeable future. These attacks will mainly target locations close to the Yemeni border, as the likelihood of interception increases for attacks deeper into Saudi territory.

    SOLACE GLOBAL ADVICE

    In general, Saudi Arabian air defence systems have been extremely effective in mitigating the Houthi missile/drone threat, with relatively few projectiles reaching their intended targets, particularly outside of the southern border region.

    As such, travellers in Saudi Arabia should continue to operate with relevant precautions.

    • Individuals in the kingdom should keep up to date with the latest developments.
    • Individuals are advised to reconfirm itineraries and expect possible travel disruption.
    • Adhere to all instructions issued by the authorities and follow all warnings regarding any further possible rocket attacks.
    • Seek shelter immediately when rocket attack sirens sound.
    • All travel to Saudi Arabia’s southern border region is strongly advised against due to the proximity of the ongoing fighting in Yemen and increased risk of successful airborne attacks.
    • All travel to Yemen is advised against at this time due to the severe risks associated with the ongoing conflict.
    • Due to the frequency of recent Houthi attacks and other security incidents, regional tensions remain high.
    • Further incidents in Saudi Arabia are almost certain in the longer term, whilst Houthis have previously demonstrated the capability and intent to attack targets across the wider Gulf region.

    Want more information on the risk landscape in Saudi Arabia?

    Enquire using the form below for more information on bespoke intelligence services from our in-house analysts.

    Enquire now

      Is Kaspersky antivirus a security concern? Best alternatives

      Russian owned companies have come under intense pressure from the west, and it is expected there will be more boycotts and sanctions to come, as the conflict continues.

      However, what is uncertain, is what effects the financial or technological sanctions could have on Kaspersky antivirus protection. At the time of writing we understand the software is still updating, however Solace Cyber is advising clients to anticipate the possibility of disruption in service.

      Concerns about Kaspersky antivirus aren’t new. The National Cyber Security Centre issued warnings against Kaspersky back in 2017 relating to the allegations from US government, that Kaspersky Labs had worked on secret projects with Russia’s Federal Security Service.

      NCSC wrote to all government departments warning against the use of Kaspersky’s antivirus software, claiming there could be risks of data being exploited by the Russian government, and therefore compromise national security.

      Although there are no proven links between the Russian FSS, Kaspersky have gone to great lengths to repair the damage with transparency campaigns in an effort to rebuild trust, following boycotts from the US and Dutch governments.

      Solace Cyber technicians have seen antivirus routinely disabled or uninstalled as part of attacks from groups like Conti Ransomware, therefore our advice to all customers is that signature-based antivirus protection is no longer sufficient to deter new advanced cyber attacks.

      While antivirus can prevent some types of ransomware, it lacks the intelligence that next generation machine-learning based solutions provides. We recommend replacing antivirus with Endpoint protection and response (EDR), that uses AI to understand abnormal behaviour, and critically, can stop a virus in its tracks from spreading and exfiltrating data within an organisation.

      If you are looking at changing your antivirus, Solace Cyber can step in quickly and replace your Kaspersky solution with next-generation Fortinet Endpoint Detection and Response (EDR).

      This is part of our 8 step cyber security journey, to optimise your resilience to cyber threats. Learn how it works

      New: Ukraine Situation Report Subscription

      Read the latest intelligence regarding the Ukraine Crisis

      In response to the high levels of enquiries for trusted intelligence, we will be launching a new weekly Ukraine SITREP subscription, to update you on the latest developments and military movements.

      Each report is written by Solace Global Intelligence Analysts and delivers a concise overview of the latest developments over the last 24 hours. Each report will give you a clear understanding on the present threats and a forecast on what could be expected next within the conflict areas.

      Example page from 28th February 2022 report

      Supporting those affected by the crisis

      Solace Global has a proven track record with emergency evacuations and operating within hostile or unstable environments. Our 24/7/365 security operations centre provides specialist crisis response and provides trusted, credible intelligence to give you a clear understanding on the present threats.

      Our situation reports form part of our ongoing Ukraine security support, to assist those affected by the crisis in Ukraine. At time of writing we can assist with in-country support and emergency evacuations. Learn more here.

      How to subscribe

      Complete the form below to enquire.

      Enquire now

        Cyber Alert – Organisations urged to act following Russia’s invasion of Ukraine

        National Cyber Security Centre (NCSC) urges UK organisations to bolster their online defences following Russia’s invasion of Ukraine

        The NCSC – which is a part of Government Communications Headquarters (GCHQ) – has urged organisations to action the following guidance.

        Steps to take when cyber threat level is heightened

        • Security patching – Check your systems and endpoints are all patched including third-party software such as browsers and office productivity suites
        • Verify access – Ask staff to ensure their passwords are unique to your business systems, multi-factor authentication (MFA) is enabled and administrative privileged access, or other rights, are carefully managed again using MFA.
        • Ensure defences are working – Antivirus or EDR software is installed on all active systems, and it is up to date and functioning correctly. For firewalls and other perimeter security devices specifically check there are no temporary rules that have been left in place beyond their expected lifetime and are configured to provide just enough access only.
        • Logging and monitoring – Understand what logging you have in place, where logs are stored, and how long logs are retained for. Monitor key logs at a minimum and monitor antivirus logs.
        • Review your backups – confirm that your backups are running correctly, perform test restorations so that the process is familiar. Check that there is an offline copy of your backup and that it is recent enough to be useful if an attack results in loss of data or system configuration. Ensure machine state and private keys are also accessible.
        • Incident plan – Check you incident response plan is up to date, confirm that escalation routes and contact details are up to date. Ensure that the incident plan contains clarity on who has the authority to make key decisions especially out of normal office hours. Ensure your incident response plan and communication mechanisms will be available.
        • Check your internet footprint – check that records of your external internet-facing footprint are correct and up to date including IP and DNS information is held securely. Perform an external vulnerability scan of your whole internet footprint and check that any systems that require patching have been actioned.
        • Phishing response –  Ensure that staff know how to report phishing emails and a process is in place to deal with are reported incidents
        • Third party access – If third party organisations have access to your IT networks or estate make sure you have a comprehensive understanding of what level of privilege is extended into your systems and to whom. Remove any access that is no longer required.
        • Brief your wider organisations – ensure other teams understand the heightened threat.

        If your organisation has deprioritised these areas of the basic Cyber Assessment Framework, you are advised to revisit those decisions immediately when the threat is heightened.

        Solace Cyber have had many years of experience protecting clients throughout Cyber Risk escalation periods. The NSCC does not make these recommendations lightly and we have seen previous advisories come to fruition with Covid and ransomware.

        Solace Cyber Advice

        1. It is recommended to follow NCSC guidance, if you are unsure of your current security posture, Solace Cyber can perform an independent assessment for you.
        2. We can give your organisation a mature incident response plan, that can be live within 24 hours.
        3. There is a specialised emergency threat prevention package that can be taken on a 6 month contract during this period of heightened risk and uncertainty.

        Emergency Threat Prevention Package

        cyber secure

        Speak to us for further guidance to increase your cyber defences

        Book a call

          Alert Plus – Russian Invasion of Ukraine – February 2022

          Situation Summary: Russian Invasion of Ukraine

          February 2022

          During the early hours of 24 February 2022, President Putin announced that a military operation was underway in the Donbas, urging Ukrainian Armed Forces in the East of the country to surrender and depart the area.   ​

          Explosions have been reported in multiple cities across Eastern Ukraine, in addition to the capital city of Kyiv and Odessa in the south of the country. Ukrainian President Zelensky confirmed that Ukrainian infrastructure and border regions had been targeted by missile strikes, with at least 50 casualties officially confirmed. Information regarding the extent of damage to infrastructure is currently available. ​

          Russia’s Ministry of Defence has claimed that only military infrastructure is being targeted by precision strikes, with Ukrainian air defence installations and Air Force bases the current focus of Russian missile activity. Ukraine’s Interior Ministry has also reportedly stated that Ukraine’s Command and Control Headquarters in Kyiv were targeted in strikes. 

          Russian Armed Forces have also reportedly crossed from Belarus into the north of Ukraine, less than 200km from Kyiv depending on where the crossing occurred. Belarusian President Lukashenko has claimed to have prior knowledge of Russian invasion plans and that there is no threat to Belarus at this time. ​

          Civilians in Kyiv are evacuating the city en masse, with a number of people seeking refuge in metro stations whilst many have boarded vehicles in an attempt to leave the city via road. Large traffic jams have also formed outside a number of other key population centres. ​

          In a statement of defiance, President Zelensky claims that Ukrainian Armed Forces are actively resisting the Russian military advance. With a state of emergency already declared, President Zelensky announced the imposition of Martial Law on the morning of 24 February.

          Solace Global Comment

          Russia almost certainly intends to rout the Ukrainian Armed Forces and aims to establish aerial superiority as rapidly as possible in order to set the conditions for a successful ground invasion. The extent of any further Russian advance will likely depend on multiple factors, not least whether Ukraine’s Government remains in place and functional, and whether Ukrainian Armed Forces can mount a concerted defence in the face of overwhelming Russian force superiority. ​

          Despite President Putin’s announcement that military operations have commenced in the Donbas, reports that Russian Armed Forces have crossed the border from Belarus, deployed into Kharkiv and are amassing in Crimea, represent a significant escalation in the conflict if they are accurate. ​

          It remains highly likely that Russia intends to conduct further offensive operations in Eastern Ukraine, beyond the territorial extent of the Donetsk and Luhansk Oblasts, utilising multiple axes of advance from the North, East and South of Ukraine. It is currently undetermined if Russian ground forces intend to advance on Kyiv, but this remains a realistic possibility in the short term.

          Any such operations would almost certainly involve the deployment of additional Russian Armed Forces currently positioned around the Ukrainian border regions, as has already begun in Kharkiv and Belarus, and will likely manifest as a phased approach via key population centres along major supply routes. ​

          Vital ground such as airfields would be secured, Ukrainian military command centres destroyed, and extensive missile strikes remain highly likely in the coming days. Missile strikes and aerial bombardment, although ostensibly targeting military infrastructure, are likely to cause considerable collateral damage to civilian infrastructure. ​

          The situation in Ukraine has deteriorated rapidly and will almost certainly continue to do so in the short term. There remains considerable potential for the conflict to escalate considerably and with minimal warning, which will significantly impact any attempt to evacuate in what is an already chaotic environment.

          Solace Global Advice

          • Travellers are currently advised against all travel to Eastern Ukraine. Any travellers in-country should immediately evacuate to a safe country by the most secure available route. ​
          • Businesses and commercial operations east of the Dnieper River are advised to immediately cease all activity, particularly in the immediate vicinity of the Donbas region, and move their operations to more secure regions either outside of the country or to the West of Ukraine. ​
          • Businesses and commercial operations in Kyiv should also seek to evacuate the country at the earliest available opportunity. Where this is not possible, businesses must ensure robust safeguards and evacuation plans are documented and followed when required. ​
          • Aerial bombardment and missile strikes will occur with very little warning. Travellers in country should seek secure shelter immediately upon hearing explosions or warning sirens and remain there until instructed otherwise by the authorities or security personnel.​
          • Travellers should carefully consider their exit routes from the country. Commercial aviation is unviable in the short term and as such, alternative evacuation routes must be considered. Roads are likely to be gridlocked, particularly around large urban areas. Special evacuation services are being offered by rail services out of the Donbas.
          • Ensure personal identification documents are always carried, in case you need to transit through a checkpoint or are requested to present it by officials.​
          • Update your escalation and evacuation plans for Ukraine, focusing on what protocols staff members should follow in the event there is further significant deterioration in the security environment.  ​
          • Anticipate a heightened military presence throughout the country with additional security being reported near all major political and media buildings. Exercise vigilance and follow all official directives.​
          • Travellers should follow local media and use the Solace Secure app to stay up to date with security-related events. Travellers requiring assistance in evacuating the country should do so at the earliest opportunity. 

          As of 24 February 2022, Solace Global can offer full in-country support. 

          As the situation is evolving rapidly, please get in touch on 01202 308810 for further information on what support is available, or complete the enquiry form below.

          Book a call

            5 questions you should be asking your IT team about Phishing

            5 questions you should be asking your IT team about Phishing

            Fraudulent Microsoft365 emails and employees clicking on phishing emails could be a significant GDPR risk. The consequences of a security breach are greater than ever, with increasing costs to recover businesses each year. Checking with your IT team the following measures are in place can help decrease your likelihood of a data breach.

            1. Do you audit Office365 regularly for security compromises?

            Checking for security compromises regularly is important. We recommend a quarterly audit at a minimum, or monthly audits as best practice. This helps your business identify any breaches which could be lying dormant in your system.

            2. Do you enforce additional security features such as Multi-Factor Authentication?

            There are a multitude of security features which can be added, including conditional access and attack surface reduction. Ensure this is enforced across the estate to add an extra layer of security.

            3. Do you know what personal data is within your Office365 tenant?

            This is important to understand what information could be exposed if an attacker gains access via a phishing email. Information such as passwords, bank details, date of birth or medical data could be used by cyber criminals to clone an identity.

            4. Do you regularly check the security setup of your Office365 tenant?

            We recommend checking the security set up at least four times per year, or monthly checks as best practice.

            5. Do you train your employees on the risks of phishing emails? 

            The biggest cause of successful phishing attacks is due to human error. Training staff regularly and performing phishing simulations can decrease your chances of a breach. 

            70% of organisations we tested in 2021 showed evidence of an active or historical breach.

            Book a free cyber security health check

            Don’t leave it to chance, book a Microsoft 365 forensic health check to protect your data.

            Book a free health check

              Alert Plus – Ukraine: Russian Armed Forces to Deploy to Donbas

              SITUATION SUMMARY: Ukraine: Russian Armed Forces to Deploy to Donbas

              In a televised announcement on 21 February 2022, President Putin declared that Russia would officially recognize the rebel-held areas of Donetsk and Luhansk as independent states. Following requests for military assistance from the leaders of the Luhansk and Donetsk People’s Republics, President Putin has reportedly committed to deploying Russian Armed Forces to the rebel held regions, to conduct unspecified peacekeeping operations. UK Defence Secretary Ben Wallace confirmed that military
              equipment is already beginning to deploy into the region, although tactical force dispositions are not currently known. Although this scenario had been somewhat anticipated, given the rapid deterioration of the security situation over the preceding 48 hours and several Russian claims of false-flag operations, the announcement has been met with ubiquitous condemnation by Western leaders. Extensive, pre-planned and synchronised sanction regimes were announced by Western nations following the release of the Russian statement, details of which will be made public in the immediate term but will almost certainly target key political figures and strategic Russian financial interests. The German Government has already suspended the approval process for the Nordstream2 gas pipeline until further notice. Whether Russia is intending to use sanctions they deem overly excessive or disproportionate as a tripwire for justifying additional incursions beyond the Donbas remains to be seen. Oil prices also surged in the immediate aftermath of the announcements of sanctions, as futures of Brent crude, the international benchmark, reached a seven-year high of almost $98 (£72) amid concerns over supply chain disruption and the impact of sanctions on Russian exports. Discussions are ongoing in the West as to the severity of sanctions. Poland and the Baltic states are arguing for harsh sanctions to be applied immediately, stating that Putin will “taunt” the West with “one thousand cuts”. France and Germany are urging restraint in the short term, to ensure additional leverage can be applied in the event of further escalation by Russia.

              SOLACE GLOBAL COMMENT

              The extent to which Russia will recognise the entirety of the territory in the Donbas is unclear. At present, rebel-held areas do not comprise the entirety of the Luhansk and Donetsk oblasts of Ukraine. Therefore, any decision by Russia to unilaterally declare the whole regions as independent states will highly likely lead to Russian Armed Forces deploying west of the currently recognised Line of Contact. This will almost certainly increase the likelihood of clashes between conventional forces of the Russian and Ukrainian militaries and risk a rapid, significant deterioration of the security situation and critical escalation of the conflict. The force composition of troops deployed to the Donbas will almost certainly provide an indication as to the operational intent of the Russian Armed Forces in Ukraine: a moderate forward deployment
              of Russian National Guard personnel or motorised rifle units will most likely indicate that Russia intends to hold ground and consolidate east of the Line of Contact, whilst a large-scale deployment of armoured, airborne and/or artillery formations should be considered a crucial indicator for possible onward incursion into Ukraine. Any Ukrainian Armed Forces operations in the vicinity of the Line of Contact (including reconnaissance, air defense and counter-battery strikes) will almost certainly be perceived as offensive in nature by any deployed Russian Armed Forces, and as such there remains considerable potential for the conflict to escalate rapidly and with minimal warning. It remains realistically possible that Russia intends to conduct further offensive operations in Eastern Ukraine, with seizing and holding localities populated by ethnic Russians or Russian-speakers likely to be key operational objectives. As a result, Solace Global advises that business operations in Kharkiv, Berdyansk and other cities in the vicinity of the Donbas Region should consider evacuating to safer areas in the west of Ukraine.

              SOLACE GLOBAL ADVICE

              • Travellers are currently advised against all travel to Eastern Ukraine.
              • Businesses and commercial operations are advised to immediately cease all activity in the immediate vicinity of the Donbas region and move their operations to more secure regions either outside of the country or to the west of Ukraine.
              • Where this is not possible, businesses must ensure robust safeguards and evacuation plans are documented and followed when required.
              • Travellers should consider their exit routes from the country. Commercial aviation is likely to become unviable in the short term and as such, alternative evacuation routes must be considered. Already some airlines have temporarily suspended flights to Ukraine, including Lufthansa and KLM.
              • Carry personal identification documents at all times in case you need to transit through a checkpoint or are requested to present it by officials.
              • Update your escalation and evacuation plans for Ukraine, focusing on what protocols staff members should follow in the event there is further significant deterioration in the security environment.
              • Anticipate a heightened military presence throughout the country with additional security being reported near all major political and media buildings. Exercise vigilance and follow all official directives.
              • Travellers should follow local media and use the Solace Secure app to stay up to date with security-related events

              Need support with your Ukraine operations?

              Complete the enquiry form to speak to our travel risk management team. 

              Contact our team now

                Alert Plus – Burkina Faso: Military Seize Power in Coup

                SITUATION SUMMARY: Burkina Faso: Military Seize Power in Coup

                January 2022

                In a statement on national television on 24 January, the Burkina Faso Armed Forces announced that they had dissolved the country’s government, suspended the constitution, and closed national borders Alongside this, a nationwide curfew is currently in force from 21 00 to 05 00.

                The coup followed a series of revolts at army bases across the country. Troops called for the dismissal of the army chiefs of staff, as well as better funding and equipment to combat Islamic extremist groups. It also comes one week after 11 soldiers were arrested by the government for being involved in a coup plot.

                Beginning on 22 January, protesters gathered in the Burkina Faso capital Ouagadougou in support of the armed forces and called for President Kaboré’s resignation. On 23 January gunfire was heard in the capital, this gunfire is believed to have been related to an assassination attempt on the President It was also reported that the nation’s internet was seeing “significant disruptions”. These disruptions persisted until late on 24 January.

                The morning of 24 January, saw an announcement that mutinying soldiers had “ the President. Later in the day, military convoys were seen outside the Presidential Palace and the offices of the country’s state broadcaster. It was not until later in the evening on 24 January local time however that the coup was officially confirmed through a statement on national television.

                The military group behind the coup, the Patriotic Movement for Safeguard and Restoration (MPSR) are a previously unheard of grouping. The group which “includes all sections of the army” stated they had decided to “end President Kaboré’s post today”.

                As news of the coup filtered out, The African Union (AU) and the Economic Community of West African States (ECOWAS) condemned events Additionally the United States and the European Union have called on the military to release President Kaboré.

                SOLACE GLOBAL COMMENT

                Elected to power in 2015 President Roch Marc Christian Kaboré was the first non transitional leader to assume office in 49 years without ties to the Burkina Faso Armed Forces. His presidency has been marred by an ongoing jihadist insurgency that originated in Mali, and has engulfed
                much of the Sahel in recent years.

                The often poorly trained and equipped militaries in the region, including the Burkinabe military, are unable to retaliate effectively against the insurgent groups. These include the Islamic State in the Greater Sahara (ISGS) and Al Qaeda in the Islamic Maghreb (AQIB). These groups have
                been able to exploit the region’s weak states and porous borders. As such they regularly cross the Burkinabe borders with Mali and Niger with ease.

                The most significant attack in recent months occurred in November 2021 near a gold mine in Inata. This attack left 49 gendarmes and four civilians dead. There was public outcry when it was revealed that troops lacked ammunition, equipment, and had gone for several weeks without receiving food rations.

                Despite changes over recent years to the Burkinabe security forces, they have remained unable to cope with the spreading insurgency. Protests have frequently taken place, criticizing Kaboré for his response to the insurgency. These have often resulted in violent crackdowns. The most
                recent protest was due to occur on 20 January, however it was banned.

                To try and contain the regional insurgency, France had deployed some 5,100 across the Sahel to combat Islamist groups. This was known as Operation Barkhane. However, President Macron announced in June 2021 that a withdrawal of French troops from the region would begin. This is currently scheduled to be complete by the first quarter of 2022.

                The withdrawal of French troops is likely to serve to compound the security problems of the Sahel region and of Burkina Faso. These security problems, and the uncertainty generated by the French withdrawal, are believed to be behind the regions high number of coups in recent months, four, in seventeen months. Two in Mali, one in Guinea, one in Chad, and now, Burkina Faso.

                SOLACE GLOBAL ADVICE

                • Travellers are advised against all non essential travel to Burkina Faso due to the volatile security environment across the country. Any critical travel should only be conducted with enhanced risk mitigation measures, including armoured vehicles able to traverse difficult terrain and a certified armed escort from an accredited provider. It is also of crucial importance that these be arranged prior to arrival in country.
                • The security situation in Burkina Faso is unlikely to improve in the short term. Terrorist groups are highly likely to continue to attempt attacks in the country, including in Ouagadougou.
                • Security forces are also likely to continue to be targets of opportunity for such attacks. There is also a heightened risk at places of worship, shopping areas, hotels, and entertainment venues.
                • Travellers should avoid all large public gatherings and demonstrations as not only are they a target of opportunity, protest activity is known to escalate quickly and without warning. Security forces have previously used violent dispersal methods against them.
                • Travellers to the country, particularly nationals of Western countries, should be aware that they present a prime target for kidnapping, and on certain occasions, hostages have been killed by their captors without a ransom being demanded. A number of hostages continue to be held by terrorist groups throughout Burkina Faso.
                • Certain countries, such as the United Kingdom, have a policy not to make substantial ransoms to hostage takers and it is illegal for private citizens to pay such ransoms. It is believed that these could financially strengthen such groups and encourage further hostage taking in the future.

                Solace Global remains available to provide the full range of Travel Risk Management services to clients. Solace Global is also able to provide comprehensive crisis management, response, and evacuation services.

                For further details please contact +44 (0) 1202 308 810 or email us.

                Alert Plus – Tonga Eruption – January 2022

                SITUATION SUMMARY

                Tonga’s Hunga Tonga Hunga Ha’apai underwater volcano, located roughly 65 kilometres north of the capital Nuku’aolofa erupted violently at 04 10 GMT on 15 January. Satellite imagery of the eruption indicated a 5 kilometre wide plume of ash and gas rising 20 kilometres into the air The eruption also triggered tsunami warnings and advisories across the South Pacific and North Pacific regions, including as far as Alaska in North America, central Chile in South America and eastern Japan in Asia. Indeed, the powerful eruption generated tsunami waves approximately one metre in height, inundating entire towns in Tonga and American Samoa, including the capitals of Nuku’alofa and Pago Pago. Large waves and tidal surges also impacted other South Pacific islands, such as Fiji and Vanuatu, as well as coastal areas in Japan, the United States, Chile and Peru, amongst other locations. The extent of the damage caused remains unclear with governments across the region currently working to determine the impacts of the tsunamis, as well as what urgent assistance is needed.

                The eruption is understood to have also damaged submarine cables that connect the South Pacific islands, resulting in widespread power outages and communications blackouts, including disruptions to phone lines and internet services. These communications challenges are making the full extent of the damage difficult to calculate Videos posted on social media and initial local reports suggest Tonga has sustained significant damage, especially on the outer lying islands. Satellite imagery appeared to show Tonga’s uninhabited Nuku and Tau islands completely eroded. At the time of writing, Australian surveillance aircraft are deployed to the area in an effort to provide images allowing regional governments to gauge what support is needed.

                Additionally, the eruption is understood to have blanketed Tonga in volcanic ash, raising concerns of contaminated food and water supplies, as well as poor air quality. The presence of volcanic ash has also been reported on some Fijian islands and in Samoa, hindering initial efforts to conduct aerial surveillance of the worst affected areas and deliver aid.

                SOLACE GLOBAL COMMENT

                The Hunga Tonga Hunga Ha’apai underwater volcano is located approximately 65 kilometres north of the Tongan capital of Nuku’alofa. This volcanic island is part of the Tonga Kermadec Islands volcanic arc; a formation of up to 30 underwater volcanoes that stretch across the South Pacific seafloor from Tonga to New Zealand. Previous eruptions between December 2014 and January 2015 triggered widespread air travel disruption in the region.

                Strong volcanic activity resumed at the Hunga Tonga Hunga Ha’apai underwater volcano in December 2021. Intermittent eruptions of white, gaseous clouds were documented, eventually culminating in a major eruption on 14 January 2022. This eruption has been described as one of the world’s largest in the last decade.

                The ongoing communications challenges are making the full extent of the damage and the number of casualties difficult to determine. However, initial impact assessments provided by surveillance flights suggest that the tsunami has resulted in significant damage to buildings and infrastructure in Tonga.

                Fortunately, there have been no early indications of mass casualties. However, the emerging reports of contaminated water and food supplies mean that there is a strong requirement for urgent external aid to the affected communities in the immediate term, including emergency shelter, drinking water, food and medical supplies. Australia and New Zealand are already reported to be coordinating with the United States and France, as well as other countries, on the humanitarian response.

                Tonga itself is listed as one of the world’s most vulnerable countries on the World Disaster Risk Index. In 2021 the nation ranked third out of 181 countries due to its significant exposure to natural hazards, high susceptibility and lack of coping capacities.

                Island nations in the South Pacific are exposed to a multitude of natural hazards, including regular seismic and volcanic activity capable of triggering tsunamis with little to no warning. Cyclonic weather systems are also frequent, which combined with the effects of climate change, increase the vulnerability of communities across the South Pacific.

                SOLACE GLOBAL ADVICE

                • Further volcanic activity cannot be ruled out in the near term. Monitor for further warnings or advisories and adhere to any safety directives.
                • Monitor local media outlets and official disaster response channels for the latest updates.
                • If in a tsunami warning area, move inland or uphill as quickly as possible.
                • In the event of ashfall, wear respiratory masks as well as suitable clothing to protect the skin.
                • Anticipate rough/dangerous sea conditions in the coming days. Avoid coastal areas as a safety precaution until it has been confirmed safe to return.
                • Only drink bottled or boiled water unless mains water supplies have been confirmed safe to drink.
                • Do not enter damaged structures unless they have been deemed safe by a safety official.
                • Avoid floodwaters as a safety precaution due to hazards such as underwater debris and contamination with wastewater or other harmful chemicals.
                • Have an emergency ‘grab bag’ prepared with the essential supplies ( batteries/power pack, water, non perishable food, warm clothes/waterproofs, phone, ID documents etc should the need to evacuate arise at short notice.
                • Anticipate major disruptions to air, sea and overland travel in the coming days.
                • Anticipate prolonged power outages and communications blackouts Limit the use of battery powered items where possible.

                Solace Global remains available to provide the full range of Travel Risk Management services to clients. Solace Global is also able to provide comprehensive crisis management, response, and evacuation services.

                For further details please contact +44 (0) 1202 308 810 or email us.

                Log4J Critical Cyber Security Vulnerability Recommendations

                Solace Cyber advises of a new and highly critical cyber security vulnerability, Log4J

                Solace Cyber have shared an advisory detailing what Log4J is and what action should be taken by organisations. Read More.

                Log4J is a zero-day exploit, which gives attackers access through a back door within the java library, allowing unauthenticated users to implement malicious code in your system, which could bring your digital ecosystem to a halt. The library is widely adopted and used in many commercial and open-source software products as a logging framework for Java – meaning it is likely your system will need patching against the vulnerability.

                This vulnerability is being widely exploited in the wild and has a critical security rating. We urge organisations to scan all external internet-facing systems as a priority to identify which systems require immediate action.

                Our specialist cyber security team can assist with the remediation of vulnerabilities and help protect your digital systems over the coming weeks.

                Request a call back by completing the form below.

                Book a call

                  Alert Plus – Kampala Bombings: Islamic State Claims Responsibility

                  SITUATION SUMMARY: Kampala Bombings: Islamic State Claims Responsibility

                  November 2021

                  At least six people were killed, and 36 others suffered injuries in a twin suicide bomb attack in central Kampala on 16 November.

                  According to an official Ugandan Police Force statement published on 16 November, the first attack occurred at a security checkpoint near to the Central Police Station at around 10:03 local time. The second attack took place roughly three minutes later outside the Raja Chambers building on Parliamentary Avenue, roughly 100 metres from Uganda’s parliament building.

                  CCTV footage of the initial attack reportedly showed a single suicide bomber detonating an Improvised Explosive Device (IED),  the second blast involved two perpetrators on motorcycles, allegedly disguised as boda boda riders (motorcycle taxis). Both the explosions resulted in casualties, as well as damage to nearby buildings and vehicles within the blast radius.

                  A fourth assailant was pursued by counter-terrorism police, who managed to detain the suspected suicide bomber and recover an unexploded IED in his possession, a second device was also recovered from his home in Nansana, west of central Kampala.

                  The explosions triggered a large-scale police and emergency service response, and prompted the evacuation of nearby buildings, including parliament, as a safety precaution.

                  The Ugandan police described the explosions as a coordinated attack by extremists and were quick to blame “Allied Democratic Forces (ADF) linked radicalised groups”.

                  The Islamic State (IS) subsequently claimed responsibility for the blasts via the group’s Amaq News Agency on an affiliated Telegram account.

                  In the wake of the attack, Ugandan President Yoweri Museveni urged the public to “maintain vigilance” and said that authorities were working with neighbouring countries “to deal with those operating from outside [Uganda].”

                  The leaders of the African Union (AU) and the Intergovernmental Authority on Development (IGAD) condemned the twin bombings.

                  SOLACE GLOBAL COMMENT

                  The twin bombings in Kampala were the latest attacks in a series of similar incidents in recent weeks, all of which have either been claimed by IS or blamed on ADF militants.

                  The recent spate of bombings in Uganda began on 8 October, when one police officer was killed in a blast at a police station in a suburb of Kampala. IS claimed responsibility for the attack, marking the first time the group had carried out an attack in Uganda.

                  Later on 23 October, one person was killed when an IED, left in a shopping bag, detonated in a restaurant on the outskirts of Kampala. Days later, several people were injured in a suicide bomb attack targeting a bus travelling from Kampala towards Western Uganda.

                  The Islamic State group claimed responsibility for the restaurant blast, with Ugandan police suggesting the bus bomber was on a list of wanted ADF members.

                  The ADF is an Islamist militant group that originated in Uganda and mostly operates out of neighbouring Democratic Republic of the Congo. The group swore allegiance to the so-called Islamic State (IS) in 2019 and has since been known as Islamic State Central African Province (ISCAP), or ISIS-DRC, among other names.

                  The ADF has long been opposed to the rule of longtime President Museveni, a key US security ally that has committed troops to combat Al-Shabaab in Somalia, among other regional counter terrorism efforts.

                  Tuesday’s attack in Kampala represents an increasingly sophisticated threat and was likely an attempt by ADF/ISCAP to demonstrate its strength and capability to carry out coordinated, mass casualty  attacks in the Ugandan capital.

                  Given the group’s Ugandan roots and local grievances, as well as the backing and training of the transnational IS group, further attacks in Kampala and other areas are highly likely in the near-term.

                  SOLACE GLOBAL ADVICE

                  • Review the local security situation and  your  current security measures.
                  • Have a robust contingency plan in place, including for moving to hibernation points ,emergency evacuations  and communications should the security situation deteriorate.
                  • Exercise increased situational awareness and vigilance; report any suspicious activity to the Ugandan security forces.
                  • Avoid large public gatherings, government buildings, security checkpoints, and busy urban areas where possible.
                  • Be alert to the possibility of follow-up/secondary attacks following explosions.
                  • Adhere to the advice or instructions provided by authorities.
                  • Maintain a robust communications schedule and ensure that a trusted person is aware of your current location
                  • Anticipate localised disruptions to travel in areas affected by large-scale attacks.
                  • If caught in an attack, individuals are advised to follow the advice of RUN, HIDE, TELL.

                  Solace Global remains available to provide the full range of Travel Risk Management services to clients. Solace Global is also able to provide comprehensive crisis management, response, and evacuation services.

                  For further details please contact +44 (0) 1202 308 810 or email us.

                  Alert Plus – UK Terrorism Threat Raised to Severe

                  SITUATION SUMMARY: UK Terrorism Threat Raised to Severe

                  November 2021

                  On 15 November, the UK’s Joint Terrorism Analysis Centre (JTAC) raised the nationwide terrorism threat level from ‘substantial’ to ‘severe’. A terrorist attack is now regarded as highly likely under the UK’s index of threat levels, of which the severe categorisation is the second-highest level of warning.​

                  Home Secretary Priti Patel confirmed that the JTAC’s decision to raise the UK’s terrorism threat level had been undertaken in response to two terrorist incidents that had taken place within a span of 31 days between 15 October and 15 November. ​

                  The most recent of these two incidents occurred on 14 November after 32-year old Emad al-Swealmen detonated an Improvised Explosive Device (IED) in a taxi outside the Liverpool Women’s Hospital in Liverpool, Merseyside. The subsequent explosion resulted in the death of Emad al-Swealmen and injured a taxi driver who had managed to successfully flee the vehicle just following the detonation.

                  Investigations following the incident have led to the arrests of four individuals in Liverpool’s Kensington area under the Terrorism Act 2000. Head of Counter Terrorism Policing North West, Russ Jackson, confirmed that all four individuals were suspected to have been associates of Emad al-Swealmen.​

                  On 15 October, Conservative MP Sir David Amess was stabbed and killed by 25-year old Ali Harbi Ali at a constituency surgery in Leigh-on-Sea, Essex. Police established a connection to radical Islamic extremism as a potential motivation for Ali Harbi Ali’s attack, although no definitive judgement has yet been reached by the UK justice system at the time of writing.​

                  The advice issued by UK authorities in the wake of these incidents has focused on vigilance. Prime Minister Boris Johnson urging all members of the public to maintain a high level of situational awareness as a result of the increase in the UK terror threat level.​

                  SOLACE GLOBAL COMMENT

                  Prior to the JTAC’s recent announcement, the last time a ‘severe’ terror threat level was implemented in the UK was between 3 November 2020 and 4 February 2021. The usage of the ‘severe’ category indicates that there is no existing government intelligence of any immediate risk to life, but that further attacks remain highly likely due to the frequency of attacks in recent weeks.​

                  Terrorism in the UK has historically been undertaken by a variety of actors, including far-right extremists, dissident Irish nationalist groups and radical Islamists, among others. Of these, the most prominent driver of the current ‘severe’ terror threat level is the likelihood of further attacks related to Islamist extremism.​

                  The usage of bladed weapons, homemade IEDs and vehicular-ramming attacks represent a set of common themes across UK terror attacks in the past five years.  The October 2021 attack on Sir David Amess, the November 2021 Liverpool bombing and the August 2018 Westminster attack illustrate these respective threats.

                  Lone-wolf attacks especially have become more frequent, though it is not uncommon for terrorist attacks in the UK to later be claimed by a terrorist group, or for an attacker to pledge allegiance to an extremist cause in some way prior to an incident. ​

                  Public venues and high profile political figures such as MPs have regularly been targeted by both successful and would-be assailants. Train stations, music concerts, main city roads and the UK Houses of Parliament are all examples of locations deliberately targeted by terrorists in recent years.​

                  Though it is impossible for the authorities to prevent every attack of this nature, the British Security Services, MI5, stated that 31 late stage terror plots had been prevented in the past four years. Additionally, as highlighted by the Liverpool attack, police in Britain and other emergency services are able to respond rapidly to attacks and limit their potential to evolve into major mass casualty events.​

                  ​SOLACE GLOBAL ADVICE

                  • Attacks are not uncommon in the UK, as such, similar incidents are possible in the future, individuals should maintain a  degree of situational awareness when in public.​
                  • Copycat attacks are also common following an incident of this nature, as such, remain aware of surroundings when travelling in the country, especially in vicinity of potential targets such as government buildings.​
                  • If caught in an attack, individuals are advised to follow the UK counter-terrorism policing advice of RUN, HIDE, TELL. ​
                  • Always adhere to any instructions issued by authorities, including shelter-in-place orders.​
                  • Report any suspicious behaviour or activity to the authorities.​
                  • Expect additional security personnel outside hospitals and an increased police presence throughout the United Kingdom in the coming days and weeks.​
                  • Going forward, monitor media outlets for further developments.​
                  • Follow up police operations are possible in Liverpool and the wider country; these may include short notice road closures.​
                  • Vacate any areas where police, or other security forces operations are underway.​
                  • Always adhere to any instructions issued by authorities, including orders to vacate locations and shelter-in-place notices.​
                  • Keep trusted person(s) updated on you location and situation, particularly follow an attack.​
                  • Also look to employ caution around mosques and other buildings linked to Islam, such as Arabic schools, due to the risk of reprisal attacks by other extremist groups.​
                  • Despite this, normal travel can resume as long as travellers adhere to all COVID-19 restrictions.

                  Solace Global remains available to provide the full range of Travel Risk Management services to clients. Solace Global is also able to provide comprehensive crisis management, response, and evacuation services.

                  For further details please contact +44 (0) 1202 308 810 or email us.

                  Solace Cyber secures a leading UK university

                  Universities can be an easy target for cyber crime

                  Universities can be an easy target for cyber criminals, due to the vast number of end points from students and staff, coupled with the high level of cyber threats faced on a daily basis. A leading UK university with nearly 10,000 students and over 100 members of staff came to Solace Cyber with a challenge: How do you improve cyber security measures with a limited budget?

                  Developing a successful cyber security strategy

                  It can be overwhelming for an organisation when starting from scratch to know where to place their budget for cyber security. Through tried and tested strategies, Solace Cyber were able to create a tailored strategy which advanced the universities cyber security by providing full visibility over their students and their activities – making what was once their biggest concern, now part of their cyber security stronghold.

                  A full cyber security risk assessment  highlighted any areas which could be deemed a cyber risk and created a schedule of priorities which needed attention first. From here the anti-virus was replaced with an intelligent Endpoint Detection & Response (EDR) platform as well as Security Information and Event Management which provided 24/7/365 visibility to continually monitor events and evolve with the cyber threats that attempted to compromise their cyber security.

                  Once full visibility of the cyber risks with the university had been obtained, a phishing risk reduction strategy was implemented to harden the security of the mail flows and email systems to reduce the number of phishing emails. Simulated phishing emails were also sent to staff and students to test who, if anyone, clicked on a malicious link, when, how many times and from which device. Full training was given to those which did not pass the simulation.

                  Back-ups which previously on the premises were moved into the cloud, which means if a cyber threat should infiltrate the university, there is a greater chance of a fast and full recovery of any data breaches.

                  University cyber security can be overlooked

                  University’s are in a position where reputation is important and should a data security breach ever occur, it can take a significant length of time to rebuild the trust of students. Despite this, cyber security for universities is often be overlooked or can be a lower priority for investment.

                  By outsourcing cyber security to a managed security service provider, we provide enterprise-grade cyber security at a fraction of the cost of hiring a CISO and create a culture for cyber attentiveness. The next steps for the university to increase their cyber security further is to implement a Security Orchestration Automation Response (SOAR) solution into their business to make their cyber security budget to become even more efficient over time.

                  Build your cyber security defences with our team of senior cyber security analysts.

                  Book a call today 

                    Solace Global – Sudan: PM and Ministers Detained in Military coup​

                    SITUATION SUMMARY: Sudan: PM and Ministers Detained in Military coup​

                    Unidentified military and paramilitary groups launched a coup in Khartoum, Sudan early on Monday, 25 October. The Prime Minister Abdalla Hamdok, civilian members of the Transitional Sovereign Council and other government ministers have all been detained. A nationwide state of emergency has been declared and the sovereign council has been dissolved. Soldiers have also been deployed across Khartoum and are restricting the movement of civilians, as well as blocking the main roads and bridges leading to the capital.​

                    According to Sudan’s Ministry of Culture and Media, military forces besieged the home of Hamdok, placing him under house arrest. However, after he refused to endorse the coup, he was moved to another location, with his whereabouts currently unknown.​

                    Other civilian officials taken into custody include, the ministers for industry and information, the governor of Khartoum State, the prime minister’s media adviser and the spokesman for the Transitional Sovereign Council.

                    Telecommunications and internet access has been restricted across the country, with global internet monitor NetBlocks reporting a 24 percent drop in connectivity early hours of Monday morning. Elsewhere in Omdurman, soldiers stormed the headquarters of Sudan’s state broadcaster and detained a number of employees. Flights have also been suspended at Khartoum International Airport.​

                    Large-scale, anti-coup protests have erupted across the capital and in other locations nationwide, resulting in clashes with military personnel. Local reports suggest soldiers have deployed tear gas and fired live ammunition in Khartoum to disperse the protests, resulting in at least two fatalities and dozens of casualties.​

                    The coup has been denounced by the international community, including the United Nations, the Arab League, the European Union and the United States. All have expressed concern over Sudan’s political transition to civilian rule. 

                    SOLACE GLOBAL COMMENT

                    Governance in Sudan had been shared between military and civilian groups since the overthrow of long-term President Omar al-Bashir in 2019. The former president was ousted by the military following months of sustained unrest. Civilians and military leaders are now supposed to be running the country together on a joint committee known as the Sovereign Council.​

                    However, there has long been public tension between the military and civilian sides of the council. Just last month several officers were arrested for attempting a coup. The government, at the time, attributed the putsch attempt to Bashir loyalists who were members of the armoured corps.​

                    Following the coup attempt, Sections of the Sudanese public rallied in support for the military. Many at these protest called for the military to overthrow the transitional government, who many accuse of being responsible for the country’s poor economic performance. Indeed, the prime minister’s moves to cut fuel subsidies were exceptionally unpopular.

                    Despite the number of pro-military rallies, it is unclear how widely supported the military are. Members of the ousted government have called on people to “peacefully” protest against the coup. Thus far, demonstrations have taken place throughout Monday night, with photos showing mass rallies and burning road blockades. Clashes and at least seven fatalities have also been reported. ​

                    Going forward the situation remains tense. The country is reliant on international support and financial aid. Both may be withdrawn as a result of the coup. This will mean that the military will need to work quickly to convince international onlookers, and the Sudanese people, that they are supportive of the democratic process. Should this support be withdrawn, the military are unlikely to be able to sustain the post-pandemic economic recovery.​

                    Further protests are also expected with the military likely to respond in a violent fashion. As a result, the situation on the ground will be changeable in the coming days, presenting a severe risk to those in country.

                    SOLACE GLOBAL ADVICE

                    • Avoid all non-essential travel to Sudan. The situation is continuing to evolve, and it remains possible that there will be a further deterioration in the security environment in the coming days.​
                    • Those currently in Sudan should closely monitor developments to the situation via trusted sources, media outlets and Solace Secure Alerts. ​
                    • Additionally, remain vigilant and limit all non-essential movements in country.​
                    • Strictly adhere to any directives issued by authorities (including curfews and possible movements restrictions).​
                    • Avoid all large gatherings and protests as a safety precaution. There is a heightened risk of violent unrest that poses significant incidental risks to bystanders.​
                    • Avoid large concentrations of military or security personnel as this may be a sign of an imminent security operation.
                    • Airport operations have already been suspended, clients are advised to anticipate and prepare for prolonged disruption.​
                    • If caught in the vicinity of unrest/protests, leave the area immediately and seek secure shelter. ​
                    • Anticipate disruptions to regular state functions and essential services in the near term.​
                    • Ensure contingency plans are prepared in case of a deterioration of the local security environment. Plans should include a shelter-in-place option, possible evacuation routes and in-country security assistance.​
                    • Ensure that all important documents are kept in a safe place, look to make photocopies of these documents and back them up online.​
                    • Have a grab bag with food, water, important documents and battery packs to recharge devices ready in case of evacuation.

                    Solace Global remains available to provide the full range of Travel Risk Management services to clients. Solace Global is also able to provide comprehensive crisis management, response, and evacuation services.

                    For further details please contact +44 (0) 1202 308 810 or email us.

                    Alert Plus – Fatal attack in Kongsberg, Norway

                    SITUATION SUMMARY: Alert Plus – Fatal attack in Kongsberg, Norway

                    On 13 October, an individual armed with a bow and arrows attacked and killed five people in the Norwegian town of Kongsberg. Officials have stated that he may have also had ‘other weapons’ but the nature of these has not been disclosed. Two other people were injured during the attack, including an off duty police officer.

                    Police confirmed that the attack began at a Co op Extra Supermarket in western Kongsberg and later spread to several other locations across the town. Kari Anne, the Mayor of Kongsberg, later clarified that the attack had occurred in the Vestiden area of the town.

                    Following the attack, a town wide shelter in place order was implemented amidst a major police operation, with multiple properties being evacuated. The police detained a male suspect at18 47 local time, approximately 34 minutes after the first reports of the attack emerged. In the hours after his arrest, a police spokesperson confirmed the suspect was known to the police and had been involved in “several different issues”.

                    At the time of writing the motive for the attack is unconfirmed however, Norwegian police have announced that the incident appears to be motivated by terrorism. They have previously stated that they had been in contact with the suspect in the past over fears of radicalisation after he was reported to have converted to Islam.

                    Norway’s terrorism threat level has not raised in the immediate aftermath of the attack Despite this, public services, hospitals and the Justice Ministry have been put on alert. Additionally, Norway’s police directorate has ordered all officers nationwide to carry firearms as an extra precaution.

                    All political parties in the country have reacted in solidarity to the incident Outgoing Prime Minister Erna Solberg of the Conservative  Party described the attack as “ a sentiment echoed by Prime Minister designate Jonas Støre of the Labour Party, who condemned the attack as a “cruel and brutal act”.

                    SOLACE GLOBAL COMMENT

                    With a death toll of five, the Kongsberg attack represents the deadliest mass casualty event in Norway since the July 2011 attack perpetrated by far right terrorist Anders Behring Breivik. The most recent fatal terrorist incident before last night’s incident was a far right attack on the Al Noor Islamic Center mosque in Bærum in August 2019.

                    At the time of writing, police have announced that the attack appears to be an act of terror Given the police had previously been in contact with the suspect over fears of radicalisation, the announcement of a terrorist motive is not a surprise

                    Any investigation into the Kongsberg attack is likely to focus on these fears of radicalisation It is also likely that questions will be raised regarding police intelligence prior to the attack Additionally, the perpetrator’s use of a bow and arrow as his weapon is unconventional and likely to attract attention from the Norwegian and international media.

                    In Norway, the main terrorist threat comes from far right actors, such as in the 2011 Breivik attack and the Bærum mosque shooting, and from Islamic extremism However, there has only been two successful attacks in the past decade before last night. Additionally, Norwegian police have been successful in foiling many past incidents, including a planned attack using poison in February 2021.

                    As a result of this rarity in attacks, and despite last night’s incident, the terrorism threat in Norway remains low However, the seemingly indiscriminate nature of the attack reinforces the need to maintain situational awareness, even when travelling or working in a low risk destination Past incidents have occurred in the country, and in the wider region, including the 2017 Stockholm truck attack and the 2015 Copenhagen shootings

                    Attacks of a terrorist nature can occur with little to no warning and being aware of one’s surroundings is often the best way to avoid danger.

                    SOLACE GLOBAL ADVICE

                    In Country Travellers/Staff

                    • Monitor local media outlets for any developments to the situation.
                    • Avoid the crime scene(s) due to the ongoing police investigation.
                    • Anticipate localised/residual disruptions in the coming hours as a result of ongoing investigation.
                    • Adhere to any instructions issued by authorities, including shelter in place orders.
                    • Notify a trusted person of your current location and situation, particularly if in the vicinity of the attack.

                    General Advice

                    • Maintain situational awareness at all times regardless of your locations risk level.
                    • Notify the police of any suspicious activity as soon as it is safe to do so.
                    • If in the vicinity of an attack, adopt the RUN, HIDE, TELL advice I e Run to a place of safety, hide in a place of safety, and tell the local police service.
                    • If in the vicinity of an active attack, leave the area immediately if safe to do so If unable to leave the area, seek secure shelter, preferably somewhere that provides cover from fire with a lockable door.

                    Solace Global remains available to provide the full range of Travel Risk Management services to clients. Solace Global is also able to provide comprehensive crisis management, response, and evacuation services.

                    For further details please contact +44 (0) 1202 308 810 or email us.