United Kingdom Threat Landscape
Total Page:16
File Type:pdf, Size:1020Kb
United Kingdom Threat Landscape 1 © 2018 Anomali, Inc. All rights reserved. General Inormation Government: Parliamentary constitutional monarchy; a Commonwealth realm Capital: London Chief of State: Prime Minister Theresa May Natural Resources: Coal, petroleum, natural gas, iron ore, lead, zinc, gold, tin, limestone, salt, clay, chalk, gypsum, potash, silica sand, slate, arable land Societal Grievances: Brexit, gay marriage, LGBT rights, forced deportation, racism, surveillance, gender workplace diversity, women’s rights, future of the NHS, US President Trump APT Groups: APT3, Lazarus, APT10, APT17, Comment Crew, Axiom, Night Dragon, APT15, FIN4, APT28 Hacktivist Groups: Anonymous, Null Hacking Crew, Lizard Squad, Syrian Electronic Army, TurkHackTeam, AnonGhost, Lulzsec Extremist Groups: New IRA1, ISIS, National Action (NS131/Scottish Dawn), Al-Qaeda Criminal Groups: Albanian Mafia, Tottenham Mandem, Rathkeale Rovers Malware Families: Ramnit, Dridex, Trickbot, Carbanak, Odinaff, WannaCry, Dyre International Threat Landscape Libya and again operations over Iraq and Syria.”8 The UK’s decision to leave the European Union has caused The United Kingdom (UK) is a permanent member of the concern amongst foreign policy analysts that believe the 2 United Nations Security Council , a founding member UK’s global diplomatic influence will decline because the 3 of the North Atlantic Treaty Organization (NATO) , the UK will no longer vote on decisions impacting the EU9. Council of Europe, the Organization for Security and Co-operation in Europe (OSCE), the Organisation for The UK has contributed to the war against ISIS in Iraq Economic Co-operation and Development (OECD), and and Syria and is home to a number of individuals who the World Trade Organisation (WTO), among others. sought to join ISIS. Because of this, and because of The Commonwealth of Nations, which brings together the UK’s historic links to the current disposition of the 53-member states, is a legacy of the former territories Middle East, the UK is a target for international terror of the British Empire4. The UK is also part of the “Five groups. The close relationship between the United States 10 Power Defence Arrangement.”5 Despite declining and the UK also increases this risk . Regional power economic and military power, the UK still retains politics between NATO aligned states and their rivals, “considerable economic, cultural, military, scientific such as Russia, have the potential to incite attacks. and political influence internationally.”6 The UK’s lighter, Although direct conflict is unlikely, proxy conflicts smaller forces and ability to deploy quickly are one of its and attacks through domains such as cyberspace strategic military strengths7. Recent military operations are increasingly likely. The UK’s sophistication and have included “Afghanistan and Iraq, peacekeeping innovation in a number of critical sectors also serve as operations in the Balkans and Cyprus, intervention in targets for intellectual property theft. Political influence, international engagement (military and diplomatic), 1 http://www.independent.co.uk/news/uk/home-news/what-is-the-new-ira-why-has-the-terror-threat-been-raised-from-northern-ireland-to-the- uk-a7024276.html 2 http://www.un.org/en/sc/members/ 3 https://www.gov.uk/government/news/65-years-of-nato 4 http://thecommonwealth.org/member-countries 5 https://www.iiss.org/en/shangri-la%20voices/blogsections/2017-b8c0/developing-the-five-power-defence-arrangements-c523 6 https://ukdefencejournal.org.uk/study-finds-uk-is-second-most-powerful-country-in-the-world 7 https://www.theguardian.com/commentisfree/2018/jan/19/nuclear-weapons-uk-defence-review-russia 8 https://ukdefencejournal.org.uk/study-finds-uk-is-second-most-powerful-country-in-the-world/ 9 https://www.ft.com/content/2bea5eb8-d6c2-11e7-a303-9060cb1e5f44 10 http://www.oxfordresearchgroup.org.uk/sites/default/files/PR%20briefing%20February%202017_0.pdf 2 © 2018 Anomali, Inc. All rights reserved. and industrial and economic dynamism are all areas in a terrorist ‘attack is highly likely’12. The threat from which rival nation states will seek to pre-empt, gain a Northern Ireland has elevated in recent years due to the competitive edge, or undermine. emergence of the “New IRA”. There are also concerns about increases in knife crime and an embedded culture Domestic Threat landscape of violent gangs13. Terrorism, espionage, cyber-attacks and Dissident Republican groups are amongst those threats Cyber Threat Landscape Overview highlighted by the Centre for the Protection of National In February 2017, the UK was listed as the 38th most Infrastructure (CPNI) as threats to the UK11. The goal of attacked country via cyber means globally (up from 53rd the CPNI is to provide advice for the protection of UK in January 2017) ranking it higher than the US (90th), national infrastructure. The threat level to the United Germany (67th) and France (67th) according to Checkpoint Kingdom is currently at ‘severe’, which means that Software14. The UK had the fourth highest detection rate Port Description Quantity Number 47808 BACnet 297 502 Modbus 331 102 Siemens 50 20000 DNP 6 1962 PLC 4 9600 Omron 47 789 Red Lion 41 2455 CoDeSys 28 1911, 4911 Tridium 1153 44818 EtherNet/IP 1319 18245, General 59 18246 Electric 5904 Hart-IP 0 5006, 5007 Mitsubishi 2 Electric 2404 IEC 649 20547 ProConOS 216 Table of Visible UK ICS Ports (Source: SHODAN) UK ICS Ports Exposed – 15 Feb 2018 (Source: SHODAN) 11 https://www.cpni.gov.uk/national-security-threats 12 https://www.gov.uk/terrorism-national-emergency 13 http://www.telegraph.co.uk/news/2017/04/29/knife-crime-14-gang-warfare-becoming-embedded-culture/ 14 https://www.helpnetsecurity.com/2017/03/14/top-five-most-wanted-malware/ 3 © 2018 Anomali, Inc. All rights reserved. Civil Nuclear Chemical Communications Water Defence CNI Transport Emergency Services Space Energy Health Finance Government Food of ransomware in 2016 according to Malwarebytes, and Summary of Findings the ninth highest for Android malware. Overall, the UK saw the second highest detection rates for all types of Many of the sectors in the UK CNI have a large number malware, almost twice as many detections as Russia15. of companies, including small to medium enterprises (SMEs), that support the success of the industry. This diversification is likely to lend strength to the resilience Industrial Controls Map of the UK against a specific targeting of those sectors. Visible open network communication ports in the UK for However, there are geographical “clusters” that possess protocols related to Industrial Controls Systems (ICS) are an abundance of key sites. The chemicals, civil nuclear, shown in the image and table below. ICS are used in a and energy sector are dependent on some of these wide number of critical national infrastructure sectors. physical clusters and/or physical infrastructure for continued operation. The Grangemouth, Hull, Teesside and Critical National Infrastructure Runcorn areas are examples of this. Despite diversification in some areas, there are some bodies like the Defence The following sections provide insight into the cyber do- Equipment and Supply organization that oversee main of the sectors deemed to be Critical National Infra- procurement for the whole of defence. The procurement 16 structure (CNI). CNI “are those facilities, systems, sites, process necessarily underlines future ambitions and information, people, networks, processes necessary for current weaknesses in military capability. EDF Energy 17 a country to function and upon which daily life depends.” owns all of the currently active nuclear reactors. The They include the following areas: Chemicals, Civil Nuclear, emergency services are going through a communications Communications, Defence, Emergency Services, Energy, upgrade in which the network will be replaced by EE and Finance, Food, Government, Health, Space, Transport and Motorola alongside the provision of hand-held devices Water. The functional well-being of the state is dependent made by Samsung. on the services in these areas, therefore an attack on any of the sectors will have a particularly high impact on the nation. 15 https://www.malwarebytes.com/pdf/white-papers/stateofmalware.pdf 16 The CNI sectors have been taken from the UK CPNI as a template for a general national profile. 17 https://www.cpni.gov.uk/critical-national-infrastructure-0 4 © 2018 Anomali, Inc. All rights reserved. Chemical Lead Government Department: Department for Business, Energy and Industrial Strategy Represented by: Chemical Industries Association (CIA), Association of the British Pharmaceutical Industry (ABPI) Locations of Industry: Hull, Teesside, Runcorn and Grangemouth (the four main “clusters”) Subsectors: Petrochemicals, basic inorganics, polymers and consumer chemicals, specialty chemicals Top Trading Region: EU Important Trading Partners: USA, Singapore, Canada, China, Brazil Downstream Impact Pharmaceuticals, Aerospace and automotive Initiatives Industry 4.0 (automation and data exchange) Summary of Industry Threats to Industry The UK chemicals sector includes the manufacture of The chemicals sector has experienced growth but is specialty chemicals, polymers, commodity chemicals, facing increasing competition from the United States and consumer chemicals. Ninety-seven percent of and China. Brexit and increased energy costs have the industry is made up of 2,500 Small and Medium invigorated efforts to become more energy efficient and Enterprise (SMEs), with large multinational