Overall, Subject, and GeoPolitical Alerts
Whilst the alerts on product vulnerabilities are useful, we have introduced an Overall Alert when something big hits the security world, such as Wannacry etc. The definitions below will give an idea of the criteria considered when setting the status.
We have also introduced more granular Subject Alert States and Geo-Political Alerts for when tensions around the world may lead to cyber security issues for everybody.
Current Overall Alert State
Current Subject Alerts States
24 March 2023 - It's been a year, we've probably seen all the new tricks, either you're watching or you won't see this either. Dropping to Guarded
03 November 2022 - Russia warns of mutual destruction without formal Digital Rules of Engagement. More info.
03 November 2022 - UK prepares for Russian cyber-attacks. More info.
01 November 2022 - Russia looking for excuse to target UK infrastructure. More info.
28 October 2022 - Russia is accusing the US and EU of conducting a campaign of cyber “sabotage” against Russia. More info.
15 September 2022 - More reports of Russia hacking Ukraine. More info.
10 September 2022 - More reports of Russia hacking Ukraine. More info.
02 September 2022 - Although politicians and cybersecurity experts have warned about the potential for widespread hacks in the wake of Russia’s invasion of Ukraine, a new study finds that attacks linked to the conflict have had minor impact and are unlikely to escalate further. More info.
18 August 2022 - The cyber fallout from the war in Ukraine continues. The number of observed distributed denial-of-service (DDoS) attacks nearly trebled during the first six months of 2022. More info.
16 February 2022 - Reports are coming in of various cyberattacks on Ukraine Defence Ministry and Armed Forces. More info.
Other countries are preparing for spillover as well. More info.
03 February 2022 - Raised the Alert Level to High, based on activity identified by CND.
28 January 2022 - UK has now warned of potential cyberattacks from Russia as well. - More info.
25 January 2022 - We've raised a GeoPolitical Subject Alert for the increased activity around Ukraine and Russia. Russian troop buildup at the Ukraine border has created a tense situation, with cyberattacks increasing as tensions rise.
Hactivists say they hacked Belarus rail system to stop Russian military buildup - More info.
US has warned of potential cyberattacks from Russia if it responds to Ukraine invasion. - More info.
US and UK have recalled embassy staff and families. More info. And here.
Ukraine Government websites weather Cyber Attack Campaign. More info.
US, NATO Discuss Ukrainian cyber aid amid tensions. More info.
Overall Historical Alert State Details
SAP, Siemens Monthly Patches, Windows DNS SigRed.
20 July, 2020 - The world hasn't broken, we're dropping back to Guarded.
15 July, 2020 - Add the Windows DNS vulnerability to the "Bad Patch Day" mix. It's got a name (SigRed) and everything.
14 July, 2020 - We have raised the Overall state to Increased due to the critical nature of the SAP and Siemens Monthly Patches. Four more vendors are set to report Patches today.
Microsoft and Oracle Patches, Citrix exploits.
20 Jan, 2020 - Lowered the Overall Alert state back to Guarded.
15 Jan, 2020 - Raised the Overall Alert state to Increased, due to two Microsoft Critical patches, Oracle Critical patches, and the public exploits for Citrix server vulnerabilities from a bulletin released 17 Dec yet thousands of servers are still vulnerable. It's just active, and deserves an increase for a day or two.
Unpatched Servers and US:Iran conflict
26 June, 2019 - "Everything is awesome, Everything is cool" Well, maybe not yet, but dropping to Guarded because it is quiet.
24 June, 2019 - dropping a level as the original items are quiet.
23 June, 2019 - US:Iran
With US:Iran increased tensions, the overall cyber world should be on high alert.
18 June, 2019 - BlueKeep, Exim, Infrastructure
Exploit code has been created, older OS versions are still vulnerable although it has been 5 weeks since patches were made available, time to patch people!
Also, there are multiple groups attempting to exploit the Exim RCE vulnerability, which allows root access.
Finally, US and Russia appear to be starting an Infrastructure "war". US and Russia attacking each other's infrastructure is bad for everyone.
19 October, 2018 - Reduced Overall Alert back to Guarded
16 October, 2018 - Raised Overall Alert to Increased due to Oracle Quarterly Patches and the sheer number of remote vulnerabilities in Oracle products.
17 September, 2018 - Reduced Overall Alert to Guarded.
12 September, 2018 - Raised Overall Alert to Increased due to Patch Tuesday, patched 0-days, and other public exploits being patched. There's just a lot going on.
20 August, 2018 - Reduced Overall Alert to Guarded after appropriate patch time.
15 August, 2018 - Raised Overall Alert to Increased due to Microsoft 0-day patches in Patch Tuesday. More info.
22 March, 2018 - Overall Alert State reduced to Guarded after a few quiet days.
19 March, 2018 - Overall Alert State set to Increased based on increasing cyber security concerns between Russia and the UK, and Russia and the US.
The UK National Cyber Security Centre (NCSC) put the National Grid on alert. More info.
US-CERT detailed report on "Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors" here.
05 February, 2018 - Overall Alert State returned to Guarded, patches are expected for the Adobe Flash 0-day this week.
02 February, 2018 - Overall Alert State set to Increased based on AutoSploit and an Adobe Flash Player 0-Day both hitting just before the weekend.
09 January, 2018 - Overall Alert State returned to Guarded, patches are still rolling out but everyone pretty much has a plan.
04 January, 2018 - Overall Alert State set to Increased based on Meltdown and Spectre affecting all modern processors.
29 June, 2017 - Overall Alert State returned to Guarded, Petya has run it's course for the most part, and it is in post-analysis and recovery stage.
27 June, 2017 - Overall Alert State set to Increased based on Petya ransomware reported effect in Eastern Europe, and the potential for similar issues across multiple industries.
15 May, 2017 - Overall Alert State set back to Guarded, based on little news about further spread of ransomware, and the availability of patches and procedures to stop the spread.
12 May, 2017 - Overall Alert State set to Increased based on WannaCry ransomware reported effect on Healthcare Infrastructure, and the potential for similar issues in other Infrastructure systems.
17 April, 2017 - Overall Alert State set back to Guarded.
12 April, 2017 - Overall Alert State set to Increased to bring notice to the Microsoft and Adobe Patch Days.
Subject Historical Alert State Details
Overall Alert Definitions
This is the lowest envisaged Alert State for the foreseeable future.
Remain vigilant and be prepared for attack. There are no discernible issues impacting end networks or the infrastructure of the Internet.
UK Military Terminology – Stand Down
Civilian Terminology – Chillax
There is unrest in cyber space requiring increased vigilance for possible cyber disruption, such as:
- Several severe vulnerabilities across multiple platforms (eg Patch Tuesday)
- Increased political unrest or International hostilities between Nation States which may result in indiscriminate cyber attacks and watering hole acquisition to build botnets.
- There is a new attack vector which is taking hold and may require mitigation but not yet raising too much cause for concern.
UK Military Terminology – Stand To
Civilian Terminology – Keep Calm and Carry On
There is a marked escalation in cyber attacks and actual effect, security staff should align their security posture to mitigate the threat and exercise possible use cases relating to the threat, the threats might include:
- Significant degradation of the Internet infrastructure, such as loss of backbones, DDoS, DNS etc.
- Several significant vulnerabilities which are being actively exploited and/or proving difficult to mitigate.
- Malware which is spreading quickly and causing significant issues.
- Outbreak of Cyber hostilities between Nation States, those nations involved go to Critical Alert State
UK Military Terminology – Watch and Shoot
Civilian Terminology – Wake Up and Smell the Coffee
There is a direct cyber threat which will impact the majority of systems and significantly hamper IT operations, this Alert State will be used sparingly.
Where the Critical Alert State can be localised, by Product Type, Attack Vector, Threat Actor or Nations, these will be reflected in the sub heading as per the example shown.
Military Terminology – Incoming, Take Cover
Civilian Terminology – OMG!