Our research addresses the question: What are the conditions of the UK's cyber threat landscape? In addressing this we focus on detectable, known and therefore potentially preventable cyber threats, specifically those that are identifiable by the types of malicious scanning activities they exhibit. We have chosen this approach for two reasons. First, as is evidenced herein, the vast majority of cyber threats affecting the lives and business endeavours of UK citizens are identifiable, preventable threats. Thus the potential exists to better improve UK cyber defence by improving how citizens are supported in preventing, detecting and responding to cyber threats. Achieving this requires an evidence base to inform policy makers. Second, it is potentially useful to build a quantifiable evidence base of the known threat space - that is to say detectable, identifiable and therefore potentially preventable cyber threats - to ascertain if this information may also be useful when attempting to detect the emergence of more novel cyber threats. This research presents an analysis of malicious internet scanning activity collected within the UK between 1st December 2020 and the 30th November 2021. The data was gathered via a custom automated system which collected and processed data from Greynoise, enriched this via Shodan, cross referencing it with data from the Office of National Statistics and proprietorial data on UK place names and geolocation.

翻译：本研究旨在回答：英国网络威胁格局的条件是什么？为此，我们聚焦于可检测、已知且因此可能可预防的网络威胁，具体而言，是那些通过其表现出的恶意扫描活动类型可辨识的威胁。我们选择此方法基于两个原因。首先，如本文所证明，影响英国公民生活与商业活动的大多数网络威胁均为可辨识、可预防的威胁。因此，通过改善公民在预防、检测和应对网络威胁方面的支持方式，存在提升英国网络防御的潜力。实现此目标需要为政策制定者提供证据基础。其次，构建已知威胁空间（即可检测、可辨识且因此可能可预防的网络威胁）的可量化证据基础可能具有实用性，以确定该信息在尝试检测新型网络威胁的出现时是否同样有效。本研究分析了2020年12月1日至2021年11月30日期间在英国收集的恶意互联网扫描活动数据。这些数据通过定制自动化系统收集，该系统从Greynoise获取并处理数据，通过Shodan进行数据丰富，并与英国国家统计局数据及英国地名与地理位置的专有数据交叉引用。