The British Library experienced a ransomware attack in October 2023 [1] [2], attributed to the Rhysida ransomware group [1] [2]. This attack resulted in the exfiltration of 600GB of data, including personal information of Library users and staff [1].
Description
The attackers exploited vulnerabilities in the Terminal Services server [3], gaining unauthorized access through compromised third-party credentials and the absence of multifactor authentication (MFA) on the domain [3]. This breach allowed the attackers to obtain privileged administrator access, potentially through phishing [2] [3], spear-phishing [3], or brute force attacks [2] [3]. The Corporate Information Governance Group had previously identified the risk of third-party providers [2], prompting a security review for 2024. In response to the attack, the Library is enhancing its security measures by implementing role-based access control, improved MFA capabilities, and privileged access management policies to prevent future incidents.
Conclusion
The ransomware attack on the British Library had significant implications, leading to the exposure of sensitive data and potential risks to user privacy. Moving forward, the Library’s focus on enhancing security measures, such as role-based access control and improved MFA capabilities [1], will be crucial in preventing similar incidents in the future. This incident serves as a reminder of the importance of proactive cybersecurity measures and the ongoing need for vigilance in protecting against cyber threats.
References
[1] https://ciso2ciso.com/third-party-breach-and-missing-mfa-contributed-to-british-library-cyber-attack-source-www-infosecurity-magazine-com/
[2] https://www.infosecurity-magazine.com/news/third-party-mfa-british-library/
[3] https://www.itsecuritynews.info/third-party-breach-and-missing-mfa-contributed-to-british-library-cyber-attack/
