{"id":4170,"date":"2024-06-25T09:00:00","date_gmt":"2024-06-25T14:00:00","guid":{"rendered":"https:\/\/www.darkreading.com\/cyberattacks-data-breaches\/key-takeaways-from-the-british-library-cyberattack"},"modified":"2024-06-25T09:00:00","modified_gmt":"2024-06-25T14:00:00","slug":"key-takeaways-from-the-british-library-cyberattack","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/06\/25\/key-takeaways-from-the-british-library-cyberattack\/","title":{"rendered":"Key Takeaways From the British Library Cyberattack"},"content":{"rendered":"
<\/a><\/div>\n
<\/div>\n

COMMENTARY<\/span><\/span><\/p>\n

n October 2023, <\/span>the British Library underwent a crippling cyberattack<\/a><\/span> that took down its website, a majority of its online services, including card transitions, reader registrations, and ticket sales, along with access to its digital library catalog. <\/span>The attack cost the library \u00a37 million<\/a><\/span> (US$8.9 million) in recovery costs, or about 40% of its reserve budget. Although the online catalogue was restored in January, full recovery is not expected before the end of the year. <\/span><\/p>\n

Analyzing the British Library’s initial response reveals that it effectively executed a carefully planned response strategy. With its vast store of 170 million items, the national library of Great Britain acknowledged a critical oversight in not having a security team on retainer and readily available, resulting in overreliance on an external team unfamiliar with the environment and scrambling in the eleventh hour. <\/span><\/p>\n

Welcoming transparency, <\/span>the institution issued its report<\/a><\/span> outlining details of the attack and sharing valuable lessons of benefit to other organizations in their cyber preparedness and mitigation efforts. <\/span><\/p>\n

How Did Attackers Breach the British Library?<\/h2>\n

While the exact method of entry is unknown due to the extensive damage caused by the attackers, investigators were able to trace unauthorized access at the Terminal Services server, which was installed in 2020 \u2014 COVID era \u2014 to facilitate remote access for external partners and internal IT administrators. <\/span><\/p>\n

Many of these outside parties had privileged access to specific servers and software. It is believed that the root cause behind the attack could have been the compromise of privileged account credentials, possibly via phishing, spear-phishing, or brute-forcing credentials. The library admitted to having an unusually diverse and complex technology estate comprising a stack of legacy tools and infrastructure that led to the severity of the incident. Although the Terminal Services server was protected by a firewall and antivirus software, it lacked standard multifactor authentication (MFA) protection \u2014 a gross oversight.<\/span><\/p>\n

What Did Hackers Steal?<\/h2>\n

Like most ransomware attacks, these adversaries stole sensitive data that could be either monetized on underground marketplaces or used to demand a ransom payment. Threat actors are said to have copied 600GB of files. Attackers used three methods to identify sensitive data: <\/span><\/p>\n

\n