News

Key Takeaways from the British Library Cyberattack

Steve Durbin
Published 25 - June - 2024
Read the full article on Dark Reading
dark readingriskgovernance

Knowledge institutions with legacy infrastructure, limited resources, and digitised intellectual property must protect themselves from sophisticated and destructive cyberattacks.

In October 2023, the British Library underwent a crippling cyberattack that took down its website, a majority of its online services, including card transitions, reader registrations, and ticket sales, along with access to its digital library catalog. The attack cost the library £7 million (US$8.9 million) in recovery costs, or about 40% of its reserve budget. Although the online catalogue was restored in January, full recovery is not expected before the end of the year. 

Analysing the British Library’s initial response reveals that it effectively executed a carefully planned response strategy. With its vast store of 170 million items, the national library of Great Britain acknowledged a critical oversight in not having a security team on retainer and readily available, resulting in overreliance on an external team unfamiliar with the environment and scrambling in the eleventh hour. 

Welcoming transparency, the institution issued its report outlining details of the attack and sharing valuable lessons of benefit to other organisations in their cyber preparedness and mitigation efforts. third part relationships,

How Did Attackers Breach the British Library?

While the exact method of entry is unknown due to the extensive damage caused by the attackers, investigators were able to trace unauthorised access at the Terminal Services server, which was installed in 2020 — COVID era — to facilitate remote access for external partners and internal IT administrators. 

Many of these outside parties had privileged access to specific servers and software. It is believed that the root cause behind the attack could have been the compromise of privileged account credentials, possibly via phishing, spear-phishing, or brute-forcing credentials. The library admitted to having an unusually diverse and complex technology estate comprising a stack of legacy tools and infrastructure that led to the severity of the incident. Although the Terminal Services server was protected by a firewall and antivirus software, it lacked standard multifactor authentication (MFA) protection — a gross oversight.

Key Takeaways from the British Library Cyberattack
Read the full article on Dark Reading