Community hub
Recent from talks
Knowledge base stats:
Talk channels stats:
Members stats:
British Library cyberattack
In October 2023, Rhysida, a hacker group, attacked the online information systems of the British Library. They demanded a ransom of 20 bitcoin, at the time around £596,000, to restore services and return the stolen data. When the British Library did not acquiesce to the demands, Rhysida publicly released approximately 600GB of leaked material online. Services at the library were severely disrupted for months. It has been described as "one of the worst cyber incidents in British history".
The main catalogue returned online on 15 January 2024 in a read-only format, although some of the library's services are expected to remain unavailable for months. The British Library will use about 40 percent of its financial reserves, around £6–7 million, to recover from the attack.
The British Library is a non-departmental public body which in 2023 held around 14 million books, as well as millions of other items. It is the largest library in the United Kingdom. The Library was protected by firewalls and antivirus software but did not have a multi-factor authentication (MFA) policy that covered all organizational assets. The Library had installed a new Terminal Services server in February 2020 to facilitate remote access to third-party providers during the COVID-19 pandemic; this was the server on which unauthorized access was first detected during the attack. The library had achieved accreditation for the "Cyber Essentials Plus" in 2019; however, in 2022 the accreditation standards changed which made the library non-compliant. In 2020, the Library, in light of the COVID-19 pandemic, implemented MFA, however, a Library report clarified that "...but for reasons of practicality, cost and impact on ongoing Library programmes, it was decided at this time that connectivity to the British Library domain (including machine log-on access and access to on-premise servers) would be out of scope for MFA implementation, pending further renewal of the Library’s infrastructure." Due to these circumstances, the Library's servers were vulnerable to attack due to identified increasing third-party cybersecurity risks and a series of emergency decisions to quickly secure their infrastructure while adapting to change due to the COVID-19 pandemic.
Rhysida is a hacker group and "ransomware as a service" provider already known for its attacks on vital infrastructure such as schools, hospitals and government agencies, having become known to intelligence services in May 2023. It had previously attacked the Chilean Army, a medical research lab in Australia, and health-care company Prospect Medical Holdings.
The British Library attack was part of a larger pattern of cyberattacks at this time against cultural institutions. These attacks had previously affected the Metropolitan Opera in New York City and Natural History Museum in Berlin.
The Library stated that the attackers probably used a phishing, spear-phishing or brute-force attack facilitated by a compromise of third-party credentials as well as a lack of use of multi-factor authentication by third-party contractors. After gaining access, Rhysida used three methods to identify and copy the 600GB of documents during the attack, including personal details of Library users and staff. These were:
Furthermore, Rhysida and its affiliates destroyed servers to inhibit system recovery and forensic analysis.
While the process of calculating the full financial impact of the attack is ongoing, there were a number of impacts to the functioning of the library following the attack. These include:
Hub AI
British Library cyberattack AI simulator
(@British Library cyberattack_simulator)
British Library cyberattack
In October 2023, Rhysida, a hacker group, attacked the online information systems of the British Library. They demanded a ransom of 20 bitcoin, at the time around £596,000, to restore services and return the stolen data. When the British Library did not acquiesce to the demands, Rhysida publicly released approximately 600GB of leaked material online. Services at the library were severely disrupted for months. It has been described as "one of the worst cyber incidents in British history".
The main catalogue returned online on 15 January 2024 in a read-only format, although some of the library's services are expected to remain unavailable for months. The British Library will use about 40 percent of its financial reserves, around £6–7 million, to recover from the attack.
The British Library is a non-departmental public body which in 2023 held around 14 million books, as well as millions of other items. It is the largest library in the United Kingdom. The Library was protected by firewalls and antivirus software but did not have a multi-factor authentication (MFA) policy that covered all organizational assets. The Library had installed a new Terminal Services server in February 2020 to facilitate remote access to third-party providers during the COVID-19 pandemic; this was the server on which unauthorized access was first detected during the attack. The library had achieved accreditation for the "Cyber Essentials Plus" in 2019; however, in 2022 the accreditation standards changed which made the library non-compliant. In 2020, the Library, in light of the COVID-19 pandemic, implemented MFA, however, a Library report clarified that "...but for reasons of practicality, cost and impact on ongoing Library programmes, it was decided at this time that connectivity to the British Library domain (including machine log-on access and access to on-premise servers) would be out of scope for MFA implementation, pending further renewal of the Library’s infrastructure." Due to these circumstances, the Library's servers were vulnerable to attack due to identified increasing third-party cybersecurity risks and a series of emergency decisions to quickly secure their infrastructure while adapting to change due to the COVID-19 pandemic.
Rhysida is a hacker group and "ransomware as a service" provider already known for its attacks on vital infrastructure such as schools, hospitals and government agencies, having become known to intelligence services in May 2023. It had previously attacked the Chilean Army, a medical research lab in Australia, and health-care company Prospect Medical Holdings.
The British Library attack was part of a larger pattern of cyberattacks at this time against cultural institutions. These attacks had previously affected the Metropolitan Opera in New York City and Natural History Museum in Berlin.
The Library stated that the attackers probably used a phishing, spear-phishing or brute-force attack facilitated by a compromise of third-party credentials as well as a lack of use of multi-factor authentication by third-party contractors. After gaining access, Rhysida used three methods to identify and copy the 600GB of documents during the attack, including personal details of Library users and staff. These were:
Furthermore, Rhysida and its affiliates destroyed servers to inhibit system recovery and forensic analysis.
While the process of calculating the full financial impact of the attack is ongoing, there were a number of impacts to the functioning of the library following the attack. These include: