The Loophole that Led to a Ransomware Attack: The British Library Breach Story

The Loophole that Led to a Ransomware Attack: The British Library Breach Story

Did you know that the average cost of a ransomware attack is $4.54 million and yet organizations fail to establish a robust cyber infrastructure. The British Library breach is a testimony to loopholes in security infrastructure as the ransomware attack was possibly led by #phishing mail carrying malware. However, the question lies in how organizations fall prey to such attacks even after enormous investment in ensuring the security posture of the organization.

The cyber attack, which occurred on October 31, continues to disrupt the library’s website, online systems, and some onsite services. The cybercriminals have priced the stolen data, which includes passport scans, at 20 Bitcoin (equivalent to £596,459). In a recent post, the British Library stated: “After confirming last week that we were targeted by a ransomware attack, we now have evidence suggesting that the attackers may have copied some user data, and additional data seems to have been published on the dark web.”

Who was the Perpetrator of the British Library Breach?

The cyber attack on the British Library by the Rhysida ransomware group, which resulted in the theft and subsequent leak of a substantial amount of data, underscores the importance of people-centric cybersecurity in any organization. The Rhysida ransomware group, thought to be from Russia or the CIS, has been making waves in the cybercrime world since its first sighting in May 2023. This group deploys a ransomware variant known as Rhysida and also offers it as Ransomware-as-a-service (RaaS).?

Ransomware as a Service Attack Revenue Models
Ransomware as a Service Attack Revenue Models

They have been involved in several high-profile attacks. The group uses a technique known as ‘double extortion’, where they not only render an organization’s computers inaccessible by infecting them with malicious software but also steal data at the same time and threaten to release it online.

As of December 2023, the group has listed around 50 victims. Their victims are geographically spread over each major geopolitical region, with the USA, France, Germany, England, and Italy being the top five countries in terms of the number of victims. Despite their activities, they are not the most prolific group, having claimed five victims for October 2023, which is far behind other groups like LockBit, NoEscape, PLAY, ALPHV/BlackCat, and 8BASE. Let’s get back to the British Library breach.

How did the Attack Take Place? What was Exposed?

The British Library recently suffered a ransomware attack that resulted in the theft of customer data and caused the library’s systems and website to go offline for a month. According to the information on Rhysida’s website, the leak comprises 490,191 files, amounting to 573 GB. The perpetrators initially offered the data for sale, setting the opening bid at 20 Bitcoin, which is approximately $760,000 based on the current exchange rate.

The possible cause of this attack is a malware-laden phishing mail that was sent to one of the employees of the library. The British Library confirmed that some internal data had leaked online, which appears to be from their internal HR files. However, they stated that they had “no evidence” that customer data was compromised. The British Library has disclosed that the recent data breach was more extensive than initially believed, affecting not only internal data but also personal information of its readers and visitors. The library is now reaching out to those affected via email.

Phishing Template for a Ransomware Attack Simulation
An example of phishing email containing malware (Develop by Threatcop)

The library’s customer relation management (CRM) databases were accessed during the attack. At a minimum, these databases contain the names and email addresses of most users. The databases may also contain postal addresses or telephone numbers for some users. The library reassures its users that all payment processing is handled by secure third-party providers, and they are confident that no credit or debit card data was compromised. They are working with cybersecurity specialists to enhance the security of their systems and have already implemented additional measures to prevent future attacks.

Rhysida Ransomware Group
Ransomware Attack Technique by Rhysida Ransomware Group (Source; Trend Micro)

Password Practices and WiFi Security are Still a Concern

The British Library has reiterated its advice to customers to enhance their security measures, including changing passwords for any online services linked to the library. The institution has expressed regret over the inconvenience caused by the incident, emphasizing that their community is their priority. They are dedicating all available resources to investigate the incident and restore their systems and services.

Despite the cyber incident, the physical locations of the British Library at St Pancras in London and Boston Spa in Yorkshire have remained operational. The public Wi-Fi network infrastructure and point-of-sale systems have been successfully restored. The library anticipates the resumption of more services in the coming months but cautions that disruptions may continue for an unspecified period.

People Security Management: Need of an Hour

A robust People Security Culture can play a crucial role in preventing data breaches. This culture is more than just physical barriers or system access controls; it’s a collective mindset of the people in an organization working every day to protect the enterprise. A robust People Security Culture can make a significant difference in several ways. It can reduce risk, potentially saving enterprises millions of dollars by mitigating the effects of corrupted or lost data, decreased revenue, and regulatory fines, and safeguarding the enterprise’s reputation. It’s worth noting that human error or behavior is reportedly the cause of 90 percent of all cyberattacks. Therefore, a strong security culture can help tackle most security issues by encouraging employees to make decisions that align with security policies.

要查看或添加评论,请登录

Threatcop的更多文章

社区洞察

其他会员也浏览了