Stay informed with free updates
Simply sign up to the Cyber Security myFT Digest — delivered directly to your inbox.
A cyber attack on the British Library has raised concerns from security experts about the vulnerability of public sector IT infrastructure at a time when hacking by state-backed foreign actors is on the rise.
The British Library, one of the world’s largest document repositories, confirmed this week that it had been hit by a major technical outage as a result of a ransomware attack. The library first said it had been experiencing technical issues on October 28.
Cyber-intelligence experts warned the incursion highlighted under-investment in cyber resilience by the government, particularly in critical infrastructure such as schools, hospitals and local authorities.
“[Hackers] are going after low-hanging fruit,” said Jamie MacColl, a research fellow at the Royal United Services Institute think-tank. “Despite whatever the government has spent on cyber resilience, those . . . parts of government are just much less mature.” The Cabinet Office was contacted for comment.
Hacking group Rhysida on Monday claimed responsibility for the breach as it launched a week-long online auction for stolen data.
In a post on the dark web and seen by the Financial Times, the hackers released low-resolution images of British Library employees’ passports and opened bidding for an undisclosed set of documents at 20 bitcoin, equivalent to almost £600,000.
The British Library in London is a non-departmental public body sponsored by the Department for Digital, Culture, Media and Sport (DCMS). Unlike other ransomware groups, Rhysida has focused on vital infrastructure including schools, hospitals and government agencies.
“As these types of organisations come under increasing threat of ransomware attacks, there is the potential that the fallout is also leveraged by state actors,” said Kyle Walter, head of research at Logically, an anti-misinformation unit.
Rhysida became known to authorities in May, according to US intelligence services. The organisation is linked to Vice Society, a group with connections to Russia known for targeting US healthcare facilities during the Covid-19 pandemic.
The National Cyber Security Centre (NCSC), a UK government agency, last week warned of an “enduring and significant” threat to IT infrastructure, following an uptick in cyber attacks involving organisations it said were sympathetic to Russia’s invasion of Ukraine.
There were more than 1,420 reported incidents of malware, ransomware and phishing that targeted public bodies in the first half of 2023, according to the Information Commissioner’s Office. This was up from 855 incidents over the same period last year.
The NCSC advises cyber attack targets to never pay a ransom but instead rely on backups and costly efforts to recover lost data.
When the NHS was struck by outages following a six-day cyber attack in 2017, the Department of Health and Social Care spent an estimated £73mn to recover data stolen by ransomware group WannaCry.
“One of the main things about infrastructure around the edges is that in many cases some of the systems are using legacy software. That was one of the main [reasons] that WannaCry was so successful,” said Vasileios Karagiannopoulos, a cyber security researcher at the University of Portsmouth.
Sir Roly Keating, chief executive of the British Library, said that the organisation was still assessing the “impact of this criminal attack” and working to identify a way to “restore our online systems”.
The DCMS and the NCSC said they were engaging with the British Library to assess the impact of the recent attack.
The UK government allocated £2.6bn in funding to improve cyber security and replace legacy IT systems in 2021. It launched the National Protective Security Authority, part of MI5, this year to support businesses and organisations and formed the NCSC in 2016.
Read the full article here