By Chris Grove, Senior Solutions Engineer at Odaseva
In October 2023, the British Library fell victim to a significant ransomware cyber-attack that compromised the majority of its online systems, highlighting an often-overlooked aspect of cybersecurity: the security of backups.
The attack, orchestrated by the Rhysida ransomware gang, used backup-related methods as a primary attack vector to copy and exfiltrate sensitive data.
This incident underscores the critical importance of ensuring robust security measures for backup systems. That’s because where there is data, there is a threat it can be breached. So whether you’re backing up data in SaaS programs like Salesforce, or on-prem software, special attention must be paid to securing these backups.
The attackers gained initial access through compromised privileged account credentials, most likely via phishing attacks. The absence of Multi-Factor Authentication (MFA) on the Terminal Services server, which facilitated remote access for trusted partners and internal IT administrators, further exacerbated the vulnerability. Once inside, the attackers leveraged native utilities and IT tools, trusted within the network, to create backup copies of 22 of the Library’s databases, thereby gathering a large volume of data.
The copied data, amounting to approximately 600GB, was then exfiltrated from the network to an external location controlled by the attackers. The exfiltrated data included contact details of external users and customers, though it did not contain the most sensitive financial information. Targeted keyword attacks scanned for files containing sensitive terms, further broadening the scope of compromised data.
This methodical approach allowed the attackers to use the Library’s own backup processes to streamline data collection and exfiltration, significantly complicating recovery efforts as the Library had to ensure the integrity and security of its remaining backups.
The overall cost of this cyber-attack is still being calculated but is likely to be significant. IBM found in their ‘Cost of a Data Breach Report 2023’ that the global average cost of a data breach in 2023 was USD 4.45 million, a 2.3% increase over the previous year. And by the end of 2024, the cost of cyberattacks on the global economy is predicted to top USD 10.5 trillion.
Fortunately some of the Library’s backups were unaffected by the cyber-attack and have been used as viable sources from which some of the data has been recovered. However some on-premise data collections are still being validated, and this raises the question of whether local or cloud-based backups are more secure.
In May 2024 according to SC, a provider of on-premise data backup and recovery software released a patch to address critical vulnerabilities in its enterprise backup management tool. One such vulnerability “allows an unauthenticated attacker to log in to the VBEM web interface as any user.”
The British Library has already started moving away from on-premise systems in general, stating “We expect the balance between cloud-based and onsite technologies to shift substantially towards the former in the next 18 months.”
Cloud-based backup solutions are known to offer a number of security benefits over on-premise offerings, such as:
Offsite Data Storage: Cloud backups are commonly stored in geographically dispersed data centers, and are therefore protected from local disasters such as fire, theft and floods. Data centers offer several layers of redundancy, ensuring that data remains accessible even if your physical location is compromised.
Automatic Updates: Cloud providers automatically update and patch their systems, ensuring that backups are protected against the latest threats.
Encryption: In contrast to on-premise backups which may not have robust encryption, reputable cloud providers encrypt data in transit and at rest, ensuring that unauthorized access is impossible even if the data is intercepted.
The British Library cyber-attack highlights the critical need for stringent security measures around all backup systems and the importance of controlling access to these backups. At Odaseva, we understand that backup isn’t just about data recovery; it is a critical component of security. This is where our Zero Trust approach and no-view provider model become indispensable. Specifically:
Zero Trust Architecture: With Odaseva’s Zero Trust architecture, your data is always encrypted, secured and not visible to any operator of the system. This approach significantly reduces the risk of insider threats and compromised credentials leading to a breach.
No-View Provider: As a no-view provider, Odaseva ensures that our Managed Service teams, your admins, and any authorized third parties can manage backups and restore your data without ever having access to the data itself. This maintains a strict continuum of protection and ensures that your data remains secure, even if credentials are compromised.
Encryption: From the moment it enters Odaseva’s systems, every bit of your data is protected with your own encryption key, ensuring that only authorized individuals can access it. This prevents attackers from easily stealing data, even if they gain access to the network.
And for the most sensitive data, Odaseva offers a true end-to-end encryption solution where data is protected before it leaves your own trusted network.
Regulatory Compliance: Our platform helps organizations meet and exceed compliance standards such as HIPAA, GDPR, and SOX, providing robust data protection measures that adapt to evolving legislative requirements.
Auditability and Monitoring: Odaseva provides comprehensive audit logs and continuous monitoring, crucial for managing your backup use and providing a clear audit trail. This aligns with key regulations and enhances organizational resilience against cyber-attacks.
The British Library cyber-attack serves as a stark reminder of the importance of securing backup systems. With attackers increasingly targeting backups to exfiltrate data, implementing a Zero Trust architecture and ensuring that backup management is handled by a no-view provider like Odaseva is essential. By securing backups with Odaseva, organizations can confidently protect their critical data from cyber-attacks, ensuring business continuity and compliance with global standards.
Details came from the British Library’s ‘Learning Lessons from the Cyber-Attack’ document, published in March 2024.