Celebrate, but not too loud: British Library catalog returns online

London’s world-renowned British Library catalog is back online this week; the collection includes records of rare books, musical scores, and other printed works you promised yourself you’d get to in 2024.

The read-only rebuild follows an October ransomware attack that disrupted facility services. January’s recovery efforts at the “BL” allow researchers around the world to access the trove of physical books, archives, maps, and manuscripts in the basements of the St. Pancras, London site.

“Its absence from the internet has been perhaps the single most visible impact of the criminal cyberattack which took place at the end of October last year,” a Jan. 10 post from British Library CEO Roly Keating read.

The attack shut down “essential digital services,” including the catalog, website, online learning resources, and a database of more than 600,000 doctoral theses.

“One of our core responsibilities as the national library—free access to our collection—was put on hold,” a post-incident response read in December.

Help wanted. While manufacturing, technology, retail, and banking were the leading ransomware targets in Q3 2023, according to a report from cybersec provider GuidePoint Security, malicious hackers are cracking the books and heading to libraries, too. Cyberattackers recently struck the Toronto Public Library, as well as cultural institutions like the Metropolitan Opera and popular museums.

Libraries are often vulnerable, given that staffs are frequently small and lack security expertise, according to Daniel Clayton, VP of cybersecurity operations at secops provider Expel.

“Libraries, generally speaking, don’t think of themselves as targets. They’re generally under-resourced, so they’re not committing a massive amount of money to cybersecurity. The exception to that really is organizations that have been hit already,” Clayton told IT Brew.

In November, the hacking group Rhysida threatened to published 490,191 files related to the British Library. The BL later confirmed that its Customer Relationship databases—which contain names and email addresses, “at a minimum”—appeared to be breached.

Because expensive strategies like 24/7 monitoring may be out of reach for libraries, Clayton recommended that today’s facilities get the cybersecurity basics down: deploying multifactor authentication, updating patches, and deploying system-access management, especially as people come and go.

Why the library? While there’s the possibility that the library attackers are targeting big institutions to make a name for themselves, Clayton said, the cybercriminals could also just be going for the easy target.

An unnamed cybersecurity expert who spoke to The New Yorker in December agrees on the cyberattackers’ motives.

“This is just them doing what they do: finding a way in and then exploiting it ruthlessly,” the pro said.