Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.town/notes/9qmbsw07jbzw1eu7">Taggart :donor: (mttaggart@infosec.town)'s status on Saturday, 09-Mar-2024 18:53:06 JST</a><a href="https://infosec.town/@mttaggart" title="mttaggart@infosec.town"><img src="https://gnusocial.jp/theme/gnusocialjp/default-avatar-stream.png" width="48" height="48" alt="Taggart :donor:" style="position: absolute; left: 0; top: 0;">Taggart :donor:</a><div><a href="https://infosec.town/notes/9qmbn3y2qnqoqnhy" rel="in-reply-to">in reply to</a></div></section><article><p>The intrusion was first identified as a major incident at 07:35 on 28 October 2023 when a member of the Technology Team was unable to access the Library’s network. Initial escalation and investigation of the incident within the Technology Team as per the Technology Major Incident Management Plan confirmed the likelihood that the incident was the result of a cyber-attack; and at 09:15 the Library’s Crisis Management Plan was invoked by the Business Continuity Manager. Great that they had a process in place! Not everywhere has proper Business Continuity procedures. Although, it turns out they were on unsteady footing.<br><br>I'll also note that this "initial detection" was when users tried to log in in the morning. Forensics may later find that there were ignored security alerts to indicate an issue, but so far, no detective capacity in sight.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2805661#notice-5565214">In conversation</a><time datetime="2024-03-09T18:53:06+09:00" title="Saturday, 09-Mar-2024 18:53:06 JST">about a year ago</time> <span>from <span><a href="https://infosec.town/notes/9qmbsw07jbzw1eu7" rel="external" title="Sent from infosec.town via ActivityPub">infosec.town</a></span></span><a href="https://infosec.town/notes/9qmbsw07jbzw1eu7">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Taggart :donor: (mttaggart@infosec.town)'s status on Saturday, 09-Mar-2024 18:53:06 JST Taggart :donor:
in reply to
The intrusion was first identified as a major incident at 07:35 on 28 October 2023 when a member of the Technology Team was unable to access the Library’s network. Initial escalation and investigation of the incident within the Technology Team as per the Technology Major Incident Management Plan confirmed the likelihood that the incident was the result of a cyber-attack; and at 09:15 the Library’s Crisis Management Plan was invoked by the Business Continuity Manager. Great that they had a process in place! Not everywhere has proper Business Continuity procedures. Although, it turns out they were on unsteady footing.

I'll also note that this "initial detection" was when users tried to log in in the morning. Forensics may later find that there were ignored security alerts to indicate an issue, but so far, no detective capacity in sight.
In conversationabout a year ago from infosec.townpermalink

Public

Embed Notice

HTML Code

Corresponding Notice