Embed Notice

(Long quote, sorry)Forensic analysis of the attack performed by our independent cyber-security advisors has identified evidence of an external presence on the Library network at 23:29 on Wednesday 25 October 2023, with the first evidence of movement around the network at 23:32. Later that night, at 01:15 on 26 October 2023, the Library’s IT Security Manager was alerted to possible malicious activity on the Library network. This alert came from the Library’s Monitoring System which had automatically blocked the suspect activity at 00:21. The IT Security Manager, among other actions, extended the automatic block beyond the pre-set expiry, undertook a vulnerability scan (which came back with no results) and actively monitored activity log. No repeat activity was seen. The incident was escalated to the IT Infrastructure team at 07:00. Further investigation by the IT Infrastructure Team, including detailed analysis of activity logs, did not identify any obviously malicious activity and they subsequently performed a password reset before unblocking the account later that day.Here we go. It's very common that the attack is detected, but ignored or not understood. This is what happened with the Conti attack on the Irish Health Service as well.

Running a "vulnerability scan" is insufficient. If malicious activity is detected, vuln scans are equivalent to telling a gunshot wound patient that you're gonna check to see if they're wearing Kevlar.