Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.town/notes/9qmda9pwzhpdut5a">Taggart :donor: (mttaggart@infosec.town)'s status on Saturday, 09-Mar-2024 18:52:53 JST</a><a href="https://infosec.town/@mttaggart" title="mttaggart@infosec.town"><img src="https://gnusocial.jp/theme/gnusocialjp/default-avatar-stream.png" width="48" height="48" alt="Taggart :donor:" style="position: absolute; left: 0; top: 0;">Taggart :donor:</a><div><a href="https://infosec.town/notes/9qmd3qtkles8r3ha" rel="in-reply-to">in reply to</a></div></section><article><p><b>To Recap</b><br><br>The British Library:<br><br>- used unsupported, unpatched software as critical infra<br>- used multiple IT vendors with varying levels of access<br>- lacked sufficient in-house staff to coordinate a proper security policy<br>- lacked resources (or leadership, probably) to appropriately fund an infrastructure refresh program<br>- launched remote access during COVID <b>WITHOUT MFA</b><br><br>And although we cannot say for sure that the Terminal Server was the point of access, it's a good dang bet. Rhysida works smarter, not harder.<br><br>As usual, the reality of defense is not sexy malware research. It's not breathlessly shouting about patching 0-days. It's the quotidian work of getting the basics right, not taking shortcuts, and making security—across the CIA triad—a budget priority.<br><br>In cultural and educational institutions, it is very common to think of IT systems as an afterthought, or ancillary to the primary mission. These institutions maintain this mentality at their own considerable risk. This extends to the governments and organizations who fund these institutions.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2805661#notice-5565224">In conversation</a><time datetime="2024-03-09T18:52:53+09:00" title="Saturday, 09-Mar-2024 18:52:53 JST">about a year ago</time> <span>from <span><a href="https://infosec.town/notes/9qmda9pwzhpdut5a" rel="external" title="Sent from infosec.town via ActivityPub">infosec.town</a></span></span><a href="https://infosec.town/notes/9qmda9pwzhpdut5a">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Taggart :donor: (mttaggart@infosec.town)'s status on Saturday, 09-Mar-2024 18:52:53 JST Taggart :donor:
in reply to
To Recap

The British Library:

- used unsupported, unpatched software as critical infra
- used multiple IT vendors with varying levels of access
- lacked sufficient in-house staff to coordinate a proper security policy
- lacked resources (or leadership, probably) to appropriately fund an infrastructure refresh program
- launched remote access during COVID WITHOUT MFA

And although we cannot say for sure that the Terminal Server was the point of access, it's a good dang bet. Rhysida works smarter, not harder.

As usual, the reality of defense is not sexy malware research. It's not breathlessly shouting about patching 0-days. It's the quotidian work of getting the basics right, not taking shortcuts, and making security—across the CIA triad—a budget priority.

In cultural and educational institutions, it is very common to think of IT systems as an afterthought, or ancillary to the primary mission. These institutions maintain this mentality at their own considerable risk. This extends to the governments and organizations who fund these institutions.
In conversationabout a year ago from infosec.townpermalink

Public

Embed Notice

HTML Code

Corresponding Notice