Mike Redwood

Columnist

International Leather Maker


One of my most enjoyable duties over the past two decades has been as a Trustee of the Leather Conservation Centre. It is a charity based in the English Midlands and dedicated to improving the science and skills of caring for historic objects made of leather. The centre’s work involves research, education and utilising best practice in its specialist conservation facilities.

A few years ago, a fellow Trustee, who was Head of Conservation at the British Library, persuaded me to join the library and make better use of its facilities in London, including a members lounge that was routinely busy with budding and famous writers working on their latest projects.

The British Library holds over 14 million books and manuscripts from the last 1,200 years and has teams of experts to help writers and researchers dig through them for relevant material. Both in-person and online, authors, journalists and researchers from around the world make use of the library. That is until one month ago when everything came to a temporary halt.

I learned of this last week when I received an email telling me my email access had been compromised, and if I used the same password elsewhere to hurry up and change it. On October 31, the British Library had suffered a major cyber attack and large amounts of data had been stolen. The website was shut down and other services such as on-site Wi-Fi were unavailable. If the library sent huge amounts of Bitcoin to the hackers, they might get the data and access back. Apparently, the organisation has not paid as the data, mostly personnel data, has now been put up for sale on the dark web. Step by step, over the coming few months, things will return to normal and staff will need to individually protect their identities.

City of Gondomar

The ransom sought was about £600,000 (US$761,535). This is about the same as the €750,000 demanded of the city of Gondomar in Portugal a month earlier by the same attackers –Rhysida. Like the British Library, they did not pay and instead have racked up costs of nearly €2 million sorting it out – which will not be complete until the New Year – and many more millions in the costs associated with the loss of systems and having to do everything on pen and paper. Governments and police object to paying and those who do usually find the returned data costly to reinstate.

We’ve heard similar stories about a university in Scotland, the Chilean Army, an American hospital in New Jersey, Kuwait’s Ministry of Finance and even the Chinese state-owned energy conglomerate China Energy Engineering Corporation, all of whom Rhysida claims to have breached. This new ransomware variant has predominately been deployed against the education, healthcare, manufacturing, information technology and government sectors since May 2023.

Targets of opportunity

Rhysida is named after a type of centipede and a typical infection occurs after a phishing attack and have also been detected hacking into external-facing remote services such as VPNs. Organisations without multi-factor authentication (MFA) in wide use are the most vulnerable to these attacks. As most organisations hit by this form of attack try and keep it quiet, the list of known Rhysida attacks suggests that they have done considerable damage in just six months.

We know that high-profile companies hit by cyber attacks in recent years include JBS and Under Armour, but in many countries reports indicate over 40% of SMEs suffered some form of attack in the last year. These can be very disruptive. A plant hire business near where I live lost £3 million (US$3.8 million) in a single banking scam and there are several stories circulating in the leather industry of interrupted business.

Companies might find data lost through attacks on service providers such as Dropbox or those who host their websites. It is such a lucrative area of criminal activity that every possible method is being exploited. At a time when trade is difficult and not all leather businesses have strong cash reserves, such attacks can tip a business into closure. The time and cost of recovery becomes too daunting.

Although we support the opportunities of the digital world to improve communications with customers, increase productivity and create opportunities of direct sales to consumers, we should never overlook its pitfalls. Businesses must ensure they are keeping their systems and security software up to date, training vulnerable employees on how to avoid phishing and staying informed on the best ways to protect data and access, such as MFA, password policies, user access control and more. It is a dangerous world.


mike@internationalleathermaker.com

Follow Dr Mike Redwood on Twitter: @michaelredwood

Publication and Copyright of “Redwood Comment” remains with the publishers of International Leather Maker. The articles cannot be reproduced in any way without the express permission of the publisher.