Supply Chain Attack On British Law Firms

Uploaded on 2023-11-29 in FREE TO VIEW, BUSINESS-Services-Law, BUSINESS-Services-IT & Telecoms

A specialist Managed Service Provider (MSP) for UK law firms is “urgently investigating” a cyber attack that has disrupted its services, potentially leaving hundreds of UK law firms and home buyers unable to access their case management systems.  The UK government is “closely monitoring the company’s situation,” according to a government spokesperson.

The firm, CTS, has said that it was “experiencing a service outage which has impacted a portion of the services we deliver to some of our clients,” and confirmed “the outage was caused by a cyber-incident.”

Industry journal Estate Agent Today has said that CTS was hacked through the CitrixBleed bug which US officials have warned is being used by both state-sponsored and cyber criminals. It is estimated that as many as 200 firms  were left unable to access phone, emails, or case management systems.

CTS said it was “working closely with a leading global cyber forensics firm to help us with an urgent investigation into the incident and to assist us in service restoration.” but could not give a timeline for “full restoration,” and promised to communicate directly with the clients who were affected. 

Leading UK-based law firms, including O’Neill Patient, Talbots Law and Taylor Rose MW, have issued statements informing customers that they are “currently experiencing service difficulties due to a technical outage affecting multiple organisations within the legal sector.”

This incident comes just a few weeks after the British government failed to introduce promised legislation that would require MSPs to increase their cybersecurity protections.

MSPs are “an attractive and high value target for malicious threat actors, and can be used as staging points through which threat actors can compromise the clients of those managed services,” the government had stated when it originally announced the legislation.

CTS:   Estate Agency Today:   Todays Conveyancer:    Infosecurity Magazine:   The Record:  

Bleeping Computer:

Image: Erik Mclean

You Might Also Read: 

Global Law Firm Breached & Data Stolen:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Spy Agencies Are Hiring Via LinkedIn
Attack On Denmark's Critical Infrastructure »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CIO

CIO

CIO provides technology and business leaders with insight and analysis on information technology trends

Daon

Daon

Daon offers a universal biometric authentication platform for mobile devices.

Mondo

Mondo

Mondo is the largest national staffing agency specializing exclusively in high-end, niche IT, Tech, and Digital Marketing talent. Areas of expertise include Cybersecurity.

Innotec Security

Innotec Security

Innotec Security is a Spanish company specializing in cybersecurity-as-a-service, cyber resilience and cyber risk management.

Nucleon

Nucleon

Nucleon enables cybersecurity tools, organizations and software developers to become proactive by blocking threats before they become breaches.

Corrata

Corrata

Corrata is an award-winning provider of mobile security and data control solutions for enterprises.

Cyber Threat Defense (CT Defense)

Cyber Threat Defense (CT Defense)

CT Defense specialize in penetration testing and security assessments.

SOC Experts

SOC Experts

SOC Experts is a pioneer (we started SOC training well before people realized how big the domain was going to be) and the only institution to provide end-to-end training on Security Operations Centers

Aurora Systems Consulting

Aurora Systems Consulting

Aurora is a Cybersecurity solutions provider with a portfolio consisting of security consulting, products and services that proactively prevent, secure and manage advanced threats and malware.

Security Risk Management (SRM)

Security Risk Management (SRM)

SRM provide a comprehensive security risk management service encompassing people, processes, technology, governance, compliance and risk management.

Ciphertex Data Security

Ciphertex Data Security

Ciphertex is a leading data security company that specializes in portable data encryption and privacy protection storage systems.

Aembit

Aembit

Aembit is the Identity Platform that lets DevOps and Security manage, enforce, and audit access between federated workloads

PatchAdvisor

PatchAdvisor

PatchAdvisor core services include Vulnerability Assessments/Penetration Testing, Application Vulnerability Assessments, and Incident Response.

Cranium

Cranium

AI is being implemented into every business process, but nobody knows whether their AI is secure. Our mission is to deliver security and trust to the AI revolution.

Sri Lanka CERT

Sri Lanka CERT

Sri Lanka CERT is the National Centre for Cyber Security, which has the national responsibility of protecting the nation’s cyberspace from cyber threats.

Secolve

Secolve

Secolve is Australia’s next generation OT specialist cyber security firm, working with key industries to protect the nation’s critical infrastructure.