Supply Chain Attack On British Law Firms

A specialist Managed Service Provider (MSP) for UK law firms is “urgently investigating” a cyber attack that has disrupted its services, potentially leaving hundreds of UK law firms and home buyers unable to access their case management systems.  The UK government is “closely monitoring the company’s situation,” according to a government spokesperson.

The firm, CTS, has said that it was “experiencing a service outage which has impacted a portion of the services we deliver to some of our clients,” and confirmed “the outage was caused by a cyber-incident.”

Industry journal Estate Agent Today has said that CTS was hacked through the CitrixBleed bug which US officials have warned is being used by both state-sponsored and cyber criminals. It is estimated that as many as 200 firms  were left unable to access phone, emails, or case management systems.

CTS said it was “working closely with a leading global cyber forensics firm to help us with an urgent investigation into the incident and to assist us in service restoration.” but could not give a timeline for “full restoration,” and promised to communicate directly with the clients who were affected. 

Leading UK-based law firms, including O’Neill Patient, Talbots Law and Taylor Rose MW, have issued statements informing customers that they are “currently experiencing service difficulties due to a technical outage affecting multiple organisations within the legal sector.”

This incident comes just a few weeks after the British government failed to introduce promised legislation that would require MSPs to increase their cybersecurity protections.

MSPs are “an attractive and high value target for malicious threat actors, and can be used as staging points through which threat actors can compromise the clients of those managed services,” the government had stated when it originally announced the legislation.

CTS:   Estate Agency Today:   Todays Conveyancer:    Infosecurity Magazine:   The Record:  

Bleeping Computer:

Image: Erik Mclean

You Might Also Read: 

Global Law Firm Breached & Data Stolen:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible



 

« Spy Agencies Are Hiring Via LinkedIn
Attack On Denmark's Critical Infrastructure »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ZeroFox

ZeroFox

ZeroFox safeguards modern organizations from dynamic security risks across social, mobile, surface, deep and dark web, email and collaboration platforms.

mmCERT

mmCERT

mmCERT is the national Computer Emergency Response Team for Myanmar.

Thinklogical

Thinklogical

Thinklogical manufactures secure, KVM, video, audio, and computer peripheral signal switching solutions for defence C4ISR applications.

TCN

TCN

TCN is an advanced System Integrator and Infrastructure Company in Albania.

CipherTrace

CipherTrace

CipherTrace develops cryptocurrency Anti-Money Laundering, cryptocurrency forensics, and blockchain threat intelligence solutions.

National Cybersecurity Preparedness Consortium (NCPC)

National Cybersecurity Preparedness Consortium (NCPC)

The mission of the NCPC is to provide research-based, cybersecurity-related training, exercises and technical assistance to local jurisdictions, counties, states and the private sector.

DarkOwl

DarkOwl

DarkOwl provides the world’s largest index of darknet content and the tools to efficiently find leaked or otherwise compromised sensitive data.

Hudson Cybertec

Hudson Cybertec

Hudson Cybertec are an internationally recognized Subject Matter Expert for cyber security in the Industrial Automation & Control Systems (IACS) domain.

Cyber Security Operations Consulting (CyberSecOp)

Cyber Security Operations Consulting (CyberSecOp)

CyberSecOp is an ISO 27001 Certified Organization which provides cyber security operations services and risk management consulting.

MVP Tech

MVP Tech

MVP Tech designs and deploys next generation infrastructures where Security and Technology converge.

Have I Been Pwned (HIBP)

Have I Been Pwned (HIBP)

Have I Been Pwned is a free resource for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or "pwned" in a data breach.

TwoThreeFour

TwoThreeFour

ThreeTwoFour provide tailored cyber security solutions, delivered by highly-skilled, experienced consultants who respond to the real needs of you and your business.

CyberUp

CyberUp

CyberUp is a nonprofit organization created to strengthen the cybersecurity workforce. We help employers reimagine how they grow and scale their cybersecurity workforce.

Velum Labs

Velum Labs

Velum Labs is a cyber intelligence company that provides simple and non-intrusive, cloud and cyber intelligence solutions; built from a market-leading understanding of cyber-attack methodology.

Hetz Ventures

Hetz Ventures

Hetz Ventures is a global-facing VC investing in highly talented and ambitious Israeli founders who operate at the cutting edge of deep technology.

Zeron

Zeron

Zeron build bridges between security teams and top management. Our platform unifies your cyber risk posture seamlessly, encompassing threat insights and quantifiable risk scenarios.