Supply Chain Attack On British Law Firms

Uploaded on 2023-11-29 in FREE TO VIEW, BUSINESS-Services-Law, BUSINESS-Services-IT & Telecoms

A specialist Managed Service Provider (MSP) for UK law firms is “urgently investigating” a cyber attack that has disrupted its services, potentially leaving hundreds of UK law firms and home buyers unable to access their case management systems.  The UK government is “closely monitoring the company’s situation,” according to a government spokesperson.

The firm, CTS, has said that it was “experiencing a service outage which has impacted a portion of the services we deliver to some of our clients,” and confirmed “the outage was caused by a cyber-incident.”

Industry journal Estate Agent Today has said that CTS was hacked through the CitrixBleed bug which US officials have warned is being used by both state-sponsored and cyber criminals. It is estimated that as many as 200 firms  were left unable to access phone, emails, or case management systems.

CTS said it was “working closely with a leading global cyber forensics firm to help us with an urgent investigation into the incident and to assist us in service restoration.” but could not give a timeline for “full restoration,” and promised to communicate directly with the clients who were affected. 

Leading UK-based law firms, including O’Neill Patient, Talbots Law and Taylor Rose MW, have issued statements informing customers that they are “currently experiencing service difficulties due to a technical outage affecting multiple organisations within the legal sector.”

This incident comes just a few weeks after the British government failed to introduce promised legislation that would require MSPs to increase their cybersecurity protections.

MSPs are “an attractive and high value target for malicious threat actors, and can be used as staging points through which threat actors can compromise the clients of those managed services,” the government had stated when it originally announced the legislation.

CTS:   Estate Agency Today:   Todays Conveyancer:    Infosecurity Magazine:   The Record:  

Bleeping Computer:

Image: Erik Mclean

You Might Also Read: 

Global Law Firm Breached & Data Stolen:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Spy Agencies Are Hiring Via LinkedIn
Attack On Denmark's Critical Infrastructure »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

InfoSec People

InfoSec People

InfoSec People is a boutique cyber and technology recruitment consultancy, built by genuine experts.

Asavie

Asavie

Asavie provide solutions for Enterprise Mobility Management and secure IoT Connectivity.

Intercede

Intercede

Intercede is a cybersecurity company specializing in digital identities, derived credentials and access control, enabling digital trust in a mobile world.

Mi-Token

Mi-Token

Mi-Token is an advanced two-factor authentication solution that offers unparalleled security, flexibility, cost-effectiveness and ease of use.

Axis Capital

Axis Capital

AXIS Insurance’s Professional Lines Division is a leading underwriter of technology/cyber coverage and other specialty products around the globe.

Serverless Computing

Serverless Computing

Serverless Computing London will help architects, developers and CIOs decide on the best path to a more efficient, scalable and secure computing future.

CloudMask

CloudMask

CloudMask patent technology provides Dynamic Data Masking (DDM) that masks sensitive data, structured or non-structured, in real-time.

PT Netmarks Indonesia

PT Netmarks Indonesia

PT Netmarks Indonesia is an IT solutions provider offering services related to ICT infrastructure, digital transformation and cyber security.

PROOF

PROOF

PROOF is a Brazilian leader in cybersecurity. Our goal is to assist our Customers in managing security efficiently and in tune with business needs.

Marcus Donald People

Marcus Donald People

Marcus Donald People is a UK IT recruitment specialist covering the following sectors: Infrastructure & Cloud, Information Security, Development, Business transformation.

GlobalPass

GlobalPass

Covering 200+ countries with 78 000 databases, GlobalPass provides sophisticated facial biometrics verification and deep screening, delivering peace of mind to every client.

Cyrebro

Cyrebro

CYREBRO is your online cybersecurity central command managed SOC that integrates all your security events with strategic monitoring, proactive threat intelligence, and rapid incident response.

Dope Security

Dope Security

Dope Security is a fly-direct Secure Web Gateway that eliminates the data center stopover architecture required by legacy providers, instead performing security directly on the endpoint.

Arcserve

Arcserve

Defend your data with Arcserve all-in-one data protection and management solutions designed to be the right fit for your business, regardless of size or complexity.

Codenotary

Codenotary

Codenotary provide a comprehensive suite of verification and enforcement services to guarantee the integrity of your software throughout its entire lifecycle.

Alset Technologies

Alset Technologies

Alset Technologies provides DASH - a comprehensive solution to DISA STIG (Security Technical Implementation Guide) compliance.