27 November 2023

Dozens of UK law firms impacted by attack on IT service provider CTS


Dozens of UK law firms impacted by attack on IT service provider CTS

A cyberattack on a British managed service provider (MSP) for law firms and other organizations in the UK legal sector, has triggered a widespread outage affecting numerous law firms and disrupting property transactions across the country.

In a brief update on its website, CTS said it suffered a cyber-incident and is investigating the attack with the assistance of third-party security experts.

While the company has not disclosed the exact number of impacted customers or the specifics of the attack, media reports suggest a ransomware incident.

Local media reports indicate that between 80 and 200 law firms may have fallen victim to the attack, based on estimates provided by CTS clients.    

Since the onset of the cyberattack, individuals attempting to buy or sell properties have faced significant challenges due to the outages.

It is believed that threat actors targeted the firm through CitrixBleed(CVE-2023-4966), a remote code execution vulnerability in Citrix NetScaler ADC and NetScaler Gateway products. The flaw has been widely exploited by LockBit, a Russian-speaking hacking gang, to gain access to corporate networks.

Last week, the US and Australian security agencies released a joint advisory highlighting IoCs (Indicators of Compromise), TTPs (tactics, techniques, and procedures), and detection methods associated with LockBit ransomware and multiple threat groups exploiting CitrixBleed.

Back to the list

Latest Posts

Cyber Security Week in Review: April 12, 2024

Cyber Security Week in Review: April 12, 2024

In brief: Microsoft and Palo Alto fix zero-days, Sisense suffers data breach, and more.
12 April 2024
TA547 threat actor targets German orgs with Rhadamanthys info-stealer

TA547 threat actor targets German orgs with Rhadamanthys info-stealer

The group appears to have incorporated LLM-generated PowerShell scripts in their attacks.
11 April 2024
Apple enhances spyware threat notifications

Apple enhances spyware threat notifications

The company will alert users who are individually targeted by mercenary spyware attacks.
11 April 2024