CTS, a managed services provider (MSP) for UK law firms, is “urgently investigating” a cyberattack that disrupted its services and could leave hundreds of UK law firms unable to access their case management systems. There is a gender.
of the company announced On Friday, the company said, “We are experiencing a service outage that is impacting some of the services we provide to some of our customers,” and acknowledged that “the outage was caused by a cyber incident.” A British government spokesperson said the government was “closely monitoring the situation at the company.”
Industry News Media Estate Agent Today report CTS was hacked through the CitrixBleed bug, US authorities have warned, which they warn is being exploited by both state-sponsored groups and cybercrime groups.
It is unclear how many of the company’s customers will be affected. report Today’s Conveyancer estimates that between 200 and 80 people “don’t have access to phone, email, or case management systems.”
CTS said it is “working closely with leading global cyber forensics companies to assist in the urgent investigation of the incident and service restoration.”
The company said it was confident it could restore service, but cautioned it could not provide a timeline for “full restoration” and promised to contact affected customers directly.
Recorded Future News did not immediately receive statements from many of the companies that provided the websites. testimony For CTS.
O’Neill Patient, one of the companies that gave evidence, said: “The power outage unfortunately affected our customers, particularly those who were completing new homes.”
“We understand that this is already a stressful time for people, and we are dedicated to doing everything we can to make that happen. We treat every client with individual and individualized needs. We provide support on a case-by-case basis.”
The law firm said its clients’ well-being is its “top priority” and that it would “of course cover reasonable costs for their immediate well-being needs.”
Government failure to regulate MSP security
The hack comes just weeks after the UK government failed to introduce promised legislation that would require MSPs to strengthen their cybersecurity protections.
By not including NIS regulatory updates With the King’s Speech earlier this month, the government likely missed its last chance to introduce legislation before next year’s general election.
MSPs are “an attractive and high-value target for malicious attackers and can be used as transit points by attackers to compromise clients of managed services,” the government warned when announcing the new law. did.
The UK’s CloudHopper campaign resulted in a number of incidents impacting MSPs. to cause From hackers acting on behalf of China’s Ministry of State Security to financially motivated ransomware attacks that have affected MSPs such as Kaseya in the US and NHS provider Advanced in the UK, the latter significantly impact patient careaccording to BBC News.
In pledging to update cybersecurity laws for MSPs, the government said the new law would be introduced “as Parliament’s time permits” and would “protect critical digital services and the outsourced IT providers that keep them running.” We will strengthen it.”
Jonathan Ellison, director of homeland resilience at the National Cyber Security Center, was asked about the government’s failure to bring forward legislation at the start of the agency’s annual review, saying the government remains committed to implementing updates. said.
“But there are many things we can and will continue to do in the meantime,” Ellison said. This includes issuing guidance for MSP customers and providing threat intelligence on threat actors targeting the MSP sector.
Mr Ellison said the government had “a mechanism to drive some of the changes we need to see within the MSP sector without having to update the regulations properly, including the use of government’s own contracted services to improve the security of the sector”. There are other means,” he added. now. “
“All organizations must take action to ensure the security and resilience of their systems,” a government spokesperson told Recorded Future News. “We are working with carriers, regulators and the NCSC to ensure that the set resilience levels are met and that critical sectors across the country have the necessary means to improve their cybersecurity. That’s what I’m trying to do.”
recorded future
intelligence cloud.
There are no past articles
There are no new articles