CTS, a managed service provider (MSP) catering to UK law firms, is currently grappling with a cyberattack, leading to disruptions in their services. The incident potentially impacts numerous British law firms, hindering access to crucial case management systems.
The company confirmed the cyber incident, prompting an urgent investigation into the service outage affecting a portion of their clientele. Reports suggest the breach occurred through the CitrixBleed bug, a vulnerability exploited by cybercriminal and state-sponsored groups, causing disruptions in phone, email, and case management systems for the affected law firms.
CTS is collaborating with a global cyber forensics firm to conduct an urgent investigation and restore services. Although the company is confident about service restoration, they cautioned about an uncertain timeline for full restoration. Direct communication channels have been promised to update affected clients.
This incident follows the UK government’s delay in implementing legislation mandating heightened cybersecurity for MSPs. The postponement raises concerns about vulnerabilities in MSP security, despite their role as potential targets for cyber threats. The government, while committed to updating cybersecurity laws for MSPs, has yet to fulfill this promise, citing other measures to enhance sector security in the interim.
The National Cyber Security Centre’s ongoing efforts include releasing guidance for MSP customers and providing threat intelligence, emphasizing the government’s commitment to bolstering cybersecurity within the MSP sector. Despite inquiries, government representatives have not provided immediate responses, reiterating their dedication to fortifying UK cyber resilience.
