Major Cyber Attack on an MSP Shakes the UK Legal Sector 

Major Cyber Attack on an MSP Shakes the UK Legal Sector 

CTS, a UK-based MSP (Managed Service Provider) suffered a significant cyber-attack this past week which has led to a widespread outage among its customer base who are primarily UK Law Firms, putting the data of an unknown number of clients/people throughout the country at risk and halting the ability of some firms to conduct their client’s business.

This incident has severely impacted numerous law firms across the country, conveyancers, and homebuyers, highlighting the vulnerability of critical legal services to digital threats. CTS has acknowledged the cyber incident and said that they are working urgently with a global cyber forensics firm to investigate the source of the attack and restore services. However, the exact nature of the attack and the number of affected customers remain undisclosed (reports indicate that approximately 80-200 law firms could be impacted), with early indications pointing towards a ransomware attack.

What effect has this had?

For customers of CTS, the implications of this attack are far-reaching, with numerous knock-on effects throughout the supply chain. Reports have noted that property transactions have been significantly impacted, causing distress among buyers and sellers due to delayed or failed completions. On top of this, news outlets and social media platforms are seeing a significant increase in buyers voicing their frustrations over the lack of updates and transparency from CTS who, as of the time of writing this article, do not have an official statement on their home page (it is instead accessible as a link on subpages of their site), the statement is brief and does not communicate the extent of the attack, and are yet still promoting their Cyber Security services for law firms.

The incident has raised significant concerns about the cyber security services employed by the company, who state that they do offer Managed Detection & Response (MDR), a solution that we offer to our own clients at TwentyFour, however they do not promote heightened protection solutions such as a 24/7 Security Operations Centre (SOC) with active threat hunting. At TwentyFour we have our own 24/7 Cyber Security Operations Centre (SOC) which proactively monitors our own, and our customers, digital estates and actively hunts out and protects against potential threats and vulnerabilities, notably preventing threats in under.

What does this say for the future of CTS and other MSP's?

The UK's National Cyber Security Centre (NCSC) has, for the past number of months, been warning of the increased attack surface associated with MSPs who may not have an appropriately significant high level of cyber protection and active threat hunting solution(s) in place, to protect against potential threats that could put their customers’ data at risk.

For CTS, and any MSP similarly caught, the fallout from this cyber-attack could go far beyond legal ramifications associated with the attack, possible regulatory fines, and loss of service and custom - it poses a serious threat to its ongoing reputation within the industry. As a provider of IT services, including “cyber-attack detection and response”, the company is expected to maintain high standards of digital security both for itself as well as for its clients. 

The failure to prevent such an attack on its own business not only undermines confidence in CTS' solutions and capabilities but raises questions about the overall security posture of its customers against similar attacks. This serves as a stark reminder of the need for continuous vigilance and investment in cyber security, the need for ongoing continuous assessments, and the need for 24/7 Active Security Monitoring by Cyber Professionals, not just for individual legal firms and their supply chain, but across the entire business landscape.

What needs to be done?

This incident highlights the critical need for robust cyber security strategies, especially for service providers such as ourselves, who are responsible for the security and protection of data of hundreds of customers and many thousands of individuals throughout the UK and other parts of the world.

This situation brings to mind a number of strands of logical implications for the technological world that is evolving before our eyes.  At TwentyFour, we regularly publish articles and blogs exploring these issues, recommendations, advice and more, and will continue to explore the fallout from the ongoing war that is within the cyber threat landscape. Note though, that all is not doom and gloom, there is much that can be done to protect your business against evolving threats; the first step is recognising that we are not as secure as we think.

All MSPs, behemoth to small, avoid the urge to indulge in schadenfreude around CTS’ discomfort.  We should all consider how it could as easily be any of us, although it is up to us, individually, to ensure we are each doing as much as we can to keep up to date with the cyber threat landscape and provide the best shield services we can, to both ourselves and our clients.  One fallout from this incident could be a loss of faith in our industry as a whole, which is not good news for the general industrial landscape, which needs to be protected against the more than 500,000 new cyber threats which are discovered daily, and the estimated 2.39 million cyber attacks that UK businesses have faced over the past 12 months.

What can be done, on a positive note:

At TwentyFour IT Services we offer every business a FREE Cyber Security Health Assessment to see if they are following the best practices to deliver a comprehensive cyber security strategy appropriate to them. We will educate them on the solutions and services available, explain their advantages and build tailored solutions to suit their needs.

If you would like to get a FREE Cyber Health Assessment, fill out your details in the form below and one of our Cyber Professionals will be in touch to work with you to help you understand your cyber security protection level.