A disruptive CTS cyberattack has caused significant disruptions across more than 80 UK law firms specializing in real estate. The assault targeted the IT service provider, specifically impacting cloud hosting and solutions for legal entities in the UK and Ireland.
This CTS attack has been associated with the recent string of CitrixBleed attacks, reportedly attributed to the notorious LockBit ransomware group. In response to the severity of the situation, CTS issued an official update titled “Update on Service Outage” on its website.
According to the company’s disclosure, a “cyber-incident” triggered a service outage that affected a segment of its client services.
CTS is an IT services company specializing in providing tailored solutions for the legal sector, with a focus on maximizing efficiency, productivity, and risk management for law firms and barristers’ chambers in the UK and Ireland.
CTS Cyberattack, Service Outage and Investigation
Immediate action is being taken as CTS collaborates with a leading global cyber forensics firm to conduct an urgent investigation into the CTS service outage and facilitate service restoration.
The organization’s official statement statement, “We are working closely with a leading global cyber forensics firm to help us with an urgent investigation into the incident and to assist us in service restoration.”
The company is diligently working around the clock with third-party experts to rectify the situation. Despite their confidence in restoring services, a precise timeline for full restoration remains elusive.
“We will continue to communicate directly with those of our clients which are impacted by the service outage, providing regular updates on the status of our work to restore services and our investigations into the incident”, concludes the statement.
The ramifications of the CTS service outage extend beyond the company itself. House sales and purchases across the UK, involving numerous conveyancing firms, have experienced disruptions.
Up to 200 law firms relying on CTS services find themselves unable to access crucial systems, hindering the progression of property transactions.
Statements from the affected law firms, including O’Neill Patient, Talbots Law, and Taylor Rose MW, confirm the widespread impact of the technical outage within the legal sector. The CTS cyberattack poses a threat to the timely completion of exchanges and transactions scheduled for the day.
The Citrix Bleed vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Multi-State Information Sharing & Analysis Center (MS-ISAC), and the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) have jointly released a Cybersecurity Advisory (CSA) over the Citrix Bleed vulnerability.
This advisory disseminates Indicators of Compromise (IOCs), Tactics, Techniques, and Procedures (TTPs), and detection methods associated with LockBit 3.0 ransomware exploiting CVE-2023-4966, known as Citrix Bleed.
The advisory reveals that Citrix Bleed enables threat actors to bypass password requirements and multifactor authentication, leading to successful session hijacking of legitimate user sessions on Citrix NetScaler web application delivery control (ADC) and Gateway appliances.
This, in turn, grants malicious actors elevated permissions to harvest credentials, move laterally, and access sensitive data and resources.
Moreover, the CTS cyberattack, attributed to the CitrixBleed attacks, has already caused service outages, affecting property transactions for numerous UK law firms, impacting services.
The Cyber Express continues to monitor developments in this story closely. We will update this post once we have more information on the cyberattack and its restoration process.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.