Last Wednesday, November 22, hackers attacked the company CTS, the largest supplier of managed IT services in the UK. The incident led to serious malfunctions in the work of many legal offices and undermined the process of sale of real estate throughout the country.
On Friday, representatives from CTS spoke out about the interruptions in their services caused by cyber attacks. They stated, “We are faced with interruptions in the work of a number of services provided to some of our customers. The cause of the failures was cyber attacks” (source).
Efforts are already underway to restore the damaged infrastructure, but it is uncertain when the systems will be fully operational again. The affected customers have been informed about the threat through special communication channels.
While there is no official data on the number of victims, preliminary estimates suggest that between 80 to 200 companies were affected. Media reports were based on messages from affected customers (source).
O’Neil Patient, a partner company, announced that the interruptions had affected numerous organizations in the industry. The company stated, “our provider specializes in information security systems for law offices and lawyers” (source).
Details about the nature of the attack and specific CTS services impacted have not been disclosed. However, researchers believe there are indications of extortion involved in the cyber attacks.
Interestingly, one of the services provided by CTS to its customers is cyber protection, which includes incident detection and response, email and corporate network support, and employee training.
The UK National Computer Security Center (NCSC) had previously cautioned about the increased risk of cyber attacks when working with MSP providers like CTS.
According to NCSC, “attackers in such attacks are based on long-known methods, which practically do not change since 2017, when they were described for the first time by PwC. We expect that this type of cyberosis will develop further.”
CTS has not provided any additional details about the attack. The investigation is ongoing.