Skip to main content

Legal Sector Cyberattack – what has happened?

Last week, a major supplier of IT Services to the Legal Sector suffered a cyberattack which has taken their systems offline. Anywhere between 80 and 200 legal firms have been affected by this, details from the provider in question (www.cts.co.uk) are very light, as they are currently still dealing with the incident. At the time of publication, no time frame for the restoration of services has been provided by CTS. The real-world impact is thousands of house movers have been interrupted and delayed, along with an as-yet-undisclosed impact on other legal matters.

How did the attack occur?

Some versions of a popular IT System, Citrix, have a major flaw, known as ‘Citrix Bleed‘  that enables attackers to gain access to the system. It is there the attacked deployed ransomware and prevented the use of the platform. Following our research it appears that a backup system is not available for use.

I don’t work in the legal sector, or use this provider, do you think I should be concerned?

As the flaw affects some versions of Citrix, and there are known cases of attacks in other businesses, if you or your supply chain use Citrix, it is possible there is a risk to your business.

We recommend you;

  • Verify this with your IT Department or IT Provider, and check that software updates and changes are applied
  • Also ask if they have carried out checks against potential evidence of compromise, as attackers often access systems for months before they carry out an attack

Is there anything we should do to help protect against cyberattacks?

  • A cyberattack is the number one risk to all UK businesses
  • As it’s a business risk, this is a board-level conversation
  • Start by implementing the basics, like the Cyber Essentials scheme
  • Map out the cyber risks your business has, and plan out how best to manage them
  • Always have a verified backup of your business data, keep it separately from your main IT systems, and check it works on a regular basis
  • Test your disaster recovery plans on a regular basis – you don’t want to find they don’t work when you need to use them

The team at Optimising IT are ready to take your call. The industry-leading managed IT support company, offers a diverse range of services, including, Managed IT Services, Microsoft 365, IT Consultancy, Cloud Services and G Cloud. Optimising IT are also B Corp Certified, cyber focussed managed service.

Tel: 01392 642058

Email: [email protected]