Last week’s cyber attack on CTS, a prominent Managed Service Provider (MSP) in the UK legal sector, has sent shockwaves through the legal and conveyancing industry. This attack, which resulted in a major outage affecting numerous law firms and their clients, highlights the critical need for MSPs to protect against known vulnerabilities. CTS, who are a leading MSP providing cloud space and IT systems, experienced a significant outage impacting approximately 40% of its clients, including major law firms like O’Neill Patient, Talbots Law, and Taylor Rose MW. The outage has disrupted the house sales and purchase processes across the UK, causing delays and financial losses for those involved.
The attack, believed to be exploiting a flaw in the Citrix software used by CTS, is attributed to the “CitrixBleed” bug. This vulnerability has been exploited by the Russian-speaking hacking group LockBit, as reported by the US Cybersecurity and Infrastructure Security Agency (CISA). LockBit’s modus operandi involves freezing access to critical data and threatening to publish it unless a ransom is paid.
The Citrix Bleed Vulnerability is a critical bug, known as CVE 2023-4966, is found in the NetScaler Web application delivery control (ADC) and NetScaler Gateway appliances. It allows threat actors to bypass password requirements and multifactor authentication, leading to successful session hijacking of legitimate user sessions. This takeover grants malicious actors elevated permissions, enabling them to harvest credentials, move laterally within the network, and access sensitive data and resources.
Views: 1
