Third-party breach impacts UK law firms

Eighty to 200 law firms across the UK may have their phone, email, and case management systems inaccessible following a cyberattack against managed service provider CTS that involved the exploitation of the Citrix Bleed vulnerability, reports The Record, a news site by cybersecurity firm Recorded Future. CTS has already launched an investigation into the incident and assured that impacted services would be restored although a specific timeline has not been provided. Such an attack, which a UK government spokesperson noted is already being monitored closely, follows the UK's failure to introduce a measure that would have mandated more robust cybersecurity protections for MSPs. The UK previously noted MSPs as an "attractive and high value target" for cybercriminals as they "can be used as staging points through which threat actors can compromise the clients of those managed services." Despite the failure to advance the legislation, National Cyber Security Centre Director for National Resilience Jonathon Ellison said that the UK remains committed to such a law.