Unravelling the CTS Managed Systems Cyber Attack: Lessons Learned and Future Resilience 


In the dynamic sphere of cyber security, businesses and organisations are grappling with the increasing sophistication of cyber threats. One recent incident that has caused disruption to the UK market was that of the managed service provider CTS. Following the attack, 80 Legal Conveyancing firms were affected to varying degrees, and there will be unrealised financial losses for potential homebuyers who were caught up in the disruption. 

Background of the CTS Managed Systems Cyber Attack 
CTS Managed Systems, a prominent provider of IT services to legal conveyancers, recently fell victim to a sophisticated cyber-attack that compromised sensitive data and disrupted critical operations. The attackers targeted vulnerabilities in the company’s systems, highlighting the importance of proactive cyber security measures and the constant need for vigilance in an interconnected digital environment. The attack is said to have caused full or partial loss of service to 80 customers and lasted 38 calendar days. On the 29th of December, the company notified the public that affected systems had been restored.  

Attack Vector and Methods 
While the specifics of the attack may vary, early reports indicate a connection between the CTS Managed Systems breach and a recently identified vulnerability in Citrix NetScaler Gateways dubbed CitrixBleed. Once an attacker has gained a foothold by exploiting this vulnerability, attackers will then increase their access by gathering sensitive credentials like admin credentials and then move onto sensitive data and key systems and encrypting data which they would then hold to ransom for a payout. In the process causing operational issues for those who have had their systems breached. 

Impact on Business Operations 
The consequences of the CTS Managed Systems cyber-attack were far-reaching. The primary users of CTS, housing conveyancer firms, faced significant challenges with some reporting complete loss of access to all systems. Others encountered delays as a result of partial system loss. The knock-on effect inevitably prolonged the time taken to either complete a housing transaction, and in some cases, may have even caused a sale to fall through. 

Lessons Learned
Regular Security Audits and Vulnerability Assessments: Conducting regular security audits and vulnerability assessments can help organisations identify and address potential weaknesses in their systems. This proactive approach is crucial in preventing cyber attacks before they occur. 

Patch Management: Timely patching of software and systems is a critical defence against cyber threats. This incident underscores the importance of promptly addressing vulnerabilities to prevent exploitation by malicious actors. Based on industry best practice Critical and High Risk Vulnerabilities should be patched within 14 days of official disclosure, the reported initial point of access was originally disclosed back on October 10th.

Incident Response and Recovery Planning: Every organisation should have a robust incident response and recovery plan in place. Where you also have a third-party supporting IT Services its recommended that you plan and test disaster recovery protocols to ensure that business functions can continue in the wake of a cyber-attack. 

Verifying Resilience within your supply chain: When establishing partnerships, it is crucial to assess the risks within your supply chain to guarantee resilience. By implementing a sound security strategy, your business can either avoid or swiftly recover from a cyber-attack.  Norm suggests undergoing Cyber Essentials and Cyber Essentials Plus assessments. These certifications showcase to key stakeholders that you are committed to adhering to industry best practices and having robust IT policies and procedures when it comes to cyber security. 

Looking Ahead
Building Cyber Resilience: In the aftermath of the CTS Managed Systems cyber attack, businesses should reassess and fortify their cyber security postures. This involves not only incorporating the latest technologies, but also instilling a culture of cyber resilience. Seeking external consultancy from MSSP’s such as NormCyber can offer a fresh perspective on the evolving threat landscape, ensuring identification and mitigation of any vulnerabilities. 

Impact and real-world cost:  When multiplied across 80 customers, such incidents can quickly become a very costly reminder, as evidenced by a notable conveyancing case which reported costs of £7million to resolve the breach.

The CTS Managed Systems cyber attack serves as a stark reminder of the persistent and evolving nature of cyber threats and the far-reaching consequences they have. Individuals face potential life-altering situations, such as losing a dream home or being at risk of foreclosure due to a failed sale, whilst businesses may simply never recover. It is imperative that businesses strive to improve their cyber resilience, particularly those critical to the economy, such as national infrastructure, housing, councils, and local government bodies. 

To book a complimentary cyber security consultation to and get your questions answered, please contact info@normcyber.com. We would be happy to help. 

Image 7 removebg preview photoroom

Written by AJ Makwana
AJ holds the position of Focal Analyst at NormCyber, where he provides expert guidance to clients seeking to enhance their cyber resilience. With a foundation rooted in IT and Infosec roles within the managed services sector, he draws on his experience to oversee a diverse portfolio of customers.