APPARENT CYBERATTACK HITS MSP NETSTANDARD

A Kansas-based managed service provider appears to have recovered after suffering from an apparent cyberattack that forced the company to take its website down.

That MSP, Overland Park, Kansas-based NetStandard, Wednesday posted a notice to its users that was then released by someone on Reddit saying that it received signs of a cybersecurity attack on its MyAppsAnywhere environment at about 11:30 a.m. CDT on Wednesday.

MyAppsAnywhere is an integrated suite of cloud-based hosted services including Dynamics GP, CRM, Exchange, and SharePoint.

[Related: KASEYA RANSOMWARE: 8 THINGS LEARNED FROM THE DOJ, FBI]

Details about the cybersecurity attack on NetStandard have at press time yet to be released. However, there was speculation online that a Russian-language posting from a threat actor looking for partners to conduct an attack on an MSP could be related to the NetStandard attack. 

ADVERTISEMENT 

In the Russian notice, posted by Huntress Lab CEO Kyle Hanslovan, the threat actor claimed to have access to an MSP panel of 50-plus U.S. companies in the same approximate time zone, over 100 ESXi servers, and over 1,000 servers.

However, a Huntress spokesperson told CRN via email that there is no evidence the two are related.

Cybersecurity attacks on MSPs has become a serious issue given that MSPs have access to their clients’ IT infrastructure, as shown by the Kaseya security breach which saw ransomware attacks against 40 Kaseya MSP partners. While some MSPs paid the ransom, Kaseya worked with the FBI to recover some of the paid ransom. 

News of the NetStandard cybersecurity attack was first published by security news website Bleeping Computer.

NetStandard did not respond to a CRN request for more information by press time.

However, the company described the attack in a notice to users that was re-posted on Reddit that read:

“As of approximately 11:30 AM CDT July 26, NetStandard identified signs of a cybersecurity attack within the MyAppsAnywhere environment. Our team of engineers has been engaged on an active incident bridge ever since working to isolate the threat and minimize impact.

“MyAppsAnywhere services, which include Hosted GP, Hosted CRM, Hosted Exchange, and Hosted SharePoint, will be offline until further notice.

“No other services from NetStandard have been impacted at this time.

“At this point, no additional information on the extent of the impact nor time to resolution can be provided. We are engaged with our cybersecurity insurance vendor to identify the source of the attack and determine when the environment can be safely brought back online.”

Leave a Reply

Your email address will not be published.