Apparent Cyberattack Hits MSP NetStandard
NetStandard reported a cyberattack on some of its hosted services to its customers, one of whom seems to have posted the company’s notice on Reddit. However, details are sparse, and the MSP is staying silent on the issue. The firm’s website appears to be back online now.
A Kansas-based managed service provider appears to have recovered after suffering from an apparent cyberattack that forced the company to take its website down.
That MSP, Overland Park, Kansas-based NetStandard, Wednesday posted a notice to its users that was then released by someone on Reddit saying that it received signs of a cybersecurity attack on its MyAppsAnywhere environment at about 11:30 a.m. CDT on Wednesday.
MyAppsAnywhere is an integrated suite of cloud-based hosted services including Dynamics GP, CRM, Exchange, and SharePoint.
[Related: KASEYA RANSOMWARE: 8 THINGS LEARNED FROM THE DOJ, FBI]
Details about the cybersecurity attack on NetStandard have at press time yet to be released. However, there was speculation online that a Russian-language posting from a threat actor looking for partners to conduct an attack on an MSP could be related to the NetStandard attack.
In the Russian notice, posted by Huntress Lab CEO Kyle Hanslovan, the threat actor claimed to have access to an MSP panel of 50-plus U.S. companies in the same approximate time zone, over 100 ESXi servers, and over 1,000 servers.
However, a Huntress spokesperson told CRN via email that there is no evidence the two are related.
Cybersecurity attacks on MSPs has become a serious issue given that MSPs have access to their clients’ IT infrastructure, as shown by the Kaseya security breach which saw ransomware attacks against 40 Kaseya MSP partners. While some MSPs paid the ransom, Kaseya worked with the FBI to recover some of the paid ransom.
News of the NetStandard cybersecurity attack was first published by security news website Bleeping Computer.
NetStandard did not respond to a CRN request for more information by press time.
However, the company described the attack in a notice to users that was re-posted on Reddit that read:
“As of approximately 11:30 AM CDT July 26, NetStandard identified signs of a cybersecurity attack within the MyAppsAnywhere environment. Our team of engineers has been engaged on an active incident bridge ever since working to isolate the threat and minimize impact.
“MyAppsAnywhere services, which include Hosted GP, Hosted CRM, Hosted Exchange, and Hosted SharePoint, will be offline until further notice.
“No other services from NetStandard have been impacted at this time.
“At this point, no additional information on the extent of the impact nor time to resolution can be provided. We are engaged with our cybersecurity insurance vendor to identify the source of the attack and determine when the environment can be safely brought back online.”
As of Thursday morning, the NetStandard website was down and replaced by an “Error 526 Invalid SSL certificate” notification. However, by Thursday afternoon, the website was live again.
Other MSPs told CRN that security issues can happen, and that it is important to be proactive in implementing security measures and be prepared to respond if an attack happens.
Seeing a fellow MSP attacked is an opportunity to reflect on one’s own situation, said Dustin Bolander, CIO, partner, and founder of Clear Guidance Partners, an Austin, Texas-based MSP.
“Every time it hits home,” Bolander told CRN. “That could be me next time.”
Mark Essayian, president of Lake Forest, Calif.-based MSP KME Systems, told CRN via text wonders that his biggest fear as an MSP is being unprepared for what he doesn’t know.
“We genuinely are constantly doing our best, but it’s not always enough,” Essayian said. “We are pilots of a jet plane, and if the plane is not designed right or baggage loaded right or the food is poisoned or the engines are not maintained and on and on, no matter how good a pilot we are, we can be in trouble.”
Ebony Taylor, director of infrastructure services at Tech Impact, a Philadelphia-based MSP, said her company has 300 endpoints and could potentially be affected by a similar breach.
“It’s alarming,” she said. “Even with my own personal data, my biggest fear is my data being breached, my life being stolen, my clients’ data being stolen.”
Cyberattacks are increasingly common, and now some bad actors are calling out their geographic targets, said Bill Campbell, CEO of Waldorf, Maryland-based MSP BalanceLogic.
Campbell told CRN that with this latest attack, his team is giving everything another look.
“You can never be too careful,” he said. “We must stress to obtain and maintain the best cyber hygiene for our clients. This includes conducting regular vulnerability and penetration tests both on-prem and in the cloud.”
Marco Prieto, in-house manager for East Hartford, Connecticut-based MSP, said he was sad to hear a fellow MSP get hit.
“You don’t want anyone to go through that,” he told CRN. “Even if they are competitors of yours, you don’t want them to go through that because that means potential loss of clients, potential loss of jobs, and clients being affected by that.”