Saturday, December 3, 2022
HomeCyber SecurityKansas MSP shuts down cloud companies to fend off cyberattack

Kansas MSP shuts down cloud companies to fend off cyberattack


A US managed service supplier NetStandard suffered a cyberattack inflicting the corporate to close down its MyAppsAnywhere cloud companies, consisting of hosted Dynamics GP, Change, Sharepoint, and CRM companies.

In line with an electronic mail despatched to MyAppsAnywhere clients shared on Reddit, the corporate detected indicators of a cyberattack on Tuesday morning and shortly shut down cloud companies to forestall the assault’s unfold.

“As of roughly 11:30 AM CDT July 26, NetStandard recognized indicators of a cybersecurity assault throughout the MyAppsAnywhere surroundings. Our group of engineers has been engaged on an lively incident bridge ever since working to isolate the menace and decrease impression.

MyAppsAnywhere companies, which embody Hosted GP, Hosted CRM, Hosted Change, and Hosted Sharepoint, can be offline till additional discover.

No different companies from NetStandard have been impacted right now.” – NetStandard.

The corporate says that they’ve engaged their insurance coverage supplier to assist establish the supply of the assault and convey methods again on-line.

Whereas the corporate says that solely the MyAppsAnywhere companies are affected, the assault seems to have had a broader impression, with the corporate’s most important website shut down as properly.

NetStandard website shut down
NetStandard web site shut down

The corporate has been internet hosting hourly Zoom calls to replace clients concerning the outages, with BleepingComputer instructed that the corporate is now engaged with a third-party cybersecurity agency supplied by their insurance coverage provider.

As NetStandard is sharing no additional particulars, it’s unclear what sort of assault has occurred. Nonetheless, safety researchers imagine that is doubtless a ransomware assault, as we generally see with cyberattacks just like the one on NetStandard.

Kevin Beaumont tweet

In case you have first-hand details about the assault on NetStandard or different unreported cyberattacks, you may confidentially contact us on Sign at +16469613731.

A coincidence?

In what could also be a coincidence, Huntress Lab’s CEO Kyle Hanslovan tweeted a screenshot yesterday of a menace actor’s on the lookout for companions to conduct an assault on a managed service supplier.

In line with the put up on the Russian-speaking Exploit hacking discussion board, the menace actor claims to have entry to an MSP panel managing over 50 firms, 100 VMware ESXi servers, and 1000+ servers.

Forum post on the Russian-speaking Exploit hacker forum
Discussion board put up on the Russian-speaking Exploit hacker discussion board
Supply: Kyle Hanslovan

Within the discussion board put up, the menace actor is on the lookout for ideas from different hackers on monetize their entry.

“By way of preparation, there have been little issues left, so my share of revenue will certainly be excessive. For particulars and ideas – in non-public messages,” reads the translated discussion board put up.

Whereas it’s unclear if this discussion board put up is linked to the assault on NetStandard, it might not be far-fetched for a ransomware member to have contacted the menace actor to associate with them.

MSPs are a high-value goal for ransomware gangs as they provide a simple approach to encrypt quite a few firms without delay by way of a single breach, permitting quite a few extortion alternatives for the menace actors. Moreover, if many firms are encrypted, it might pressure the MSP to pay a ransom to guard the information and recuperate the information of their purchasers.

Up to now, there have been quite a few assaults on MSPs, with an affiliate for the GandCrab ransomware operation and later, REvil, displaying an curiosity and aptitude in assaults on managed service suppliers.

Nonetheless, probably the most vital assault on MSPs occurred in July 2021, when REvil ransomware carried out a Kaseya supply-chain assault that encrypted hundreds of firms.

BleepingComputer has reached out to NetStandard with questions concerning the assault however has not obtained a reply right now.



RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Recent Comments