[German]On July 26, 2022, U.S. managed service provider NetStandard was arguably the victim of a successful cyberattack. The attack resulted in the company having to shut down its MyAppsAnywhere cloud services, consisting of hosted Dynamics GP, Exchange, Sharepoint and CRM services, to prevent further damage.
Advertising
I had only caught it in passing – security researcher Kevin Beaumont, for example, picked up on it on Twitter.
The Kansas City-based provider has arguably been in business for 25 years, offering managed IT services. Someone pointed out the incident on reddit.com. In an email, the company informed its customers about the cyberattack:
As of approximately 11:30 AM CDT July 26, NetStandard identified signs of a cybersecurity attack within the MyAppsAnywhere environment. Our team of engineers has been engaged on an active incident bridge ever since working to isolate the threat and minimize impact.
MyAppsAnywhere services, which include Hosted GP, Hosted CRM, Hosted Exchange, and Hosted Sharepoint, will be offline until further notice.
No other services from NetStandard have been impacted at this time.
At this point, no additional information on the extent of the impact nor time to resolution can be provided. We are engaged with our cybersecurity insurance vendor to identify the source of the attack and determine when the environment can be safely brought back online.
Updates will be provided hourly on a Zoom bridge created expressly for this purpose beginning at 8 am CDT July 27. The meeting can be joined through any zoom interface using the meeting ID ### #### ####, passcode #####.
We take your business seriously and know that you count on these services to run your business. We appreciate your patience and apologize for the inconvenience this has caused.
Users who have hosted their applications in the cloud with this provider are of course in a fix – because the shutdown meant that nothing worked anymore. There were already heated discussions on reddit.com. The colleagues from Bleeping Computer had picked it up here. Bernard Montel, from security provider Tenable, says:
Attackers are looking for the biggest return on their cyberattack efforts, with MSPs proving to be the proverbial golden goose. Shutting everything down may seem extreme, but when it comes to stopping an attack, it's very effective. It contains the impact and buys the affected organization time to determine what happened.
Information about the NetStandard attack is limited, but it shows how far-reaching the compromise of a single organization can be. This incident is a timely reminder that as organizations continue to migrate to the cloud, third-party dependencies can potentially increase risk. That doesn't mean outsourcing is the problem here, just that organizations need to take a risk-based approach to it. At the very least, take time to evaluate what and, perhaps more importantly, to whom you are delegating and what safeguards are in place.
The Tenable expert's recommendations regarding this issue is to take the time to understand the risks you are exposing yourself to by using managed service providers. He writes:
Advertising
For example, if you know that an MSP relies on VMWare or another cloud provider and a vulnerability is identified, this increases their risk profile and therefore yours. Understand who is responsible for securing what. If you're using a full security-as-a-service solution, trust the provider to make sure everything is secure, whereas with a platform-as-a-service provider, you're responsible for application security yourself. It may not always be that clear, but the agreement on responsibility should really be known by all. Finally, determine a potential exit strategy – what is where and how will you reverse it if needed as part of your risk management process.
How do you actually hold this in your cloud environment?
Advertising
