Cyber Incident Victim: NetStandard
Date:
Jul 2022
Location:
United States of America
Summary
A Kansas-based managed service provider experienced a cybersecurity incident, prompting the shutdown of its MyAppsAnywhere cloud services—including hosted Dynamics GP, Exchange, SharePoint, and CRM—to contain the attack. The disruption extended to the company's main website, though no other services were confirmed compromised. NetStandard engaged its insurance provider and a third-party cybersecurity firm to investigate the breach and restore systems, hosting hourly updates for affected customers. Security researchers suggested the incident likely involved ransomware, consistent with trends targeting MSPs due to their access to multiple client networks. The attack's nature aligns with broader risks to service providers, where single breaches can cascade across numerous organizations, though direct attribution remains unconfirmed.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On July 26, 2022, at approximately 11:30 AM CDT, NetStandard, a Kansas-based managed service provider (MSP), detected signs of a cybersecurity attack within its MyAppsAnywhere cloud environment. The company promptly shut down the affected services—Hosted Dynamics GP, Hosted Exchange, Hosted SharePoint, and Hosted CRM—to contain the threat and prevent further spread. NetStandard’s engineering team initiated an incident response bridge immediately upon discovery, focusing on isolating the compromise and minimizing operational disruption. While the company stated only MyAppsAnywhere services were impacted, its primary website also became inaccessible, indicating broader infrastructure issues. NetStandard engaged its insurance provider to assist in identifying the attack’s origin and restoring systems, and the insurer facilitated collaboration with a third-party cybersecurity firm. The MSP hosted hourly Zoom briefings for customers to communicate outage updates, though no technical details about the attack vector or perpetrator were disclosed.
MyAppsAnywhere remained offline indefinitely following the shutdown, disrupting client access to critical hosted applications. Security researchers cited in the report hypothesized the incident was likely a ransomware attack, citing the MSP sector’s attractiveness to threat actors seeking leverage over multiple organizations through a single breach. The article noted a coincidental forum post by a Russian-speaking actor soliciting partners to monetize access to an MSP managing 50+ companies and 1,000+ servers, though no direct link to NetStandard was established. Historical context referenced prior MSP-targeting campaigns, including REvil’s 2021 Kaseya supply-chain attack, underscoring the sector’s vulnerability. NetStandard did not confirm data theft, encryption, or ransom demands, and restoration timelines were unspecified at the time of reporting. The company’s public communications remained limited to outage notifications and procedural updates, with no further elaboration on forensic findings or recovery progress.