On 25th March 2023, the Germany-based international consultant and IT service provider Materna reported that its systems and infrastructure had been compromised by a cyber attack. As a result, several systems in the company’s network were compromised, prompting the company to temporarily restrict its systems for security reasons.
Since the date of the initial breach, more details have been released such as first indications of problems at Materna when the attack was thought to be a fault in its server systems. Employees later experienced disruptions to their e-mail or telephone communications. Following the attack, leaders of Materna believe it to be a professionally designed ransomware attack – based on its level of sophistication. It is not yet clear if data was indeed stolen.
Dirk Schrader, VP of Security Research at Netwrix has made the following comment on the breach:
“In what can potentially become another devastating supply chain attack, German IT services company Materna informed that it had become the victim of ‘professionally crafted’ cyber-attack. Materna operates four business division across 19 countries in the world, delivering IT services to local and regional administrations and international airports like Tokyo, Toronto, Montreal, Miami, and Denver.
“Materna’s website has been taken offline and has been reported by German states that systems in the company’s internal network were compromised beginning Saturday 25th of March, and that all systems and services are temporarily halted or work with limited functionality. Law enforcement is involved, in addition to third-party forensic investigators. Materna’s customers will be informed via separate channels about the investigation.
“As information is limited, we can’t tell whether the attack was detected in its early stages or later, when actual damage like data exfiltration could already done. Whether or not customer data was indeed affected, it is likely that the motive for this targeted attack did not only involve encryption and extortion.
“Such attacks highlight the need for every managed service provider (MSP) to be extra vigilant about their own cyber security posture. As a supplier for a great number of other organisations, IT service companies and managed security service providers (MSSPs) are a prime target for threat actors looking for entry points into a larger group of potential victims.
“Customers, while awaiting further info, should be closely monitoring any API connection, accounts managed by Materna on the customer’s behalf, and take stock of any data or account credentials – user or admin – that were shared with Materna in the past.”