The ConnectWise Cyber Research Unit (CRU) analyzed over 440,000 incidents that impacted MSPs and their clients and identified the top five ransomware variants used to target MSPs in 2022 and some of the biggest vulnerabilities impacting MSPs. The CRU then used this data to make predictions about upcoming trends MSP should be aware of.
Emerging New Phishing Technique
One of the significant findings, according to the report’s authors, was the emergence of a new phishing technique used by bad actors targeting MSPs. The attack works by exploiting changes in the default behavior of Visual Basic Application (VBA) macros handled in Microsoft Office documents downloaded online. In 2022, this approach led to a rise in the use of LNK files to deliver payloads, which would then lead to ransomware deployments.
Patrick Beggs, chief information security officer, ConnectWise, commented on the findings:
"The findings of this year's Threat Report highlight the growing importance of cybersecurity for MSPs and their customers. As the threat landscape continues to evolve, MSPs must remain vigilant and take proactive steps to protect their networks and clients. By adopting a zero-trust network architecture, leveraging threat intelligence research and investing in specialized cybersecurity training, MSPs can stay ahead of the curve and build more effective protection for their mission-critical infrastructure and services. ConnectWise is proud to have a foundation of transparency and an integrated cyber infrastructure that supports reports like this. We can develop and deliver cybersecurity products and services while leveraging the latest threat intelligence to protect our partners – letting them connect with confidence."
2023 MSP Cybersecurity Predictions
The report offered a variety of additional cybersecurity predictions for MSPs in 2023 and beyond, including:
- MSPs will remain the target of supply chain and critical infrastructure attacks. As a result, many MSPs will look to an outside partner with the right expertise to start strengthening their cybersecurity posture.
- Zero-trust network architecture is critical for MSPs. The most vulnerable MSPs are those without zero-trust network architecture (ZTNA), which is why governments worldwide will continue to expand their programs to require ZTNA from their vendors.
- Leveraging threat intelligence research and inter-organizational collaboration is essential for MSPs. Understanding current threats can help MSPs prioritize their time and efforts on what will have the most significant impact on their networks and those of their clients.
- Specialized cybersecurity training will increase across the industry, but ramp-up will take time. While diversified skillsets have worked thus far for MSPs, an evolving threat landscape is best addressed with cybersecurity specialists.
ConnectWise’s Security Plans
The report comes just days after ConnectWise announced a new partnership aimed at improving cybersecurity for MSPs. The partnership with the Cybersecurity and Infrastructure Security Agency (CISA) Joint Cyber Defense Collaborative (JCDC) will provide MSPs with the resources and tools necessary to strengthen their cybersecurity posture and protect their clients from cyber threats, the company said.
CISA, meanwhile, recently announced its own proactive program to help keep tabs on potential vulnerabilities in critical infrastructure sector companies. The Ransomware Vulnerability Warning Pilot (RVWP) is aimed at curtailing ransomware attacks, according to the group.
The program began in March with a scan for the dangerous ProxyNotShell vulnerability in Microsoft Exchange. The vulnerability has provided entrance to numerous ransomware attacks since its inception. CISA says it was able to notify 93 critical infrastructure organizations of the presence of this vulnerability and plans to scale up the program and provide more warnings in the coming months.