ConnectWise has announced the findings of its annual MSP Threat Report. Now in its fourth year, the report provides an analysis of the major MSP-related security events and trends from the past 12 months, alongside predictions for the year ahead.

The ConnectWise Cyber Research Unit (CRU) analyzed more than 440,000 incidents that impacted MSPs and their clients and identified the top five ransomware variants used to target MSPs in 2022, some of the biggest vulnerabilities impacting MSPs, and used this data to make predictions about upcoming trends MSP should be aware of.

"The findings of this year's Threat Report highlight the growing importance of cybersecurity for MSPs and their customers," said Patrick Beggs, chief information security officer, ConnectWise. "As the threat landscape continues to evolve, MSPs must remain vigilant and take proactive steps to protect their networks and clients. By adopting a zero-trust network architecture, leveraging threat intelligence research and investing in specialized cybersecurity training, MSPs can stay ahead of the curve and build more effective protection for their mission-critical infrastructure and services. ConnectWise is proud to have a foundation of transparency and an integrated cyberinfrastructure that supports reports like this. We can develop and deliver cybersecurity products and services while leveraging the latest threat intelligence to protect our partners — letting them connect with confidence."

The report includes visuals so MSPs can cross-reference common techniques used and determine which are most likely to impact their business and customers. A heat map of the MITRE ATT&CK techniques and sub-techniques observed during 2022 allows MSPs to be more confident in investing in cybersecurity efforts that will have the most impact in defending against attacks.

One of the significant findings in the report is the emergence of a new phishing technique used by bad actors targeting MSPs. It works by exploiting changes in the default behavior of Visual Basic Application (VBA) macros handled in Microsoft Office documents downloaded online. In 2022, this approach led to a rise in the use of LNK files to deliver payloads, which would then lead to ransomware deployments.

Based on this detailed insight, the report also offers a series of cybersecurity predictions for MSP in 2023 and beyond:

• MSPs will remain the target of supply chain and critical infrastructure attacks. As a result, many MSPs will look to an outside partner with the right expertise to start strengthening their cybersecurity posture.
• Zero trust network architecture is critical for MSPs. The most vulnerable MSPs are those without zero-trust network architecture (ZTNA), which is why governments worldwide will continue to expand their programs to require ZTNA from their vendors.
• Leveraging threat intelligence research and interorganizational collaboration is essential for MSPs. Understanding current threats can help MSPs prioritize their time and efforts on what will have the most significant impact on their networks and those of their clients.
• Specialized cybersecurity training will increase across the industry, but ramp-up will take time. While diversified skill sets have worked thus far for MSPs, an evolving threat landscape is best addressed with cybersecurity specialists.

The ConnectWise 2023 MSP Threat Report was created by the ConnectWise Cyber Research Unit (CRU) — a dedicated team of ConnectWise threat hunters who identify and research new vulnerabilities and publicly share what they find across the community. The CRU monitors ransom leak sites and malicious botnets for new threats, uses OSINT resources, and utilizes data from ConnectWise SIEM to help create content and complete research.

In other news, ConnectWise has announced a new partnership with the Cybersecurity and Infrastructure Security Agency (CISA) Joint Cyber Defense Collaborative (JCDC) to enhance cybersecurity for MSPs.

The partnership aims to provide MSPs with the resources and tools necessary to strengthen their cybersecurity posture and protect their clients from cyberthreats. As part of the collaboration, ConnectWise will work closely with CISA JCDC to develop new solutions and services that address the latest cybersecurity challenges faced by MSPs.

"We are thrilled to partner with CISA JCDC to help MSPs improve their cybersecurity practices," Beggs said. "MSPs are on the frontlines of protecting businesses from cyberthreats, and it's our responsibility to provide them with the best tools and resources to keep their clients safe."

CISA JCDC brings together experts from government, industry and academia to collaborate on cybersecurity defense. Through this partnership, ConnectWise will have access to the latest threat intelligence, best practices and training materials from CISA JCDC. In turn, ConnectWise will be well-positioned to share this information with MSPs to support ongoing efforts to defend against evolving cyberattacks. ConnectWise and CISA JCDC share a commitment to improving cybersecurity for businesses of all sizes, and this partnership is a significant step in achieving this goal.

The strength of ConnectWise's leading Information Security (InfoSec) program is applied across its cyberdefense practices and procedures. Ensuring a collaborative effort is in place across the digital landscape is a priority for the company; this partnership demonstrates their commitment to InfoSec principles and how it allows MSPs to connect with confidence.