ConnectWise announced the findings of its annual MSP Threat Report. Now in its fifth year, the report analyzes key security incidents and trends from the past 12 months, equipping TSPs with expert guidance for the year ahead.
To protect small and medium-sized business (SMB) operations, it is essential to inform TSPs about the evolving threat landscape so they can stay well-informed and practice proactive cyber defense strategies. To achieve this, the ConnectWise Cyber Research Unit (CRU) conducted an extensive analysis of half a million cybersecurity incidents that affected IT solution providers and their clients. This analysis focused on identifying the most targeted vulnerabilities, such as the implications of Windows Server 2012 end-of-life and included a comparative analysis of popular tactics employed by threat actors between 2022 and 2023.
The report features detailed graphics to help TSPs cross-reference popular MITRE ATT&CK techniques to determine which will most likely impact SMBs. Partners can confidently invest in defending against relevant attacks by leveraging a comprehensive heat map that showcases the 214 distinct MITRE ATT&CK® techniques and sub-techniques observed in cybersecurity incidents throughout 2023.
“This year’s threat report serves as a stark reminder of the daunting challenges that the industry faces in developing and implementing effective cybersecurity strategies in an ever-changing and growing threat landscape,” said Raffael Marty, EVP and GM, Cybersecurity at ConnectWise. “Our report is specifically tailored to empower SMBs in navigating the escalating complexity and noise surrounding cybersecurity, enabling them to prioritize the best practices necessary to safeguard their IT environments. The 2024 MSP Threat Report findings reveal the heightened risks stemming from outdated software, vulnerabilities associated with remote work environments, and the alarming surge in the frequency and impact of ransomware attacks. These mission-critical challenges demand immediate attention from TSPs as they gear up for the upcoming year.”
Marty emphasized: “At ConnectWise, we take immense pride in leveraging the invaluable insights derived from our integrated cyber infrastructure to equip our partners with actionable intelligence, empowering them to serve SMBs with unwavering confidence.”
One of the most significant trends identified in the report was the continually surging incidents of drive-by attacks. A standard cybersecurity defense posture operates under the assumption that an attacker will proactively reach its target and engage with them within a given threat surface. However, the 2024 Threat Report uncovered that during 2023 there was an increase in malicious activity using a different delivery approach in which threat actors place themselves so that victims proactively come to them, known as a drive-by compromise.
The MSP Threat Report also highlights several key cybersecurity considerations for TSPs in 2024 the following:
- Securing SMBs is of paramount importance for TSPs, given their limited resources for comprehensive cybersecurity measures. TSPs play a pivotal and indispensable role in safeguarding SMBs from emerging threats through their expert guidance, efficient patch management, and the provision of highly cost-effective solutions.
- The top MITRE ATT&CK techniques observed in cybersecurity incidents, focusing on defense evasion tactics employed by threat actors. The report also highlighted the most exploited vulnerabilities, including those in popular software such as FortiOS, Citrix ShareFile, and MOVEit Transfer.
- In addition to detailing the surging trend of drive-by compromises, where threat actors lure victims to malicious websites through techniques like search engine optimization (SEO) poisoning and malvertising, it also discussed threat actors’ increasing use of defense evasion techniques, such as obfuscated files and living-off-the-land binaries (LOLBins).
- A comprehensive analysis of ransomware trends revealed a 94% increase in ransomware sightings in 2023 compared to the previous year. It examined the top five most sighted ransomware groups, their techniques, and the overall shift toward attacks of targeting SMBs.