ConnectWise MSP Report: Cybercriminals to Heavily Target MSPs in 2023

The latest ConnectWise MSP Threat Report highlights the increasing importance of cybersecurity for MSPs and their customers.

Now in its fourth year, the ConnectWise report provides an analysis of the major MSP-related security events and trends from the past 12 months. It also provides predictions for the year ahead.

ConnectWise Cyber Research Unit (CRU) analyzed over 440,000 incidents that impacted MSPs and their clients.

One of the significant findings in the ConnectWise MSP report is the emergence of a new phishing technique used by bad actors targeting MSPs. It works by exploiting changes in the default behavior of Visual Basic Application (VBA) macros handled in Microsoft Office documents downloaded online. In 2022, this approach led to a rise in the use of labels or shortcut Windows files to deliver payloads, which would then lead to ransomware deployments.

ConnectWise MSP Report Predictions

Among predictions for  MSPs:

• MSPs will remain the target of supply chain and critical infrastructure attacks. As a result, many MSPs will look to an outside partner to start strengthening their cybersecurity posture.
• Zero-trust network architecture (ZTNA) is critical for MSPs. The most vulnerable MSPs are those without ZTNA. That’s why governments worldwide will continue to expand their programs to require ZTNA from their vendors.
• Leveraging threat intelligence research and inter-organizational collaboration is essential for MSPs. Understanding current threats can help MSPs prioritize their time and efforts on what will have the most significant impact on their networks and those of their clients.
• MSPs will continue to solve the IT talent gap with tech stack consolidation and leveraging outside services. About three-quarters of IT industry leaders predict difficulties when recruiting data scientists or filling other tech positions in the coming years.
• Specialized cybersecurity training will increase across the industry, but ramp up will take time. While diversified skillsets have worked so far for MSPs, evolving threat landscapes is best addressed with cybersecurity specialists.

MSPs Attractive Targets

ConnectWise’s Patrick Beggs

Patrick Beggs, ConnectWise’s CISO, said vulnerabilities commonly exploited by Russian state-sponsored advanced persistent threats (APTs) have remained somewhat stagnant and steady, indicating they are having continued success.

MSPs are attractive targets for cyberattacks, he said. That’s due to their role in providing IT services to multiple customers, often in different industries.

“They manage and maintain critical infrastructure and systems, making them a prime target for supply chain and critical infrastructure attacks, Beggs said.

MSPs will continue to be a big target for such attacks because:

• MSPs have access to sensitive data belonging to multiple customers. That makes them a prime target for attackers seeking to steal data for financial gain or espionage purposes.
• They have a trust relationship with their customers. Attackers can exploit this to gain access to multiple networks and systems by attacking the MSP.
• MSPs typically manage a large attack surface, including networks, servers and applications for multiple customers, making them vulnerable to a wide range of attacks.
• They rely on third-party products, including software and hardware, to deliver services to their customers. These dependencies can introduce vulnerabilities that attackers can exploit.

“It is essential for MSPs to prioritize cybersecurity to protect themselves and their customers,” Beggs said.

MSPs Making ‘Great’ Progress

There has been progress in terms of MSPs beefing up their cybersecurity and staying on top of threats, Beggs said. For example, many are increasing their investment in cybersecurity to protect themselves and their customers. Also, they’re adopting best practices, and working to comply with industry standards and regulations.

MSPs are also providing cybersecurity training to their employees to ensure that they are aware of the latest threats and best practices, he said. Furthermore, they’re partnering with security vendors to leverage their expertise in cybersecurity and to offer advanced security solutions.

“However, as the threat landscape evolves, it is important for MSPs to continue to adapt and improve their security posture to protect themselves and their customers,” he said.