ConnectWise MSP Threat Report Warns of Windows 2012, New Ransomware Dangers

ConnectWise says there are some important threats MSPs should watch to help SMBs mitigate security risks.

Dave Raffo, MSP News Editor

April 5, 2024

2 Min Read
ConnectWise Threat Report
Gustavo Frazao/Shutterstock

The end-of-life (EOL) of Windows Server 2012, endpoint protection from remote workers, and growing ransomware attacks are major security challenges for MSPs. That's according to the 2024 ConnectWise MSP Threat Report.

The ConnectWise report analyzes major MSP-related security events and trends over the past year, focusing on helping MSPs protect SMBs by providing expert guidance, patch management and cost-effective solutions. The ConnectWise Cyber Research Unit (CRU) analyzed 500,000 cybersecurity incidents that affected IT solution providers and their clients in 2023.

The 2024 threat report showed three main challenges that should be a focus for MSPs:

  • Increased risks associated with outdated software and Microsoft Windows Server 2012 reaching its EOL.

  • Vulnerabilities related to endpoint protection and asset management in a work-from-home context.

  • Significant growth in the number and impact of ransomware attacks, which have nearly doubled in the past year.

Windows Server 2012 reached EOL in October 2023, meaning Microsoft no longer provides regular free updates. Customers can buy three years of extended security updates, but SMBs may not be aware of the EOL. The report cautions that the next big Windows Server 2012 vulnerability might never be patched. The CRU found Windows Server 2012 makes up about 14% of Windows log data sources for ConnectWise’s security information and event management (SIEM) among customers using Windows operating systems.

The threat report points out “that the prevalence of Windows Server 2012 still being used worldwide en masse after the operating system has reached EOL is a significant security concern for all of us in 2024.”

Ransomware Threat Still Growing

The CRU collected data on 4,400 ransomware sightings from 57 ransomware groups in 2023, with 29 of those groups making their first appearance last year. The top five ransomware groups accounted for 2,500 of the sightings. LockBit is by far the most active group, followed by PLAY ransomware (also known as PlayCrypt), BlackCat (also known as ALPHV or Noberus), 8base and Cl0p. The report said organizations made more than $1 billion in ransomware payments worldwide in 2023, and ransomware sightings increased 94% in 2023 from 2022.

Read more about:


About the Author(s)

Dave Raffo

MSP News Editor, Channel Futures

Dave Raffo has written about IT for more than two decades, focusing mainly on data storage, data center infrastructure and public cloud. He was a news editor and editorial director at TechTarget’s storage group for 13 years, news editor for storage-centric Byte and Switch, and a research analyst for Evaluator Group. In addition to covering news and writing in-depth features and columns, Dave has moderated panels at tech conferences. While at TechTarget, Raffo Dave won several American Society of Business Publication Editors (ASBPE) awards for writing and editing, including for column writing.

Raffo covers the managed services industry for Channel Futures. His reporting beat includes the MSPs, key vendors and tech suppliers with managed services programs, platform providers, distributors and all key players in this sector of the market. Dave also works closely on the Channel Futures MSP 501 and our live events.

Raffo has also worked for United Press International, EdTech magazine, Windows Magazine and Data Center Intelligence Group (DCIG) in reporting, editing and research analyst roles.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like