SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image

Ransomware tactics evolve, posing challenges for MSPs

Today

A new report by ConnectWise reveals significant shifts in ransomware tactics and advances in attacker evasion techniques, posing challenges for Managed Service Providers (MSPs).

The 2025 Managed Service Provider (MSP) Threat Report from ConnectWise, compiled by the ConnectWise Cyber Research Unit, underscores the ever-evolving nature of the cyber threat landscape. The findings outline an increasing focus on data extortion and the targeting of smaller MSPs, as well as the development of sophisticated Endpoint Detection and Response (EDR) evasion techniques. Patrick Beggs, Chief Information Security Officer at ConnectWise, emphasised the significance of these trends for MSPs. "Our data highlights a key evolution in the cyber threat landscape: attacks are becoming increasingly targeted and sophisticated," said Beggs.

Among the report's key findings is a marked shift in ransomware tactics, with a noted increase in attacks against smaller organisations. These groups are reportedly capitalising on less robust cybersecurity measures often present in such organisations. An emerging trend sees the rise of data extortion as a standalone tactic, which presents new challenges for data protection strategies, as this method targets sensitive information directly, even in the absence of encryption.

In addition to this, attackers are reportedly refining techniques to bypass or disable EDR solutions, which creates further challenges for effective threat detection and response. According to the report, this advancement means MSPs must move beyond sole reliance on EDR systems and instead adopt a more layered and proactive approach to cybersecurity.

The resurgence of drive-by attacks is another critical finding, with new variations such as "ClickFix" emerging. These attacks, exploiting vulnerabilities in commonly used software, demand rigorous defenses and enhanced user education to mitigate their prevalence. Alongside this, edge devices, including firewalls and VPNs, are increasingly targeted as entry points by attackers seeking initial access to networks.

The 2025 MSP Threat Report from ConnectWise offers practical recommendations for MSPs in light of these findings. It advocates for a layered security approach, emphasising the importance of vulnerability and patch management and the critical need for cybersecurity awareness training. Continuous monitoring and investment in comprehensive cybersecurity measures, such as EDR or Managed Detection and Response (MDR) solutions, alongside Security Information and Event Management (SIEM) systems, are also advised.

In related news, ConnectWise's release of the Q4 Service Leadership Index provides additional insights into the financial aspects facing MSPs. While revenue growth is reportedly slowing to pre-pandemic levels, the profitability of MSPs remains relatively high. The average adjusted Earnings Before Interest, Taxes, Depreciation, and Amortisation (EBITDA) for MSPs decreased slightly from 12.2% in the third quarter to 11.1% in the fourth quarter. However, this figure is higher than the 2023 adjusted EBITDA of 10.3%.

The data also indicates an increase in the number of MSPs operating at a loss, with 18% reporting a loss in the fourth quarter, compared to 14% in the previous year. ConnectWise's insights underline the dual challenge MSPs face in managing both emerging cybersecurity threats and strategic financial operations.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X