ConnectWise MSP Threat Report Warns of Windows 2012, New Ransomware Dangers

The end-of-life (EOL) of Windows Server 2012, endpoint protection from remote workers, and growing ransomware attacks are major security challenges for MSPs. That's according to the 2024 ConnectWise MSP Threat Report.

The ConnectWise report analyzes major MSP-related security events and trends over the past year, focusing on helping MSPs protect SMBs by providing expert guidance, patch management and cost-effective solutions. The ConnectWise Cyber Research Unit (CRU) analyzed 500,000 cybersecurity incidents that affected IT solution providers and their clients in 2023.

The 2024 threat report showed three main challenges that should be a focus for MSPs:

Windows Server 2012 reached EOL in October 2023, meaning Microsoft no longer provides regular free updates. Customers can buy three years of extended security updates, but SMBs may not be aware of the EOL. The report cautions that the next big Windows Server 2012 vulnerability might never be patched. The CRU found Windows Server 2012 makes up about 14% of Windows log data sources for ConnectWise’s security information and event management (SIEM) among customers using Windows operating systems.

The threat report points out “that the prevalence of Windows Server 2012 still being used worldwide en masse after the operating system has reached EOL is a significant security concern for all of us in 2024.”

Ransomware Threat Still Growing

The CRU collected data on 4,400 ransomware sightings from 57 ransomware groups in 2023, with 29 of those groups making their first appearance last year. The top five ransomware groups accounted for 2,500 of the sightings. LockBit is by far the most active group, followed by PLAY ransomware (also known as PlayCrypt), BlackCat (also known as ALPHV or Noberus), 8base and Cl0p. The report said organizations made more than $1 billion in ransomware payments worldwide in 2023, and ransomware sightings increased 94% in 2023 from 2022.