MSPs on Alert: DragonForce Ransomware, ScreenConnect Abuse, and Microsoft’s Update Integration

DragonForce has emerged as a significant threat actor in the cybercrime landscape, targeting vulnerabilities in the SimpleHelp remote monitoring and management tool to execute sophisticated ransomware-as-a-service attacks against managed service providers (MSPs). Recent incidents have highlighted how attackers exploited known vulnerabilities, including path traversal and privilege escalation issues, to deploy DragonForce ransomware, which involved exfiltrating sensitive data and employing double extortion tactics. While some clients were protected by endpoint security measures, others suffered significant impacts, underscoring the importance of maintaining IT hygiene and patch management.

The rise of DragonForce is indicative of a broader trend where low-key remote monitoring and management vendors become high-risk entry points for cybercriminals. The evolution of DragonForce from disruptive ransomware player to a full-blown ransomware-as-a-service operator executing targeted extortion campaigns raises alarms about the security of tools widely used by small and medium-sized businesses (SMBs). This situation serves as a reminder that disclosed vulnerabilities can become weaponized if organizations fail to prioritize patching and security measures.

In another concerning development, ConnectWise's ScreenConnect has been identified as the most abused legitimate remote access tool in cyberattacks, accounting for a significant percentage of active threat reports. Cybercriminals are hijacking these tools, typically used by IT professionals, to infiltrate systems and deliver malicious software. The increasing popularity of ScreenConnect has raised vendor trust concerns among IT service providers, prompting discussions about the implications of using such tools in an environment where they can be misused, even without technical exploits.

Microsoft is also making waves in the patch management landscape by introducing a Windows Update Orchestration platform that allows app developers to integrate their update processes into the Windows 11 framework. This initiative aims to create a unified system for managing updates across devices, addressing user concerns about fragmented experiences. The implications of this change are profound, as it positions Microsoft as a central authority in the software update lifecycle, potentially reshaping how managed service providers and security teams approach patching and update management in the future.

Four things to know today

00:00 DragonForce Targets SimpleHelp Vulnerabilities in MSP-Focused Ransomware Campaign

03:30 ConnectWise ScreenConnect Now the Most Abused Remote Access Tool in 2025 Cyberattacks, Report Finds

05:56 Unified Patch Control: Microsoft’s Update Orchestration Platform Threatens RMM Value Propositions

08:55 Actionable AI: Governance Framework and MCP Protocol Deliver Real-World Benefits Amid Hype

This is the Business of Tech.   

Supported by:  https://syncromsp.com/

All our Sponsors:   https://businessof.tech/sponsors/

Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: http