The Huntress 2026 Cyber Threat Report found a 277% year-over-year surge in the abuse of RMM tools, which now account for roughly a quarter of all observed incidents. The ConnectWise 2026 MSP Threat Report frames 2025 as the year of “the abuse of trust,” with attackers increasingly exploiting valid credentials, misconfigured remote access, and trusted software updates rather than relying on novel exploits. For MSPs, the implication is uncomfortable: the tools you use to manage and protect your clients are increasingly being turned against you and them.
Tony Anscombe, Chief Security Evangelist at ESET, returns to the podcast to dig into how these attacks actually work – from daisy-chaining multiple CVEs for entry, escalation, and persistence, to ClickFix-style social engineering where users are tricked into pasting malicious PowerShell commands through fake browser prompts. The conversation also gets into why attackers are going after MSP toolchains specifically, the patching dilemma MSPs face when every hour of delay is an hour of exposure, and why groups like Akira are now targeting backup infrastructure first to neutralize the recovery path before encrypting.
On the business side, Tony is candid about what a breach through your own tools means for trust, reputation, and survival – and offers practical starting points: audit your environment, clean up stale credentials, patch on cadence, and run tabletop exercises with your customers, not just internally. He also introduces the concept of cyber warranties as a potential competitive differentiator for MSPs looking to stand out on RFPs.
This is the second in an ongoing series of conversations with Tony. The first, covering the cybersecurity trends MSPs can’t ignore in 2026, is also available.
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Spotify | Amazon Music | Android | iHeartRadio | Youtube Music | RSS
Read Full Transcript
TRANSCRIPT TO COME
