Major Cyberthreats to Anticipate in the Year of the Horse
The Lunar New Year ushers in the Year of the Horse, a symbol of speed, endurance, and clear direction. These qualities mirror what today’s cybersecurity environment demands from managed service providers (MSPs). In a rapidly evolving threat landscape, agility, resilience, and proactive defense are essential.
For Acronis, the Lunar New Year also holds cultural significance, as the company was founded in Singapore where the celebration marks the beginning of a new lunisolar year. Inspired by the spirit of the Year of the Horse, this article explores the major cybersecurity threats MSPs should prepare for in 2026.
Insights referenced here are based on findings from the Acronis Cyberthreats Report H2 2025, which analyzed telemetry from more than one million protected endpoints. The report reveals how quickly attackers are evolving, targeting MSP ecosystems and exploiting trusted platforms with increasing precision.
1. Phishing: The Fastest-Moving Threat Vector
Phishing continues to outpace many traditional defenses. It has evolved from simple deceptive emails into highly sophisticated, AI-assisted attacks that blend seamlessly into everyday communications.
According to the report:
52% of attacks used phishing as the primary entry point.
31% of collaboration platform threats involved advanced attacks.
Malware accounted for 54%, while phishing made up 15% in certain collaboration environments.
Cybercriminals are increasingly targeting communication tools where employees feel most comfortable. Instead of relying only on email, attackers now exploit platforms such as:
Microsoft Teams
WhatsApp
Signal
Two major factors are driving this shift:
AI-generated phishing messages that are more convincing and personalized
Expansion of attack surfaces beyond traditional email
In some documented incidents, attackers impersonated trusted contacts to capture MSP administrator credentials, giving them access to remote monitoring systems and multiple client environments.
2. Ransomware: A Persistent and Evolving Threat
Ransomware remains one of the most dangerous threats facing organizations, and it continues to grow in sophistication.
The report highlights a nearly 50% year-over-year increase in ransomware activity, driven by groups such as:
Qilin
Sinobi
Akira
Researchers identified nearly 100 active Ransomware-as-a-Service (RaaS) providers, including 34 new groupsappearing in the second half of 2025.
Modern ransomware campaigns often follow a quieter, more strategic approach:
Initial access through infostealers or phishing
Silent lateral movement across systems
Data exfiltration before encryption
Extortion based on stolen data rather than just locked systems
This shift emphasizes the importance of early detection, identity protection, and reliable backup and recovery systems.
3. RMM Tools: High-Trust Platforms Under Attack
Remote Monitoring and Management (RMM) platforms are critical to MSP operations, but their high level of access also makes them attractive targets for attackers.
The report identified 3,000 critical vulnerabilities in 2025, some affecting widely used RMM platforms.
Among the tools targeted were:
N-able
AnyDesk
TeamViewer
Splashtop
Additional incidents involved exploitation of:
ScreenConnect
These attacks were linked to groups such as:
DragonForce
Scattered Spider
Because RMM tools operate with elevated privileges and manage multiple client systems, a single compromise can allow attackers to move rapidly across many environments.
Preparing for 2026: Moving with Speed and Confidence
To stay ahead of emerging threats, MSPs must strengthen both their security posture and operational efficiency.
Key priorities include:
Automating patch management and system monitoring
Hardening RMM environments
Strengthening phishing detection and response
Validating backups and recovery processes
Adopting zero-trust security principles
Automation can help technicians focus on higher-value activities such as threat hunting, incident response, and proactive defense.
As cybercriminal tactics evolve, the ability to respond quickly and decisively will define successful security strategies in 2026.
For deeper insights into these trends, explore the Acronis Cyberthreats Report H2 2025, which provides detailed analysis of AI-driven phishing, collaboration platform attacks, and threats targeting MSP ecosystems.
Source / Credit: Adapted from research and insights published by Acronis.
