In an age where nearly every website requires a login, password managers have become a go-to solution for simplifying online security. They promise to create, store, and manage your passwords safely, but not all promises hold up under scrutiny. As convenient as these tools are, understanding the dangers of using password managers is essential before you entrust them with your digital life.

1. Centralized Risk: One Breach Exposes Everything

Perhaps the most significant of the dangers of using password managers is that they centralize all your credentials in one vault. If that vault is compromised; whether through a cyberattack or a data breach, a hacker potentially gains the keys to your entire digital identity. Even companies with strong encryption standards have faced breaches or misconfigurations that left user data at risk.

2. Cloud-Based Vulnerabilities

Most password managers sync your passwords to the cloud for convenience. That synchronization can create new attack surfaces. Data breaches, insecure APIs, or compromised backup servers can expose encrypted password vaults to attackers. Once stolen, those vaults could be targeted with increasingly powerful brute-force decryption methods over time. The dangers of using password managers deepen when users don’t realize that “encrypted” doesn’t always mean “unhackable.”

3. Password Managers May See Your Vault

Recently, Ars Technica shed light on an unsettling discovery: some password managers may, under certain conditions, actually have the ability to view your supposedly “zero-access” password vaults (read the full article here). This revelation highlights one of the emerging dangers of using password managers — trusting the marketing claims that they “can’t see” your passwords when that might not be entirely accurate. If a provider can access your vault, your privacy depends less on encryption and more on the company’s internal policies.

4. Device Security Still Matters

Even if a password manager is well-designed, your personal device can undermine it. Malware, spyware, or keyloggers can intercept the master password you use to unlock your vault. The dangers of using password managers often stem not from the software itself, but from compromised devices that give attackers indirect access.

5. Human Error and Complacency

No software can protect against human mistakes. Weak master passwords, careless autofill use, and failure to log out of shared devices all expose you to the same dangers of using password managers you’re trying to prevent. Password managers reduce mental strain, but they can also create false confidence which leads users to overlook basic security hygiene.

6. Bugs, Updates, and Trust Issues

Because password managers are software products, they can contain bugs or suffer from security flaws in updates. These issues may go unnoticed or unpatched for months. Among the most underestimated dangers of using password managers is the blind trust users place in companies to maintain transparency and accountability when vulnerabilities surface.

7. The False Sense of Security

Over-reliance is another threat. Believing your data is perfectly safe because it’s “encrypted” may lead to risky behavior, such as reusing passwords or ignoring phishing red flags. Once again, the dangers of using password managers don’t just come from hackers, they come from users forgetting that security is an ongoing process, not a set-it-and-forget-it tool.

How to Use Password Managers More Safely

While the risks are real, you don’t necessarily need to abandon password managers altogether. Instead, take a few precautions:

• Enable multi-factor authentication on all important accounts.
• Keep your devices and password manager software fully updated.
• Audit your stored passwords regularly and remove outdated credentials.
• Do not rely solely on one tool; consider keeping extra-sensitive logins offline.

Awareness of the dangers of using password managers is your best weapon against becoming a victim of digital compromise.

ATYXIT is an Illinois based security-first Business IT Solutions Provider and Chicago Cloud Provider. We excel in supporting and evolving company networks. Our technical support, technology consulting, project management, cyber security and IT strategy services make us the ideal IT resource for businesses of all sizes.

Reach out today if you need assistance with any of your business technology!

The post The Dangers of Using Password Managers appeared first on ATYXIT - Illinois IT Services and IT Support.

2026 Tech Shifts Businesses Can’t Ignore

AI is shifting from “nice-to-have tools” to embedded, agent-like systems that automate complex workflows across departments, not just single tasks like writing emails or generating content. Many small and mid-sized businesses are now using AI daily as leaders look for productivity gains, better decision-making, and greater resilience without adding large numbers of new staff. Business Technology in 2026 is continuing to evolve.

Hybrid cloud is becoming the default approach, with most businesses running a mix of on-premise and cloud services to balance cost, control, performance, and scalability. Rather than going 100% to the cloud or keeping everything in-house, companies are choosing a pragmatic mix that supports growth while controlling risk and spend.

Cyber threats are accelerating, with AI-driven phishing, ransomware, and supply-chain attacks increasingly targeting smaller organizations that have not modernized their defenses. Attackers know that many SMBs lack dedicated security teams, which makes well-structured, outsourced IT and security support more critical than ever.

Cybersecurity and Data Protection in 2026

Insurers, vendors, and regulators now expect security fundamentals like multi-factor authentication, advanced endpoint protection, and documented incident response plans as a minimum standard. Businesses that still rely only on basic antivirus and single-factor passwords are being viewed as high-risk, which can impact cyber insurance premiums, contract requirements, and even the ability to bid on certain projects.

Strong backup and recovery strategies are no longer optional as ransomware groups shift to more sophisticated tactics that aim to disrupt operations and compromise backups. Off-site, cloud-based backups with clear retention policies and regularly tested restoration procedures are now a core requirement for business resilience.

How ATYXIT can help:

• Design and implement layered security (firewalls, endpoint protection, MFA, secure remote access, and staff awareness training) tailored for small and mid-sized businesses that need enterprise-grade protection without enterprise-level complexity.
• Set up and manage secure cloud backup and recovery so critical data is continuously protected off-site and can be restored quickly after an incident, minimizing downtime and financial impact.

AI and Automation in Everyday Operations

Businesses are moving from isolated AI tools to coordinated systems that can plan and execute multi-step processes like customer support workflows, procurement, scheduling, and financial monitoring. This shift allows smaller teams to handle more work, respond faster to customers, and make better data-driven decisions without a proportional increase in headcount.

The real value of AI comes when it is built on clean, well-structured data and clear, standardized processes. If a business has messy data, inconsistent systems, or siloed workflows, AI will often amplify those problems instead of solving them. Ensuring that IT infrastructure and data flows are solid is now just as important as choosing the “right” AI tools.

How ATYXIT can help:

• Assess current systems and data flows, then recommend practical AI integrations, such as smarter helpdesk routing, automated document handling, or enhanced reporting tailored to the business’s size and industry.
• Provide ongoing IT consulting so AI projects are grounded in realistic infrastructure, security, and budget constraints, turning AI from a buzzword into a set of tools that actually support day-to-day operations.

Cloud, Hybrid Work, and Modern Infrastructure

Hybrid work remains common, and many businesses now support staff across office, home, and mobile environments. This creates a need for secure access to apps and files from anywhere, along with centralized control and visibility over devices and data. The challenge is to give employees flexibility without weakening security or creating a patchwork of tools that are hard to manage.

Cloud adoption continues to grow, with many organizations using a mix of SaaS applications, cloud storage, and on-premise systems. The priority in 2026 is making these tools work together reliably and securely, integrating identity, access, data protection, and monitoring across on-site and cloud environments.

How ATYXIT can help:

• Design and support secure hybrid environments, including remote access, VPNs or zero-trust style configurations, standardized workstation builds, and policies that keep remote and office users aligned.
• Plan and manage cloud migrations or expansions, helping determine which systems to move, how to integrate them, and how to protect data end-to-end while keeping performance and user experience strong.

Strategic IT Planning and Next Steps with ATYXIT

A modern business in 2026 needs more than just “fix-it-when-it-breaks” IT support. It needs a roadmap that links technology investments to business goals, whether that means faster customer response times, improved compliance, reduced downtime, or better use of data and automation.

A practical way to start is with an IT and security assessment to map current risks, aging systems, and modernization opportunities across AI, cloud, and cybersecurity. This gives leadership a clear picture and a prioritized roadmap instead of disconnected, reactive spending. From there, the organization can implement a mix of quick wins and longer-term projects.

Quick wins might include rolling out multi-factor authentication across the organization, upgrading endpoint security, tightening backup and recovery, and standardizing devices and configurations. Larger initiatives can focus on integrating AI into key workflows, modernizing line-of-business applications, and consolidating or optimizing cloud services.

ATYXIT can act as an ongoing partner, not just a one-time vendor, reviewing IT strategy regularly, adjusting to new threats and tools, and ensuring technology decisions stay aligned with business objectives. With a security-focused and business-centric approach, ATYXIT helps turn IT from a cost center into a core enabler of growth, resilience, and competitive advantage in 2026 and beyond.

ATYXIT is an Illinois based security-first Business IT Solutions Provider and Chicago Cloud Provider. We excel in supporting and evolving company networks. Our technical support, technology consulting, project management, cyber security and IT strategy services make us the ideal IT resource for businesses of all sizes.

Reach out today if you need assistance with any of your business technology!

The post Business Technology in 2026 appeared first on ATYXIT - Illinois IT Services and IT Support.

The past year has seen significant changes among cyber criminal threat actors with previously feared groups such as LockBit – taken down by law enforcement and others no longer the forces they once were.

The past year has also seen a pivot among some cyber-threat actors to extortion without encryption. In such attacks, a victim’s systems are attacked via social engineering or an unpatched software vulnerability. Their data is then stolen, but not encrypted.

This sort of attack is becoming a significant threat because it lowers the barriers to entry from a technical perspective, both for the ransomware operators who save on time and effort, and their affiliates. This trend started to emerge during 2024 and shows no signs of slowing down.

“Multiple groups appear to prefer a pure extortion play. Ransomware groups will traditionally encrypt files before exfiltrating them, charging for both the decryption key and to prevent data from being leaked,” said the FlashPoint team.

“[However] extortion groups like World Leaks, previously known as Hunter’s International, ransoms without encryption. Additionally, RansomHub has been observed occasionally employing this tactic, as well as emerging groups like Weyhro,” they said.

Meanwhile, generative artificial intelligence (GenAI) is also starting to be used by some – albeit not many gangs, again as a means of relieving ransomware gangs of some of the more burdensome tasks they face, such as developing phishing templates.

At the time of writing, few high-profile operators are using large language models (LLMs) in their tooling, but Funksec, which emerged at the end of 2024 and may have had a hand in the development of the WormGPT model, may be one to watch out for.

“It is possible that additional groups will integrate the use of LLMs or chatbots within their operations,,” said the FlashPoint team.

Other operational and technical changes observed by the FlashPoint team include a growing number of attacks in which ransomware gangs recycle previous ransomware victims from other groups, with data often appearing on other forums long after the event itself has occurred.

Data Compromised

The stolen information varies by but potentially includes:

• Full names
• Physical addresses
• Contact information
• Social Security numbers (SSNs)
• Medical data
• Student grades
• Enrollment history
• Teacher licensing and salary information

The most active ransomware actors tracked during the first six months of 2025 were Akira, which carried out 537 attacks, Clop/Cl0p, with 402, Qilin, with 345, Safepay Ransomware, with 233, and RansomHub, with 231 attacks.

In terms of ransomware victims, organizations in the United States continue to be the most frequently targeted, accounting for 2,160 attacks tracked by FlashPoint. This outpaces Canada – with 249 attacks – by a runaway margin. FlashPoint tracked 154 attacks in Germany and 148 in the UK, followed by Brazil, Spain, France, India and Australia.

Protecting Against Future Attacks

To better protect themselves from ransomware attacks and breaches, organizations should consider the following measures:

1. Implement strong access controls: Use multi-factor authentication and regularly update passwords for all systems. Check out our guide on implementing multi-factor authentication.
2. Conduct regular security audits: Regularly assess and update security protocols to identify and address vulnerabilities. ATYXIT offers auditing and compliance services that does exactly that.
3. Encrypt sensitive data: Ensure that all personal and sensitive information is encrypted both in transit and at rest.
4. Provide cybersecurity training: Educate staff and students about best practices for data security and how to identify potential threats. Read about the role employee cybersecurity training plays in most attacks.
5. Limit data collection and retention: Only collect and store essential information, and implement strict data retention policies to ensure the data your organization collects is both properly stored and disposed of.
6. Vet third-party vendors: Thoroughly assess the security measures of any software or service providers before potentially granting them access to sensitive data.
7. Develop and test incident response plans: Create comprehensive plans for responding to potential breaches and conduct regular drills to ensure readiness.
8. Monitor for suspicious activity: Implement robust monitoring systems to detect and respond to unusual access patterns or data exports.
9. Keep software updated: Regularly apply security patches and updates to all systems and applications.
10. Consider cyber insurance: Invest in comprehensive cyber insurance to help mitigate the financial impact of potential breaches.

By implementing these measures, organizations can significantly enhance their cybersecurity posture and better protect the sensitive data of employees and customers alike. As cyber threats continue to evolve, it’s crucial for all entities handling personal information to remain vigilant and proactive in their approach to data security.

ATYXIT is an Illinois based security-first Business IT Solutions Provider and Chicago Cloud Provider. We excel in supporting and evolving company networks. Our technical support, technology consulting, project management, cyber security and IT strategy services make us the ideal IT resource for local small and medium sized businesses.

Reach out today if you need any assistance with your business technology!

The post Volume of Ransomware Attacks in 2025 appeared first on ATYXIT - Illinois IT Services and IT Support.

Scope of the Breach

PowerSchool, a leading provider of cloud-based software for K-12 education, serves thousands of educational institutions worldwide, managing data for tens of millions of students. The breach occurred when hackers gained unauthorized access to PowerSchool’s customer support portal, PowerSource, using stolen credentials. From there, they exploited a customer support maintenance tool to download student and teacher data from districts’ PowerSchool Student Information System (SIS) databases. While PowerSchool has not officially disclosed the full extent of the breach, it is believed that data from tens of millions of students and teachers may have been compromised. This suggests the attack’s scope may be significantly larger than initially reported.

Data Compromised

The stolen information varies by school district but potentially includes:

• Full names
• Physical addresses
• Contact information
• Social Security numbers (SSNs)
• Medical data
• Student grades
• Enrollment history
• Teacher licensing and salary information

In some cases, the breach affected not only current students and staff but also historical data, potentially impacting individuals who are no longer associated with the affected schools.

Schools Affected

The breach has impacted thousands of school districts across the United States and Canada. In Canada alone, dozens of school boards across multiple provinces and territories reported being affected. Some of the largest school boards in Ontario were impacted, affecting millions of students. In the United States, affected districts span multiple states, including large districts in California, Connecticut, Illinois, and Alabama.

Protecting Against Future Attacks

To better protect themselves from similar breaches, schools and organizations should consider the following measures:

1. Implement strong access controls: Use multi-factor authentication and regularly update passwords for all systems. Please read our guide on implementing multi-factor authentication.
2. Conduct regular security audits: Regularly assess and update security protocols to identify and address vulnerabilities. ATYXIT offers auditing and compliance services that can do just that.
3. Encrypt sensitive data: Ensure that all personal and sensitive information is encrypted both in transit and at rest.
4. Provide cybersecurity training: Educate staff and students about best practices for data security and how to identify potential threats. Read about the role employee cybersecurity training plays in most attacks.
5. Limit data collection and retention: Only collect and store essential information, and implement strict data retention policies.
6. Vet third-party vendors: Thoroughly assess the security measures of any software or service providers before granting access to sensitive data.
7. Develop and test incident response plans: Create comprehensive plans for responding to potential breaches and conduct regular drills to ensure readiness.
8. Monitor for suspicious activity: Implement robust monitoring systems to detect and respond to unusual access patterns or data exports.
9. Keep software updated: Regularly apply security patches and updates to all systems and applications.
10. Consider cyber insurance: Invest in comprehensive cyber insurance to help mitigate the financial impact of potential breaches.

By implementing these measures, educational institutions and organizations can significantly enhance their cybersecurity posture and better protect the sensitive data of students, staff, and faculty. As cyber threats continue to evolve, it’s crucial for all entities handling personal information to remain vigilant and proactive in their approach to data security.

ATYXIT is an Illinois based security-first Business IT Solutions Provider and Chicago Cloud Provider. We excel in supporting and evolving company networks. Our technical support, technology consulting, project management, cyber security and IT strategy services make us the ideal IT resource for local small and medium sized businesses.

Reach out today if you need any assistance with your business technology!

The post PowerSchool Data Breach Explained appeared first on ATYXIT - Illinois IT Services and IT Support.

The Rise of Intelligent Enterprises

AI Takes Center Stage

In 2025, artificial intelligence (AI) will no longer be a buzzword but a fundamental component of business operations. Organizations will move beyond experimentation, with 46% of executives expecting to scale AI for process optimization and 44% leveraging it for innovation

This shift represents a dramatic change from the current landscape, where only 24% of companies are using AI for innovation. The impact of AI will be far-reaching:

• Process Automation: AI will drive automation across various business functions, from customer service to supply chain management.
• Predictive Analytics: Companies will harness AI for more accurate forecasting and decision-making.
• Product Innovation: 89% of executives believe AI will drive product and service innovation [See Here]

Data-Driven Decision Making

The intelligent enterprise of 2025 will be characterized by seamless data flow between departments. Real-time analytics will enable companies to:

• Predict market demand with greater accuracy
• Identify and mitigate potential challenges proactively
• Adapt swiftly to changing market conditions and customer behaviors

Sustainability Takes Priority

Green Technology Initiatives

In 2025, businesses will increasingly seek partners who can help them meet their sustainability goals while deploying new technologies

This trend will manifest in several ways:

• Energy-Efficient Products: Companies will prioritize technologies that minimize energy consumption.
• Circular Business Models: There will be a greater focus on reusing and recycling technology components.
• AI-Powered Sustainability: Artificial intelligence will play a crucial role in optimizing energy usage and reducing emissions.

“Energy Networking”

A new era of “energy networking” will emerge, combining software-defined networking capabilities with DC micro grids.

This innovation will:

• Provide greater visibility into emissions
• Offer platforms for optimizing power usage, distribution, and storage
• Enable businesses to make more informed decisions about their energy consumption

Customer Experience Re-imagined

Hyper-Personalization at Scale

AI and advanced data analytics will enable businesses to deliver unprecedented levels of personalization:

• Every customer interaction will be informed by real-time data
• Businesses will be able to treat each customer as a valued individual, even at scale

Omnichannel Excellence

The line between online and offline experiences will continue to blur:

• Customers will enjoy seamless transitions between digital and physical touch points
• Unified brand experiences will become the norm, regardless of the engagement channel

Companies that prioritize customer experience in 2025 will gain a significant competitive advantage.

The Evolution of Computing

Quantum Computing Advances

While still in its early stages, quantum computing will begin to show practical applications in 2025:

• Cryptography: Enhanced security measures to protect against quantum-based attacks
• Material Science: Accelerated discovery of new materials with specific properties
• Pharmaceutical Research: Faster drug discovery and development processes

Hybrid Computing Models

As AI workloads increase, organizations will need to adopt hybrid computing models:

• GPU Optimization: Only 21% of organizations currently have the necessary GPUs to meet AI demands, driving a push for infrastructure modernization [See Here].
• Cloud and Edge Computing: A balance between centralized and distributed computing resources will be crucial for handling AI workloads efficiently.

Cybersecurity in the AI Era

AI-Driven Security

As AI becomes more prevalent, so too will AI-powered security solutions:

• Threat Detection: Advanced algorithms will identify and respond to threats in real-time
• Predictive Security: AI will anticipate potential vulnerabilities before they can be exploited

Quantum-Resistant Encryption

With the looming threat of quantum computers breaking current encryption methods, businesses will invest in quantum-resistant cryptography to protect sensitive data.

The Workforce of 2025

Human-AI Collaboration

The workplace of 2025 will see increased collaboration between humans and AI:

• AI will augment human capabilities, handling routine tasks and providing data-driven insights
• Employees will focus on high-value activities that require creativity, emotional intelligence, and strategic thinking

Skill Development Imperative

To keep pace with technological advancements, businesses will prioritize:

• Continuous learning programs for employees
• Partnerships with educational institutions to develop AI-ready talent
• Reskilling initiatives to help workers transition to new roles alongside AI

Emerging Technologies to Watch

Several other technologies will gain traction in 2025:

• 5G Expansion: Wider 5G coverage will enable new IoT applications and enhance mobile experiences.
• Virtual and Augmented Reality: VR and AR will find applications beyond gaming, transforming fields like education, healthcare, and remote collaboration.
• Spatial Computing: This technology will blend the physical and digital worlds, creating new interaction paradigms.

Preparing for 2025

As we look toward 2025, businesses must take proactive steps to prepare for these technological shifts:

1. Invest in AI Infrastructure: Ensure your organization has the necessary computing power and data management capabilities to leverage AI effectively.
2. Prioritize Data Quality: Clean, well-organized data will be crucial for AI success. Implement robust data governance practices.
3. Foster a Culture of Innovation: Encourage experimentation and continuous learning to stay ahead of technological trends.
4. Embrace Sustainability: Integrate green technologies and practices into your business strategy.
5. Focus on Customer-Centricity: Use technology to enhance customer experiences and build stronger relationships.
6. Strengthen Cybersecurity: Invest in advanced security measures to protect against evolving threats.
7. Develop a Skilled Workforce: Implement training programs to ensure your team is ready for the AI-driven future.

By embracing these trends and preparing accordingly, businesses can position themselves for success in the rapidly evolving technological landscape of 2025. The future promises exciting opportunities for those who are ready to adapt and innovate.

ATYXIT is a security-first Business IT Solutions Provider and Chicago Cloud Provider. We excel in supporting and evolving company networks. Our technical support, technology consulting, project management, cyber security and IT strategy services make us the ideal IT resource for local small and medium sized businesses.

Reach out today if you need any assistance with your business technology!

The post Business Technology in 2025 appeared first on ATYXIT - Illinois IT Services and IT Support.

Understanding BGP: The Internet’s Hidden Highway

Before we delve into the White House’s initiatives, it’s crucial to understand what BGP is and why it’s so important. Think of BGP as the traffic cop of the internet. It’s responsible for directing data packets across the vast network of networks that make up the global internet. When you send an email, stream a video, or browse a website, BGP is working behind the scenes to ensure your data reaches its destination efficiently. However, BGP was designed in a time when trust was assumed, and security was an afterthought. This has left it vulnerable to various attacks, including route hijacking, where malicious actors can redirect traffic, potentially leading to data theft or network outages. The consequences of BGP security can be far-reaching, affecting everything from personal communications to critical infrastructure.

The White House’s Multi-Pronged Approach

Recognizing the urgent need to address these vulnerabilities, the Biden administration has unveiled a comprehensive strategy to enhance BGP security.

Here’s a breakdown of the key components:

1. Mandating Federal Agency Compliance

The White House is taking a lead-by-example approach by requiring all federal agencies to implement BGP security best practices. This mandate includes:

• Implementing Resource Public Key Infrastructure (RPKI) to validate route origins
• Deploying route filtering mechanisms to prevent the propagation of illegitimate routes
• Regular audits and updates to ensure ongoing compliance

By setting a high standard for federal networks, the administration aims to create a model for the private sector to follow.

2. Incentivizing Private Sector Adoption

Recognizing that government action alone is not enough, the White House is also introducing incentives for internet service providers (ISPs) and other private sector entities to adopt similar security measures. These incentives may include:

• Tax breaks for companies that invest in BGP security upgrades
• Preferential treatment in government contracts for compliant organizations
• Public recognition and certification programs for companies that meet high security standards

The goal is to create a market-driven push towards better BGP security practices across the entire internet ecosystem.

3. Investing in Research and Development

To stay ahead of evolving threats, the administration is allocating increased funding for research and development of new BGP security technologies and protocols. This investment aims to:

• Foster innovation in routing security
• Develop more robust authentication mechanisms for BGP
• Create tools for real-time detection and mitigation of BGP-related attacks

By supporting cutting-edge research, the White House hopes to ensure that the U.S. remains at the forefront of internet security technology.

4. International Collaboration

Recognizing that the internet is a global resource, the Biden administration is also reaching out to international partners to promote BGP security on a global scale. This includes:

• Engaging in diplomatic efforts to establish international norms for secure routing practices
• Sharing best practices and technologies with allied nations
• Collaborating on joint research initiatives to address common challenges

By fostering international cooperation, the U.S. aims to create a more secure global internet infrastructure.

Challenges and Opportunities

While the White House’s initiatives are a significant step forward, implementing these changes across the vast and complex landscape of internet routing will not be without challenges. Some of the key hurdles include:

• Legacy Systems: Many organizations still rely on older networking equipment that may not support the latest security features.
• Cost Concerns: Upgrading to more secure BGP practices can be expensive, particularly for smaller ISPs and organizations.
• Technical Complexity: Implementing BGP security measures requires specialized knowledge and skills that may be in short supply.

However, these challenges also present opportunities for innovation and growth in the cybersecurity sector. We may see:

• A surge in demand for networking professionals with BGP security expertise
• The emergence of new tools and services to simplify BGP security implementation
• Increased collaboration between public and private sectors to address common challenges

What This Means for Internet Users

While much of the discussion around BGP security may seem technical, the implications for everyday internet users are significant. A more secure BGP infrastructure means:

• Reduced risk of service outages due to routing attacks
• Greater protection against certain types of phishing and man-in-the-middle attacks
• Increased confidence in the integrity of online transactions and communications

In essence, these initiatives aim to make the internet a safer and more reliable place for everyone.

Looking Ahead: The Future of Internet Security

The White House’s focus on BGP security is part of a broader trend towards treating cybersecurity as a critical national security issue. As we move forward, we can expect to see:

• Continued emphasis on securing fundamental internet protocols and infrastructure
• Greater integration of security considerations into the design of new technologies
• Increased public awareness of cybersecurity issues and best practices

The initiatives around BGP security serve as a reminder that the internet, despite its ubiquity, is a complex and evolving system that requires ongoing attention and investment to remain secure and reliable.

Conclusion: A Step Towards a More Secure Digital Future

The White House’s BGP security initiatives represent a significant milestone in the ongoing effort to secure the internet’s core infrastructure. By addressing vulnerabilities in how data is routed across the global network, these measures aim to create a more resilient and trustworthy internet for all users. While challenges remain, the comprehensive approach taken by the Biden administration—combining regulatory mandates, private sector incentives, research investment, and international collaboration—provides a strong foundation for progress. As these initiatives unfold, we can look forward to a future where the internet’s hidden highways are not just efficient, but also secure and reliable. In an interconnected world where digital security is more critical than ever, these steps towards securing BGP are not just technical upgrades—they’re investments in the future of our digital society.

ATYXIT is a security-first Business IT Solutions Provider and Chicago Cloud Provider. We excel in supporting and evolving company networks. Our technical support, technology consulting, project management, cyber security and IT strategy services make us the ideal IT resource for local small and medium sized businesses.

Reach out today if you need any assistance with your business technology!

The post The White House on BGP Security appeared first on ATYXIT - Illinois IT Services and IT Support.

What are YubiKeys?

YubiKeys are small USB devices that provide an extra layer of security when logging into accounts. They’re widely used by companies and individuals to protect sensitive information.

The YubiKey Vulnerability:
The researchers found a way to potentially clone these keys by exploiting a weakness in how the devices process information. This weakness is called a “side-channel vulnerability.”

How the Attack Works:

1. An attacker would need physical access to the YubiKey in question.
2. They would use special equipment to measure tiny changes in the device’s power consumption.
3. By analyzing these changes, they could potentially figure out the secret key stored in the YubiKey.
4. With this information, they could create a clone of the original key.

Important Points:

• This attack is complex and requires specialized knowledge and equipment.
• It’s not something that can be done remotely or easily.
• The researchers notified Yubico (the company that makes YubiKeys) about this issue.

Yubico’s Response:

• Yubico acknowledged the research but stated that the risk to users is low.
• They emphasized that an attacker would need prolonged physical access to the key to carry out this attack.
• Yubico is working on updates to address this vulnerability in future products.

What Users Should Do:

• Continue using your YubiKeys as they still provide strong security.
• Be cautious about who has physical access to your YubiKey.
• Consider using the YubiKey’s touch-required feature for added security.

The Bigger Picture:

This research highlights that even highly secure devices can have vulnerabilities. It’s a reminder of the ongoing challenge in cybersecurity to stay ahead of potential threats. In conclusion, while this vulnerability is concerning, YubiKeys remain a strong security tool when used properly. Users should stay informed but don’t need to panic about this specific discovery.

ATYXIT is a security-first Business IT Solutions Provider and Chicago Cloud Provider. We excel in supporting and evolving company networks. Our technical support, technology consulting, project management, cyber security and IT strategy services make us the ideal IT resource for local small and medium sized businesses.

Reach out today if you need any assistance with your business technology!

The post YubiKey Vulnerability Discovered appeared first on ATYXIT - Illinois IT Services and IT Support.

The disruption, which occurred on July 19, impacted 8.5 million Windows devices worldwide, causing significant operational challenges for many of CrowdStrike’s high-profile clients. Sentonas addressed these competitive maneuvers in an interview with the Financial Times, labeling them as “misguided” attempts to promote their own products at the expense of CrowdStrike’s reputation.

Despite facing criticism from companies like SentinelOne and Trellix, Sentonas emphasized that no cybersecurity vendor could “technically” ensure their software would never lead to a similar incident. He underscored the importance of trust in the cybersecurity industry and noted that exploiting such incidents for competitive advantage ultimately undermines the credibility of those companies engaging in such practices.

The fallout from the outage was substantial, with insurers estimating potential losses in the billions. Delta Air Lines, one of the affected companies, canceled over 6,000 flights and projected losses of $500 million, even threatening legal action against CrowdStrike. However, as part of the CrowdStrike response, their legal team has denied responsibility for the extent of Delta’s disruptions, arguing that their contractual liabilities are capped at “single-digit millions.”

In response to the outage, competitors like SentinelOne criticized CrowdStrike’s product design and testing processes, positioning themselves as safer alternatives. SentinelOne’s CEO, Tomer Weingarten, attributed the global shutdown to “bad design decisions” and “risky architecture” within CrowdStrike’s products. He further suggested that CrowdStrike’s extensive use of kernel-level code contributed to the widespread failures, as faulty software in this critical area can lead to system crashes, evidenced by the numerous “blue screens of death” experienced by users. Trellix, another competitor, reassured its clients of a different approach, with CEO Bryan Palma emphasizing a conservative philosophy that purportedly minimizes such risks. While the global shutdown may have been caused by a bad design decision and non-thorough testing of updates before they are globally deployed, the use of kernel-level code is nothing new in the anti-virus and cyber-security fields. Usage of kernel-level code is prominent in these products just like it has been prominent for the longest time in video game anti-cheat products. SentinelOne itself utilizes kernel level code in their own products to protect devices from threats.

This sentiment was echoed by other industry players, who criticized the opportunistic behavior of some vendors in leveraging the outages to market their own solutions. Forrester analyst Allie Mellen noted that while some vendors were using the incident to sell their products, the cybersecurity industry generally disapproves of such “ambulance chasing” tactics.

The market reaction to the incident saw shares in CrowdStrike’s publicly listed competitors rise, with SentinelOne’s stock climbing 19 percent and Palo Alto Networks seeing a 13 percent increase. Meanwhile, CrowdStrike’s market value dropped by nearly a quarter.

Despite this, CrowdStrike remains a key player in the enterprise endpoint security market, second only to Microsoft in revenue share, according to IT research firm Gartner. Palo Alto Networks’ CEO, Nikesh Arora, remarked during an earnings call that the incident had prompted some businesses to consider alternative options, creating opportunities for his company.

As part of their differentiation strategy, CrowdStrike’s smaller rivals have highlighted their approach to accessing an operating system’s core, or kernel, which controls the entire computer. By minimizing the amount of code placed in the kernel, they argue, the risk of catastrophic failures is reduced. While this is theoretically true, any amount of code placed in the kernel can cause catastrophic failures when coding errors occur.

In response to the criticism, CrowdStrike has pledged to implement new checks and staggered updates to prevent future disruptions. Sentonas defended the company’s strategy of operating within the kernel, stating that it provides essential visibility and speed, which are critical for effective cybersecurity measures. He emphasized that this approach is common across the industry and necessary for comprehensive protection. Most, if not all, cybersecurity solutions like CrowdStrike do indeed operate at the kernel level.

CrowdStrike has previously criticized Microsoft for its own cybersecurity challenges, but in the wake of the outage, Sentonas has sought to foster a more collaborative relationship. He acknowledged Microsoft’s support during the incident and praised Palo Alto Networks for engaging in constructive discussions about resilience. Despite the challenges, Sentonas remains optimistic about CrowdStrike’s future.

He recently accepted the Pwnie Award for Epic Fail at the 2024 Def Con security conference in Las Vegas, viewing the experience as an opportunity for growth. He expressed confidence that CrowdStrike would emerge stronger and more resilient, noting that many customers believe the company will become the most battle-tested security product in the industry.

ATYXIT is a security-first Business IT Solutions Provider and Chicago Cloud Provider. We excel in supporting and evolving company networks. Our technical support, technology consulting, project management, cyber security and IT strategy services make us the ideal IT resource for local small and medium sized businesses.

Reach out today if you need any assistance with your business technology!

The post CrowdStrike Response to Outage appeared first on ATYXIT - Illinois IT Services and IT Support.

Russian Hackers Exploiting Spyware

Google’s Threat Analysis Group (TAG) identified that the Russian cyber espionage group known as APT29 is deploying exploits that are either identical or remarkably similar to those created by Intellexa and NSO Group. APT29, commonly associated with Russia’s Foreign Intelligence Service (SVR), is notorious for its persistent and highly skilled operations targeting foreign governments, technology companies, and other high-value targets. The method by which the Russian government acquired these powerful exploits remains uncertain. Google emphasized that this situation underscores the risks associated with spyware code falling into the hands of malicious actors.

Watering Hole Attack on Mongolian Government

Google’s investigation revealed that these exploits were embedded in Mongolian government websites from November 2023 to July 2024. Visitors to these sites using iPhones or Android devices were at risk of having their devices compromised through a “watering hole” attack. This tactic involves infecting websites that are likely to be visited by the attackers’ targets. The exploits took advantage of known vulnerabilities in the Safari browser on iPhones and Google Chrome on Android devices. Although these vulnerabilities had been patched by the time the Russian campaign was underway, devices that had not been updated remained vulnerable to attack.

Targeted Attacks and Methods

The attacks on iPhones and iPads were specifically designed to steal user account cookies stored in the Safari browser, particularly those linked to online email providers used by the Mongolian government. These stolen cookies could potentially grant attackers unauthorized access to government accounts. For Android devices, two distinct exploits were used to steal cookies stored in the Chrome browser. Google’s researchers connected the reuse of this cookie-stealing code to APT29, noting that similar tactics had been observed in 2021.

Unresolved Questions: Acquisition of Exploits

A key question arising from Google’s findings is how Russian government hackers obtained the exploit code. Both the Safari and Chrome exploits bear a close resemblance to those developed by Intellexa and NSO Group, companies known for creating spyware capable of compromising even fully patched devices. Google’s analysis indicates that the exploit code used in the watering hole attacks shares a “very similar trigger” with earlier exploits developed by NSO Group. Furthermore, the code targeting iPhones and iPads used the “exact same trigger” as an exploit created by Intellexa, suggesting involvement from the same authors or providers. Clement Lecigne, a security researcher at Google, mentioned that the team does not believe the state-sponsored hackers recreated the exploit. He noted, “There are multiple possibilities as to how they could have acquired the same exploit, including purchasing it after it was patched or stealing a copy of the exploit from another customer.”

The Importance of Staying Updated

Google stressed the critical importance of keeping software up-to-date to prevent such cyberattacks and becoming a victim of spyware exploits. Users are advised to promptly apply patches to protect their devices from known vulnerabilities. Interestingly, iPhone and iPad users with Apple’s high-security Lockdown Mode enabled were reportedly unaffected by the attack, even if they were running a vulnerable software version. This highlights the effectiveness of additional security measures in safeguarding against sophisticated cyber threats.

ATYXIT is a security-first Business IT Solutions Provider and Chicago Cloud Provider. We excel in supporting and evolving company networks. Our technical support, technology consulting, project management, cyber security and IT strategy services make us the ideal IT resource for local small and medium sized businesses.

Reach out today if you need any assistance with your business technology!

The post Russian hackers using spyware exploits appeared first on ATYXIT - Illinois IT Services and IT Support.

Key Methods of Attack

The primary methods employed by hackers in these attacks were breaches of private keys and seed phrases. Seed phrases, which are collections of random words used to access and recover crypto wallets, became a significant target. The largest heist of the year involved the theft of $300 million in bitcoin from the Japanese crypto exchange DMM Bitcoin. Hackers used stolen private keys or engaged in address poisoning, a tactic where they trick users into sending funds to the wrong wallet by sending a small amount of cryptocurrency from a wallet that looks similar to the legitimate one.

Consistent Security Challenges

Despite these alarming figures, TRM Labs noted that the overall security landscape in the crypto ecosystem remained largely unchanged. The attack methods and frequency of incidents were consistent with previous years. However, the increase in the average value of cryptocurrencies earlier in the year may have amplified the financial impact of these thefts. Cyberattacks on cryptocurrency firms have become a common occurrence. For instance, in November, the HTX exchange and Heco Chain, both associated with Justin Sun, suffered a loss of $115 million. The infamous collapse of the Mt. Gox exchange in 2014, which resulted in the loss of up to 950,000 bitcoins, continues to highlight the vulnerabilities within the industry.

Recommendations for Crypto Firms

To combat these threats, TRM Labs recommends that cryptocurrency businesses conduct frequent security audits and implement robust encryption measures. Additionally, comprehensive employee training programs and a well-prepared crisis response strategy are essential to protect against potential breaches. ATYXIT, a Chicago based business technology company, recommends that all businesses conduct security audits and implement cyber security strategies and training.

Notable Historical Hacks

The cryptocurrency sector has witnessed several high-profile hacks over the years. In March 2022, the largest crypto hack on record occurred on the Ronin network, which supports the popular Axie Infinity blockchain gaming platform. Hackers made off with $625 million in Ethereum and USDC, involving approximately 173,600 ETH and $25.5 million USDC. U.S. authorities attributed this heist to the Lazarus Group, a hacking organization backed by North Korea.

Legal Actions Against Hackers

In related developments, two Russian nationals faced charges for hacking into a company’s system in the Philippines and stealing XRP cryptocurrency valued at approximately $5.8 million. The Department of Justice charged these individuals, who were former advisors to Coins.ph, with multiple criminal offenses. Coins.ph is involved in remittance, money transfer, foreign currency exchange, and other financial services. In another case, a former compliance officer from Crypto.com in Singapore was charged with extortion and money laundering in Malta. The individual, Jose Luis Alonso Melchor, allegedly used his position to access confidential corporate information and attempted to extort the company for compensation after his dismissal. Following his arraignment, the court denied his bail application, citing him as a flight risk, and imposed a €2 million frozen order.

Conclusion

The first half of 2024 has underscored the persistent threat of cybercrime in the cryptocurrency sector. With hackers doubling their loot compared to the previous year, the need for robust security measures and vigilant oversight has never been more critical. As the industry continues to grow and evolve, both companies and regulators must work together to protect digital assets and maintain trust in the burgeoning world of cryptocurrency. Businesses should spend more resources on preventative measures to prevent their funds or business secrets being stolen by hackers.

ATYXIT is a security-first Business IT Solutions Provider and Chicago Cloud Provider. We excel in supporting and evolving company networks. Our technical support, technology consulting, project management, cyber security and IT strategy services make us the ideal IT resource for local small and medium sized businesses.

Reach out today if you need any assistance with your business technology!

The post $1.38 Billion Stolen by Hackers in First Half of 2024 appeared first on ATYXIT - Illinois IT Services and IT Support.