The past year has seen significant changes among cyber criminal threat actors with previously feared groups such as LockBit – taken down by law enforcement and others no longer the forces they once were.

The past year has also seen a pivot among some cyber-threat actors to extortion without encryption. In such attacks, a victim’s systems are attacked via social engineering or an unpatched software vulnerability. Their data is then stolen, but not encrypted.

This sort of attack is becoming a significant threat because it lowers the barriers to entry from a technical perspective, both for the ransomware operators who save on time and effort, and their affiliates. This trend started to emerge during 2024 and shows no signs of slowing down.

“Multiple groups appear to prefer a pure extortion play. Ransomware groups will traditionally encrypt files before exfiltrating them, charging for both the decryption key and to prevent data from being leaked,” said the FlashPoint team.

“[However] extortion groups like World Leaks, previously known as Hunter’s International, ransoms without encryption. Additionally, RansomHub has been observed occasionally employing this tactic, as well as emerging groups like Weyhro,” they said.

Meanwhile, generative artificial intelligence (GenAI) is also starting to be used by some – albeit not many gangs, again as a means of relieving ransomware gangs of some of the more burdensome tasks they face, such as developing phishing templates.

At the time of writing, few high-profile operators are using large language models (LLMs) in their tooling, but Funksec, which emerged at the end of 2024 and may have had a hand in the development of the WormGPT model, may be one to watch out for.

“It is possible that additional groups will integrate the use of LLMs or chatbots within their operations,,” said the FlashPoint team.

Other operational and technical changes observed by the FlashPoint team include a growing number of attacks in which ransomware gangs recycle previous ransomware victims from other groups, with data often appearing on other forums long after the event itself has occurred.

Data Compromised

The stolen information varies by but potentially includes:

• Full names
• Physical addresses
• Contact information
• Social Security numbers (SSNs)
• Medical data
• Student grades
• Enrollment history
• Teacher licensing and salary information

The most active ransomware actors tracked during the first six months of 2025 were Akira, which carried out 537 attacks, Clop/Cl0p, with 402, Qilin, with 345, Safepay Ransomware, with 233, and RansomHub, with 231 attacks.

In terms of ransomware victims, organizations in the United States continue to be the most frequently targeted, accounting for 2,160 attacks tracked by FlashPoint. This outpaces Canada – with 249 attacks – by a runaway margin. FlashPoint tracked 154 attacks in Germany and 148 in the UK, followed by Brazil, Spain, France, India and Australia.

Protecting Against Future Attacks

To better protect themselves from ransomware attacks and breaches, organizations should consider the following measures:

1. Implement strong access controls: Use multi-factor authentication and regularly update passwords for all systems. Check out our guide on implementing multi-factor authentication.
2. Conduct regular security audits: Regularly assess and update security protocols to identify and address vulnerabilities. ATYXIT offers auditing and compliance services that does exactly that.
3. Encrypt sensitive data: Ensure that all personal and sensitive information is encrypted both in transit and at rest.
4. Provide cybersecurity training: Educate staff and students about best practices for data security and how to identify potential threats. Read about the role employee cybersecurity training plays in most attacks.
5. Limit data collection and retention: Only collect and store essential information, and implement strict data retention policies to ensure the data your organization collects is both properly stored and disposed of.
6. Vet third-party vendors: Thoroughly assess the security measures of any software or service providers before potentially granting them access to sensitive data.
7. Develop and test incident response plans: Create comprehensive plans for responding to potential breaches and conduct regular drills to ensure readiness.
8. Monitor for suspicious activity: Implement robust monitoring systems to detect and respond to unusual access patterns or data exports.
9. Keep software updated: Regularly apply security patches and updates to all systems and applications.
10. Consider cyber insurance: Invest in comprehensive cyber insurance to help mitigate the financial impact of potential breaches.

By implementing these measures, organizations can significantly enhance their cybersecurity posture and better protect the sensitive data of employees and customers alike. As cyber threats continue to evolve, it’s crucial for all entities handling personal information to remain vigilant and proactive in their approach to data security.

ATYXIT is an Illinois based security-first Business IT Solutions Provider and Chicago Cloud Provider. We excel in supporting and evolving company networks. Our technical support, technology consulting, project management, cyber security and IT strategy services make us the ideal IT resource for local small and medium sized businesses.

Reach out today if you need any assistance with your business technology!

The post Volume of Ransomware Attacks in 2025 appeared first on ATYXIT - Illinois IT Services and IT Support.

Scope of the Breach

PowerSchool, a leading provider of cloud-based software for K-12 education, serves thousands of educational institutions worldwide, managing data for tens of millions of students. The breach occurred when hackers gained unauthorized access to PowerSchool’s customer support portal, PowerSource, using stolen credentials. From there, they exploited a customer support maintenance tool to download student and teacher data from districts’ PowerSchool Student Information System (SIS) databases. While PowerSchool has not officially disclosed the full extent of the breach, it is believed that data from tens of millions of students and teachers may have been compromised. This suggests the attack’s scope may be significantly larger than initially reported.

Data Compromised

The stolen information varies by school district but potentially includes:

• Full names
• Physical addresses
• Contact information
• Social Security numbers (SSNs)
• Medical data
• Student grades
• Enrollment history
• Teacher licensing and salary information

In some cases, the breach affected not only current students and staff but also historical data, potentially impacting individuals who are no longer associated with the affected schools.

Schools Affected

The breach has impacted thousands of school districts across the United States and Canada. In Canada alone, dozens of school boards across multiple provinces and territories reported being affected. Some of the largest school boards in Ontario were impacted, affecting millions of students. In the United States, affected districts span multiple states, including large districts in California, Connecticut, Illinois, and Alabama.

Protecting Against Future Attacks

To better protect themselves from similar breaches, schools and organizations should consider the following measures:

1. Implement strong access controls: Use multi-factor authentication and regularly update passwords for all systems. Please read our guide on implementing multi-factor authentication.
2. Conduct regular security audits: Regularly assess and update security protocols to identify and address vulnerabilities. ATYXIT offers auditing and compliance services that can do just that.
3. Encrypt sensitive data: Ensure that all personal and sensitive information is encrypted both in transit and at rest.
4. Provide cybersecurity training: Educate staff and students about best practices for data security and how to identify potential threats. Read about the role employee cybersecurity training plays in most attacks.
5. Limit data collection and retention: Only collect and store essential information, and implement strict data retention policies.
6. Vet third-party vendors: Thoroughly assess the security measures of any software or service providers before granting access to sensitive data.
7. Develop and test incident response plans: Create comprehensive plans for responding to potential breaches and conduct regular drills to ensure readiness.
8. Monitor for suspicious activity: Implement robust monitoring systems to detect and respond to unusual access patterns or data exports.
9. Keep software updated: Regularly apply security patches and updates to all systems and applications.
10. Consider cyber insurance: Invest in comprehensive cyber insurance to help mitigate the financial impact of potential breaches.

By implementing these measures, educational institutions and organizations can significantly enhance their cybersecurity posture and better protect the sensitive data of students, staff, and faculty. As cyber threats continue to evolve, it’s crucial for all entities handling personal information to remain vigilant and proactive in their approach to data security.

ATYXIT is an Illinois based security-first Business IT Solutions Provider and Chicago Cloud Provider. We excel in supporting and evolving company networks. Our technical support, technology consulting, project management, cyber security and IT strategy services make us the ideal IT resource for local small and medium sized businesses.

Reach out today if you need any assistance with your business technology!

The post PowerSchool Data Breach Explained appeared first on ATYXIT - Illinois IT Services and IT Support.

The Importance of Data Backups in Ransomware Protection

Ransomware attacks have become increasingly sophisticated, targeting not only primary data but also backup systems. Regular data backups are essential for reducing the impact of these attacks and ensuring business continuity. By maintaining current copies of critical data, companies can avoid the difficult decision of whether to pay a ransom and can resume operations more quickly after an attack.

Immutable Backups: A Powerful Defense

Immutable backups have emerged as a superior solution for ransomware protection. These backups are designed to be unchangeable, providing an extra layer of security against various threats, including ransomware attacks, accidental deletions, and insider threats.

Key benefits of immutable backups include:

1. Enhanced protection against ransomware
2. Data integrity and security
3. Compliance with data regulations (e.g., GDPR)
4. Reliable disaster recovery
5. Faster Recovery Time Objectives (RTOs)
6. Higher Recovery Point Objectives (RPOs)

Recovering from a Ransomware Attack: With Immutable Backups

When a business with immutable backups faces a ransomware attack, the recovery process is significantly more straightforward and less costly. Here’s what the ransomware recovery typically looks like:

1. Incident Detection and Containment: The organization identifies the ransomware attack and isolates affected systems to prevent further spread.
2. Damage Assessment: An IT team such as ATYXIT evaluate the extent of the attack and identify which systems and data have been compromised.
3. Backup Verification: The immutable backups are verified to ensure they haven’t been tampered with or encrypted by the ransomware.
4. System Restoration: Using the clean, immutable backups, the organization can quickly restore its systems and data without paying any ransom.
5. Business Continuity: With data and systems restored from immutable backups, the company can resume normal operations with minimal downtime and data loss.
6. Post-Incident Analysis: The organization conducts a thorough investigation to understand how the attack occurred and implements additional security measures to prevent future incidents.

Example: Gladstone Institutes, a research organization, implemented immutable backups using cloud storage solutions. When faced with a ransomware attack, they were able to quickly restore their critical research data from these backups, avoiding significant delays in their scientific work and potential loss of valuable research findings.

Recovering from a Ransomware Attack: Without Backups

For businesses without proper backup systems in place, recovering from a ransomware attack can be a nightmare scenario. Here’s what the ransomware recovery process often looks like for these businesses:

1. Panic and Assessment: Upon discovering the attack, the organization frantically tries to determine the extent of the damage and which systems are affected.
2. Limited Options: Without backups, the company faces two unappealing choices: pay the ransom or lose the data permanently.
3. Ransom Negotiation: If the organization decides to pay, they must negotiate with cybercriminals, often through cryptocurrency transactions, with no actual guarantee of data recovery.
4. Lengthy Decryption Process: Even if the ransom is paid and decryption keys are provided, the process of decrypting and restoring data can take days or weeks, resulting in extended downtime and loss of revenue.
5. Data Loss and Integrity Issues: There’s a high risk of permanent data loss, as not all files may be recoverable even after paying the ransom. Additionally, there’s no way to verify the integrity of the recovered data.
6. Financial and Reputational Damage: The organization suffers significant financial losses due to extended downtime, potential ransom payments, and damage to its reputation.
7. Rebuilding from Scratch: In worst-case scenarios, the company may need to rebuild its entire IT infrastructure and recreate lost data, a process that can take months and incur substantial costs.

Example: A small manufacturing company without proper backups fell victim to a ransomware attack. Unable to access their production schedules, customer orders, and financial records, they were forced to halt operations for weeks. The company ultimately paid the ransom but still lost several days of recent data and spent months rebuilding customer trust and catching up on delayed orders.

Best Practices for Ransomware-Resilient Backups

To ensure effective protection against ransomware, businesses should implement the following backup strategies:

1. Implement the 3-2-1 Backup Rule: Maintain at least three copies of data on two different media types, with one copy stored offsite. This is the bare minimum backup rule that ATYXIT offers as part of its Data Backup and Disaster Recovery services.
2. Use Immutable Storage: Leverage immutable storage solutions to prevent unauthorized modifications to backup data.
3. Regular Testing: Frequently test backup and recovery processes to ensure they work as expected.
4. Offline Backups: Keep at least one backup copy offline or air-gapped to prevent ransomware from accessing it.
5. Encryption: Use strong encryption for both data in transit and at rest to protect against unauthorized access.
6. Versioning: Maintain multiple versions of backups to increase the chances of having a clean, pre-attack copy.
7. Employee Training: Educate staff about ransomware threats and proper data handling procedures to reduce the risk of successful attacks or enroll staff into cyber security training like the one ATYXIT offers as part of its Managed IT Services.

In conclusion, data backups, especially immutable backups, play a crucial role in protecting businesses from the devastating effects of ransomware attacks. Organizations that implement robust backup strategies can recover quickly and efficiently, minimizing downtime and financial losses. In contrast, those without proper backups face a much more challenging and costly recovery process. By following best practices and investing in modern backup solutions, businesses can significantly enhance their resilience against ransomware and other cyber threats and make ransomware recovery the easiest it can be.

ATYXIT is a security-first Business IT Solutions Provider and Chicago Cloud Provider. We excel in supporting and evolving company networks. Our technical support, technology consulting, project management, cyber security and IT strategy services make us the ideal IT resource for small and medium sized businesses looking to leverage enterprise-grade technology solutions.

Reach out today if you need any assistance with your business technology!

The post Ransomware Recovery Guide appeared first on ATYXIT - Illinois IT Services and IT Support.

The FortiManager Vulnerability Explained

Fortinet’s FortiManager is a network management solution widely used by businesses to manage their Fortinet security infrastructure. On October 23, 2024, a zero-day vulnerability was disclosed in FortiManager, which has been actively exploited in the wild. This vulnerability stems from a missing authentication mechanism in the fgfmd daemon, allowing remote attackers to execute arbitrary code or commands without needing authentication (see: Google explanation). The vulnerability carries a CVSS v3 score of 9.8, indicating its critical severity. Exploitation of this flaw can lead to unauthorized access and control over FortiManager devices, potentially allowing attackers to exfiltrate sensitive data such as IP addresses, credentials, and configurations of managed devices. This can have severe consequences, including data breaches and further attacks on connected systems.

Implications for Small to Medium-Sized Businesses

For SMBs, the implications of such vulnerabilities are profound. Unlike larger enterprises, SMBs often lack the robust cybersecurity infrastructure and dedicated IT teams needed to defend against sophisticated cyber threats. This makes them attractive targets for cybercriminals who exploit vulnerabilities like CVE-2024-47575. A successful cyberattack can result in significant financial losses, reputational damage, and even business closure.

According to recent data, small businesses are increasingly targeted by cyberattacks due to their perceived vulnerabilities. Therefore, addressing cybersecurity proactively is not just a defensive measure but a strategic necessity for business continuity and growth.

The Importance of Trustworthy IT Partners

Given the complexity and ever-evolving nature of cybersecurity threats, it is crucial for SMBs to partner with reliable IT service providers who specialize in cybersecurity. Companies like ATYXIT offer tailored solutions that can help businesses navigate challenges such as this Fortigate vulnerability effectively.

Why Choose ATYXIT?

• Expertise in Cybersecurity: ATYXIT specializes in providing enterprise-level technology solutions at affordable prices for SMBs. Their expertise includes implementing robust cybersecurity measures that protect against threats like the FortiManager vulnerability.
• Local Presence: Being a local provider means we can offer personalized service and rapid response times. This is critical when dealing with urgent security threats that require immediate attention.
• Comprehensive IT Solutions: Beyond cybersecurity, ATYXIT provides a range of IT services including data backups, cloud services, patch management and much more. This holistic approach ensures that all aspects of your business technology are secure and optimized.

Staying Ahead of Cyber Threats

To effectively combat cyber threats like the FortiManager vulnerability, SMBs should adopt a proactive approach to cybersecurity:

• Regular Updates and Patching: Ensure that all software and systems are regularly updated to mitigate known vulnerabilities. For FortiManager users affected by CVE-2024-47575, updating to the latest patched version is critical or disabling port 541 from accepting public connections.
• Employee Training: Educate employees on cybersecurity best practices to prevent common attack vectors such as phishing and social engineering.
• Robust Security Policies: Implement strong security policies that include multi-factor authentication, data encryption, and regular security audits.
• Incident Response Planning: Develop an incident response plan that outlines steps to take in the event of a security breach. This should include communication strategies and recovery procedures.

Conclusion

The recent Fortigate vulnerability serves as a stark reminder of the cybersecurity challenges facing SMBs today. By understanding these risks and taking proactive measures, businesses can protect themselves from potentially devastating cyberattacks.

Partnering with a trusted IT provider like ATYXIT can provide the expertise and support needed to navigate this complex landscape effectively. Investing in cybersecurity is not just about protecting your business; it’s about ensuring its long-term success and sustainability in an increasingly digital world.

As threats continue to evolve, staying informed and prepared is your best defense against malicious actors seeking to exploit vulnerabilities like those found in FortiManager.

ATYXIT is a security-first Business IT Solutions Provider and Chicago Cloud Provider. We excel in supporting and evolving company networks. Our technical support, technology consulting, project management, cyber security and IT strategy services make us the ideal IT resource for local small and medium sized businesses.

Reach out today if you need any assistance with your business technology!

The post Understanding the Fortigate Vulnerability appeared first on ATYXIT - Illinois IT Services and IT Support.

The disruption, which occurred on July 19, impacted 8.5 million Windows devices worldwide, causing significant operational challenges for many of CrowdStrike’s high-profile clients. Sentonas addressed these competitive maneuvers in an interview with the Financial Times, labeling them as “misguided” attempts to promote their own products at the expense of CrowdStrike’s reputation.

Despite facing criticism from companies like SentinelOne and Trellix, Sentonas emphasized that no cybersecurity vendor could “technically” ensure their software would never lead to a similar incident. He underscored the importance of trust in the cybersecurity industry and noted that exploiting such incidents for competitive advantage ultimately undermines the credibility of those companies engaging in such practices.

The fallout from the outage was substantial, with insurers estimating potential losses in the billions. Delta Air Lines, one of the affected companies, canceled over 6,000 flights and projected losses of $500 million, even threatening legal action against CrowdStrike. However, as part of the CrowdStrike response, their legal team has denied responsibility for the extent of Delta’s disruptions, arguing that their contractual liabilities are capped at “single-digit millions.”

In response to the outage, competitors like SentinelOne criticized CrowdStrike’s product design and testing processes, positioning themselves as safer alternatives. SentinelOne’s CEO, Tomer Weingarten, attributed the global shutdown to “bad design decisions” and “risky architecture” within CrowdStrike’s products. He further suggested that CrowdStrike’s extensive use of kernel-level code contributed to the widespread failures, as faulty software in this critical area can lead to system crashes, evidenced by the numerous “blue screens of death” experienced by users. Trellix, another competitor, reassured its clients of a different approach, with CEO Bryan Palma emphasizing a conservative philosophy that purportedly minimizes such risks. While the global shutdown may have been caused by a bad design decision and non-thorough testing of updates before they are globally deployed, the use of kernel-level code is nothing new in the anti-virus and cyber-security fields. Usage of kernel-level code is prominent in these products just like it has been prominent for the longest time in video game anti-cheat products. SentinelOne itself utilizes kernel level code in their own products to protect devices from threats.

This sentiment was echoed by other industry players, who criticized the opportunistic behavior of some vendors in leveraging the outages to market their own solutions. Forrester analyst Allie Mellen noted that while some vendors were using the incident to sell their products, the cybersecurity industry generally disapproves of such “ambulance chasing” tactics.

The market reaction to the incident saw shares in CrowdStrike’s publicly listed competitors rise, with SentinelOne’s stock climbing 19 percent and Palo Alto Networks seeing a 13 percent increase. Meanwhile, CrowdStrike’s market value dropped by nearly a quarter.

Despite this, CrowdStrike remains a key player in the enterprise endpoint security market, second only to Microsoft in revenue share, according to IT research firm Gartner. Palo Alto Networks’ CEO, Nikesh Arora, remarked during an earnings call that the incident had prompted some businesses to consider alternative options, creating opportunities for his company.

As part of their differentiation strategy, CrowdStrike’s smaller rivals have highlighted their approach to accessing an operating system’s core, or kernel, which controls the entire computer. By minimizing the amount of code placed in the kernel, they argue, the risk of catastrophic failures is reduced. While this is theoretically true, any amount of code placed in the kernel can cause catastrophic failures when coding errors occur.

In response to the criticism, CrowdStrike has pledged to implement new checks and staggered updates to prevent future disruptions. Sentonas defended the company’s strategy of operating within the kernel, stating that it provides essential visibility and speed, which are critical for effective cybersecurity measures. He emphasized that this approach is common across the industry and necessary for comprehensive protection. Most, if not all, cybersecurity solutions like CrowdStrike do indeed operate at the kernel level.

CrowdStrike has previously criticized Microsoft for its own cybersecurity challenges, but in the wake of the outage, Sentonas has sought to foster a more collaborative relationship. He acknowledged Microsoft’s support during the incident and praised Palo Alto Networks for engaging in constructive discussions about resilience. Despite the challenges, Sentonas remains optimistic about CrowdStrike’s future.

He recently accepted the Pwnie Award for Epic Fail at the 2024 Def Con security conference in Las Vegas, viewing the experience as an opportunity for growth. He expressed confidence that CrowdStrike would emerge stronger and more resilient, noting that many customers believe the company will become the most battle-tested security product in the industry.

ATYXIT is a security-first Business IT Solutions Provider and Chicago Cloud Provider. We excel in supporting and evolving company networks. Our technical support, technology consulting, project management, cyber security and IT strategy services make us the ideal IT resource for local small and medium sized businesses.

Reach out today if you need any assistance with your business technology!

The post CrowdStrike Response to Outage appeared first on ATYXIT - Illinois IT Services and IT Support.

Russian Hackers Exploiting Spyware

Google’s Threat Analysis Group (TAG) identified that the Russian cyber espionage group known as APT29 is deploying exploits that are either identical or remarkably similar to those created by Intellexa and NSO Group. APT29, commonly associated with Russia’s Foreign Intelligence Service (SVR), is notorious for its persistent and highly skilled operations targeting foreign governments, technology companies, and other high-value targets. The method by which the Russian government acquired these powerful exploits remains uncertain. Google emphasized that this situation underscores the risks associated with spyware code falling into the hands of malicious actors.

Watering Hole Attack on Mongolian Government

Google’s investigation revealed that these exploits were embedded in Mongolian government websites from November 2023 to July 2024. Visitors to these sites using iPhones or Android devices were at risk of having their devices compromised through a “watering hole” attack. This tactic involves infecting websites that are likely to be visited by the attackers’ targets. The exploits took advantage of known vulnerabilities in the Safari browser on iPhones and Google Chrome on Android devices. Although these vulnerabilities had been patched by the time the Russian campaign was underway, devices that had not been updated remained vulnerable to attack.

Targeted Attacks and Methods

The attacks on iPhones and iPads were specifically designed to steal user account cookies stored in the Safari browser, particularly those linked to online email providers used by the Mongolian government. These stolen cookies could potentially grant attackers unauthorized access to government accounts. For Android devices, two distinct exploits were used to steal cookies stored in the Chrome browser. Google’s researchers connected the reuse of this cookie-stealing code to APT29, noting that similar tactics had been observed in 2021.

Unresolved Questions: Acquisition of Exploits

A key question arising from Google’s findings is how Russian government hackers obtained the exploit code. Both the Safari and Chrome exploits bear a close resemblance to those developed by Intellexa and NSO Group, companies known for creating spyware capable of compromising even fully patched devices. Google’s analysis indicates that the exploit code used in the watering hole attacks shares a “very similar trigger” with earlier exploits developed by NSO Group. Furthermore, the code targeting iPhones and iPads used the “exact same trigger” as an exploit created by Intellexa, suggesting involvement from the same authors or providers. Clement Lecigne, a security researcher at Google, mentioned that the team does not believe the state-sponsored hackers recreated the exploit. He noted, “There are multiple possibilities as to how they could have acquired the same exploit, including purchasing it after it was patched or stealing a copy of the exploit from another customer.”

The Importance of Staying Updated

Google stressed the critical importance of keeping software up-to-date to prevent such cyberattacks and becoming a victim of spyware exploits. Users are advised to promptly apply patches to protect their devices from known vulnerabilities. Interestingly, iPhone and iPad users with Apple’s high-security Lockdown Mode enabled were reportedly unaffected by the attack, even if they were running a vulnerable software version. This highlights the effectiveness of additional security measures in safeguarding against sophisticated cyber threats.

ATYXIT is a security-first Business IT Solutions Provider and Chicago Cloud Provider. We excel in supporting and evolving company networks. Our technical support, technology consulting, project management, cyber security and IT strategy services make us the ideal IT resource for local small and medium sized businesses.

Reach out today if you need any assistance with your business technology!

The post Russian hackers using spyware exploits appeared first on ATYXIT - Illinois IT Services and IT Support.

Key Methods of Attack

The primary methods employed by hackers in these attacks were breaches of private keys and seed phrases. Seed phrases, which are collections of random words used to access and recover crypto wallets, became a significant target. The largest heist of the year involved the theft of $300 million in bitcoin from the Japanese crypto exchange DMM Bitcoin. Hackers used stolen private keys or engaged in address poisoning, a tactic where they trick users into sending funds to the wrong wallet by sending a small amount of cryptocurrency from a wallet that looks similar to the legitimate one.

Consistent Security Challenges

Despite these alarming figures, TRM Labs noted that the overall security landscape in the crypto ecosystem remained largely unchanged. The attack methods and frequency of incidents were consistent with previous years. However, the increase in the average value of cryptocurrencies earlier in the year may have amplified the financial impact of these thefts. Cyberattacks on cryptocurrency firms have become a common occurrence. For instance, in November, the HTX exchange and Heco Chain, both associated with Justin Sun, suffered a loss of $115 million. The infamous collapse of the Mt. Gox exchange in 2014, which resulted in the loss of up to 950,000 bitcoins, continues to highlight the vulnerabilities within the industry.

Recommendations for Crypto Firms

To combat these threats, TRM Labs recommends that cryptocurrency businesses conduct frequent security audits and implement robust encryption measures. Additionally, comprehensive employee training programs and a well-prepared crisis response strategy are essential to protect against potential breaches. ATYXIT, a Chicago based business technology company, recommends that all businesses conduct security audits and implement cyber security strategies and training.

Notable Historical Hacks

The cryptocurrency sector has witnessed several high-profile hacks over the years. In March 2022, the largest crypto hack on record occurred on the Ronin network, which supports the popular Axie Infinity blockchain gaming platform. Hackers made off with $625 million in Ethereum and USDC, involving approximately 173,600 ETH and $25.5 million USDC. U.S. authorities attributed this heist to the Lazarus Group, a hacking organization backed by North Korea.

Legal Actions Against Hackers

In related developments, two Russian nationals faced charges for hacking into a company’s system in the Philippines and stealing XRP cryptocurrency valued at approximately $5.8 million. The Department of Justice charged these individuals, who were former advisors to Coins.ph, with multiple criminal offenses. Coins.ph is involved in remittance, money transfer, foreign currency exchange, and other financial services. In another case, a former compliance officer from Crypto.com in Singapore was charged with extortion and money laundering in Malta. The individual, Jose Luis Alonso Melchor, allegedly used his position to access confidential corporate information and attempted to extort the company for compensation after his dismissal. Following his arraignment, the court denied his bail application, citing him as a flight risk, and imposed a €2 million frozen order.

Conclusion

The first half of 2024 has underscored the persistent threat of cybercrime in the cryptocurrency sector. With hackers doubling their loot compared to the previous year, the need for robust security measures and vigilant oversight has never been more critical. As the industry continues to grow and evolve, both companies and regulators must work together to protect digital assets and maintain trust in the burgeoning world of cryptocurrency. Businesses should spend more resources on preventative measures to prevent their funds or business secrets being stolen by hackers.

ATYXIT is a security-first Business IT Solutions Provider and Chicago Cloud Provider. We excel in supporting and evolving company networks. Our technical support, technology consulting, project management, cyber security and IT strategy services make us the ideal IT resource for local small and medium sized businesses.

Reach out today if you need any assistance with your business technology!

The post $1.38 Billion Stolen by Hackers in First Half of 2024 appeared first on ATYXIT - Illinois IT Services and IT Support.

Understanding Multi-Factor Authentication (MFA)

What is MFA? Multi-factor authentication (MFA) is a security mechanism that requires users to provide two or more verification factors to gain access to a system, application, or data. These factors typically include:

• Something you know: A password or PIN.
• Something you have: A smartphone, security token, or smart card.
• Something you are: Biometric verification such as a fingerprint or facial recognition.

How Does MFA Work?

When a user attempts to log in, they must first enter their password (something they know). Then, they are prompted to provide a second form of verification, such as a code sent to their smartphone (something they have) or a fingerprint scan (something they are). This additional layer of security ensures that even if a password is compromised, unauthorized access is still prevented.

The Importance of Strong Password Policies

Why Strong Passwords Matter

Passwords are often the first line of defense against cyber threats. However, weak or reused passwords can be easily exploited by cybercriminals. Strong password policies help mitigate this risk by ensuring that passwords are complex, unique, and regularly updated.

Key Elements of a Strong Password Policy

1. Length and Complexity: Passwords should be at least 12 characters long and include a mix of upper and lower-case letters, numbers, and special characters.
2. Regular Updates: Require employees to change their passwords every 60-90 days.
3. Avoid Reuse: Employees should not reuse passwords across different accounts or systems.
4. Education and Training: Regularly educate employees on the importance of strong passwords and how to create them.

Benefits of Implementing MFA and Strong Password Policies

1. Enhanced Security

The primary benefit of MFA and strong password policies is the significant enhancement of security. According to the Cybersecurity and Infrastructure Security Agency (CISA), MFA can make users 99% less likely to be hacked. By requiring multiple forms of verification, MFA reduces the risk of unauthorized access, even if a password is compromised.

2. Compliance with Regulations

Many industries have stringent cybersecurity regulations that require the implementation of robust security measures. For instance, businesses working with the Department of Defense (DoD) must comply with the Cybersecurity Maturity Model Certification (CMMC) framework, which includes MFA as a key requirement. Implementing MFA and strong password policies helps SMBs meet these regulatory requirements and avoid potential fines or legal issues.

3. Protection of Sensitive Data

SMBs often handle sensitive data, including customer information, financial records, and proprietary business data. A breach of this data can lead to severe financial and reputational damage. MFA and strong password policies provide an additional layer of protection, ensuring that sensitive data remains secure.

4. Increased Customer Trust

Customers are increasingly concerned about the security of their personal information. By implementing robust security measures, SMBs can demonstrate their commitment to protecting customer data, thereby enhancing customer trust and loyalty.

5. Reduced Financial Losses

Cyber attacks can be costly, resulting in business downtime, data loss, and ransom payments. The average cost of a data breach for SMBs is estimated to be around $3.92 million. By preventing unauthorized access, MFA and strong password policies can help SMBs avoid these substantial financial losses.

Implementing MFA and Strong Password Policies: A Step-by-Step Guide

1. Assess Your Current Security Posture

Begin by evaluating your current security measures. Identify areas where MFA and strong password policies can be implemented or improved. This assessment will help you prioritize your efforts and allocate resources effectively.

2. Choose the Right MFA Solution

Select an MFA solution that fits your business needs and budget. Popular options include:

• Authenticator Apps: Such as Google Authenticator or Microsoft Authenticator, which generate time-based one-time passwords (TOTPs).
• SMS or Email Verification: Sending a code to the user’s phone or email.
• Hardware Tokens: Physical devices like YubiKeys that generate verification codes.

3. Develop and Enforce Strong Password Policies

Create a comprehensive password policy that outlines the requirements for password length, complexity, and update frequency. Ensure that all employees are aware of and adhere to these policies. Consider using password management tools to help employees create and store strong passwords securely.

4. Educate and Train Employees

Regular training is essential to ensure that employees understand the importance of MFA and strong password policies. Provide training sessions and resources to help employees recognize phishing attempts and other cyber threats.

5. Monitor and Review

Continuously monitor your security measures to ensure they are effective. Regularly review and update your MFA and password policies to address emerging threats and vulnerabilities.

Overcoming Common Challenges

1. User Resistance

Employees may initially resist the implementation of multi-factor authentication and strong password policies due to perceived inconvenience. To address this, emphasize the importance of these measures for protecting both the business and their personal information. Provide clear instructions and support to help employees adapt to the new requirements.

2. Technical Integration

Integrating MFA with existing systems can be challenging, especially for businesses with legacy systems. Work with your IT team or a cybersecurity consultant to ensure a smooth integration process. Many MFA solutions offer APIs and plugins that simplify integration with various platforms.

3. Cost Considerations

While there may be upfront costs associated with implementing MFA and password management tools, the long-term benefits far outweigh these expenses. Consider the potential financial losses from a data breach and the value of protecting your business and customer data.

Conclusion

In an increasingly digital world, SMBs must prioritize cybersecurity to protect their assets and maintain customer trust. Multi-factor authentication and strong password policies are essential components of a robust cybersecurity strategy. By implementing these measures, SMBs can significantly reduce the risk of cyber attacks, comply with regulatory requirements, and safeguard sensitive data. For management-level employees, understanding and championing these security measures is crucial. By fostering a culture of security within your organization, you can ensure that your business remains resilient in the face of evolving cyber threats. Embrace the power of MFA and strong password policies to enhance your cybersecurity posture and drive long-term success.

ATYXIT is a security-first Business IT Solutions Provider and Chicago Cloud Provider. We excel in supporting and evolving company networks. Our technical support, technology consulting, project management, cyber security and IT strategy services make us the ideal IT resource for local small and medium sized businesses.

Reach out today if you need any assistance with your business technology!

The post The Role of Multi-Factor Authentication in Cyber Security appeared first on ATYXIT - Illinois IT Services and IT Support.

What is CEO Fraud?

CEO fraud involves cybercriminals impersonating senior executives, often the CEO, to deceive employees, customers, or vendors into transferring money or sensitive information to fraudulent accounts. These scammers employ sophisticated social engineering tactics, combined with detailed research on their targets, to create emails that appear legitimate, making the scam difficult to detect.

The Mechanics of an Attack

The process begins with the attacker gaining access to a senior executive’s email account through phishing or other means. They may also create a lookalike domain that closely resembles the target company’s, using it to send deceptive emails. For example, if your business domain is wayneaccounting.tld, a scammer will purchase wayneaccounling.tld or wayneaccountling.tld and use the new domain to send out emails. The fraudster, posing as the CEO or another top executive, then instructs an employee to perform an urgent transfer of funds or to send confidential information, often with the pretext of closing a confidential deal or resolving a purported emergency.

The Financial Toll

The financial impact of CEO fraud is staggering. According to the Federal Bureau of Investigation (FBI), businesses worldwide have lost billions of dollars to BEC scams over the past few years. In just one year, reported losses exceeded $1.8 billion, a testament to the effectiveness of these scams and the importance of vigilance.

Protecting Your Business

Third-Party Mail Filtering Tools

One of the first lines of defense against CEO fraud is implementing third-party mail filtering tools. These tools scrutinize incoming emails for signs of phishing, such as suspicious attachments or links, and inconsistencies in email addresses that could indicate a spoofed domain. By filtering out potentially harmful emails, these tools significantly reduce the risk of an employee accidentally engaging with a fraudulent request.

Employee Training

Equally important is the ongoing education and training of employees. They should be made aware of the tactics used by fraudsters and taught to recognize the signs of a phishing email. Regular training sessions can help instill a culture of security awareness, ensuring employees think twice before responding to email requests for fund transfers or sensitive information, especially when such requests deviate from standard procedures.

Collaborating with a Local IT Provider

Partnering with a local IT provider like ATYXIT can offer personalized support and training tailored to your business’s specific needs is invaluable. As part of our cyber-security services we conduct regular security assessments, implement effective cybersecurity measures, and provide cyber security training to your employees. This hands-on approach ensures that your team is not only aware of the risks but also equipped with the knowledge to combat threats effectively.

Key Takeaways for Business Leaders

• Be Proactive, Not Reactive: Implementing preventative measures before an attack occurs is crucial. This means investing in the right technology and training to protect your business.
• Foster a Culture of Security: Encourage employees to question unusual requests, even if they appear to come from senior executives. A healthy level of skepticism can prevent fraud.
• Regularly Update Security Measures: Cyber threats evolve rapidly, and so should your defense strategies. Regular updates and training sessions are essential.
• Collaborate with Experts: A security conscious provider like ATYXIT can offer invaluable insights and support tailored to your business’s unique vulnerabilities and needs.

Conclusion

CEO fraud represents a significant threat to businesses worldwide, but with the right strategies in place, it’s a threat that can be effectively mitigated. By understanding the mechanics of these scams, implementing advanced mail filtering solutions, providing comprehensive employee training, and partnering with a local IT provider, businesses can protect themselves against the financial and reputational damage caused by CEO fraud. In the digital age, where cyber threats are constantly evolving, staying informed, vigilant, and proactive is the key to safeguarding your business’s future.

ATYXIT is a security-focused Business IT Solutions Provider based out of Streamwood, Illinois. We excel in supporting and evolving company networks. Our technical support, technology consulting, project management, cyber security and IT strategy services make us the ideal IT resource for local small and medium sized businesses.

Reach out today if you need any assistance with your business technology.

The post The Rising Threat of CEO Fraud appeared first on ATYXIT - Illinois IT Services and IT Support.

What is Ransomware?

Ransomware is a type of malicious software designed to deny access to a computer system or data until a ransom is paid. Typically, cyber-criminals infiltrate a network through phishing emails, compromised websites, or exploiting vulnerabilities in software. Once inside, ransomware encrypts files, rendering them inaccessible to the rightful owners. The attackers then demand payment, often in cryptocurrency, in exchange for decryption keys.

Impact on Businesses

The impact of ransomware on businesses cannot be overstated. According to recent studies, the number of businesses impacted by ransomware surged dramatically in 2022 and 2023. Reports indicated that tens of thousands of businesses fell victim to ransomware attacks during these years, causing significant financial losses, operational disruptions, and reputational damage.

Financial Costs

The financial costs associated with ransomware attacks are staggering. Not only are businesses forced to pay hefty ransom demands to regain access to their data, but they also incur additional expenses related to downtime, recovery efforts, legal fees, and damage to their brand reputation. On average, the cost of recovering from a ransomware attack can run into hundreds of thousands or even millions of dollars, depending on the scale and severity of the incident.

Moreover, the average ransom payment demanded by cyber-criminals has also been on the rise. In 2022 and 2023, ransomware gangs demanded increasingly exorbitant sums, further exacerbating the financial burden on affected businesses.

Why Paying Ransom is Not the Solution

While it may be tempting for businesses to consider paying the ransom to quickly regain access to their data, doing so only perpetuates the cycle of cyber crime. There is no guarantee that paying the ransom will actually result in the full restoration of data, and it emboldens attackers to target more organizations in the future. Additionally, complying with ransom demands may violate legal and regulatory requirements, further complicating the situation for businesses.

The Importance of Preparation and Prevention

Instead of succumbing to ransom demands, businesses should focus on preparing themselves to mitigate the impact of ransomware attacks. This entails implementing robust cybersecurity measures, including regular data backups, network segmentation, employee training on cybersecurity best practices, and deploying advanced threat detection and prevention solutions.

Partnering with a knowledgeable IT partner such as ATYXIT that specializes in cybersecurity and ransomware recovery is crucial for businesses looking to fortify their defenses against cyber threats. A reputable IT partner can assess the organization’s vulnerabilities, develop a comprehensive cybersecurity strategy, and deploy backup solutions that are immune to ransomware attacks.

Conclusion

Ransomware poses a significant threat to businesses of all sizes, with the potential to cause irreparable harm to operations and finances. However, by understanding the nature of ransomware, its impact on businesses, and the importance of proactive measures for recovery and prevention, organizations can better safeguard themselves against this insidious threat. By investing in robust cybersecurity measures and partnering with experienced IT professionals, businesses can bolster their defenses and minimize the risk of falling victim to ransomware attacks.

ATYXIT consists of a group of specialists specializing in supporting and evolving company networks in industries such as Legal, Construction, Logistics, Medical, and more. From technical support to high level consulting services, project management, cyber security, and IT strategy, we’re no match for any other IT providers.

While the majority of our services are provided to small and medium sized businesses in Illinois, we can assist anyone in the United States thanks to the very same technology we provide to our clients. See just some of the Areas We Service.

Reach out today to secure your business with no commitment required.

The post Ransomware Recovery: Safeguarding Your Business appeared first on ATYXIT - Illinois IT Services and IT Support.