It's here. This is our final daily news show of the season. We have a weekend show with our cybersecurity panel doing a wrap up of some of the key stories and issues from this year. And I'll be back with you Monday, January 6th with the daily news. And over the holidays we'll have some special content for you, which we hope you'll like. Now, as I always say, back to our regularly scheduled programming. Millions stolen in crypto wallets linked to a 2022 LastPass hack.
TP Link routers face possible US ban over national security concerns and Microsoft pushes for a passwordless future with pass keys. Welcome to Cybersecurity Today. I'm your host, Jim Love. Let's get into it. The fallout from the 2022 last past breach is far from over with millions of dollars in cryptocurrency stolen from victims wallets. This week, blockchain analyst Zach XBT reported an additional 5. 36 million stolen from 40 crypto wallets.
These thefts, he claims, are the latest in a string of attacks tied to the massive LastPass breach. The original breach allowed attackers to access both encrypted and unencrypted data, including API tokens, multi factor authentication seeds, and encrypted password vaults. While vaults were protected, weak or reused master passwords could be brute forced, potentially exposing sensitive information like cryptocurrency seed phrases. And this isn't an isolated incident.
In October 2023, 4. 4 million was stolen, followed by 6. 2 million in February 2024. Overall, , over 35 million was reportedly taken from 150 victims linked to the breach. Zach XBT warns, if you believe you've stored your seed phrase or key passes in LastPass, migrate your crypto assets immediately. Security experts continue to stress the importance of unique, strong passwords and recommend biometric authentication tools for additional protection.
LastPass maintains it has found no conclusive evidence directly connecting these thefts to a breach. However, these ongoing incidents underscore the risks of weak password management, and the lesson is clear. Even encrypted data is only as secure as the passwords protecting it. TP Link, the dominant router brand in the U. S., could soon face a ban over a national security concern.
Federal investigations by the Department of Commerce, Defense, and Justice are scrutinizing The Chinese made devices, which have a history of vulnerabilities and potential misuse by state backed hackers. TP Link holds 65 percent of the U. S. market for home and small business routers with 11 of Amazon's top 20 best selling models, including the popular AX3000 and AX1800. However, the router's affordability and popularity come with risks.
Microsoft recently identified TP Link devices as part of a botnet. Dubbed Covert Network 1658, used in sophisticated cyber attacks against Microsoft Azure customers, including U. S. Defense Department suppliers. The concerns aren't new. TP Link routers have been implicated in several cyber security incidents, including the Mirai botnet attacks and cases of custom malicious firmware infections attributed to Chinese state hackers.
This year, a critical vulnerability in the Archer C5400X router earned a maximum CVS score of 10. 0, highlighting the ease with which attackers could gain full remote control. The Justice Department is also probing TP Link's pricing strategy. Suspecting that selling routers below manufacturing costs could be part of an anti-competitive practice. Meanwhile, a Chinese embassy spokesperson in Washington accused the US of using security concerns as a pretext to suppress Chinese firms.
If the ban proceeds, it would mark another escalation in the U. S. China tech tensions. For TP Link users, the uncertainty raises questions about future support and security patches. It's a reminder that choosing budget friendly tech can sometimes come at a higher long term cost. And Microsoft is doubling down on its vision for a passwordless future, promoting passkeys as safer and easier alternatives to traditional passwords.
The company revealed in a recent blog that it blocks 7, 000 password attacks per second, nearly double the volume from last year, and faces a 146 percent increase in phishing attacks annually. Pass keys offer a significant security upgrade by storing private encryption keys on local devices such as phones, rather than on servers vulnerable to breaches.
They eliminate the need to type credentials into websites, instead relying on biometric authentication such as fingerprints or facial recognition. This makes them resistant to phishing attacks as hackers would need both your device and your physical presence to gain access. Microsoft has gradually rolled out passkey support across its ecosystem, including Xbox, Microsoft 365, and CoPilot.
By integrating passkeys into login prompts like face, fingerprint, or pin, the company has made the transition seamless for users. Recent experiments showed that emphasizing passkeys is faster or more secure, increased adoption rates by over 24%. And the company has also been nudging users towards passkeys at such as during account creation or password resets. While Microsoft still allows users to skip for now, its long term goal is to phase out passwords entirely.
The path forward includes making passkeys the default, removing passwords altogether, and fully adopting phishing resistant credentials. This shift highlights a growing consensus in cybersecurity. The password, once a cornerstone of online security, is now a weak link. For organizations and individuals, adopting passwordless technologies may soon become not just an option, but a necessity.
Finally, whatever holiday you celebrate for us, it's a Merry Christmas, but whatever it is for you, we hope you have a great time with your loved ones, and we hope that the next year brings you great happiness and joy. I have no idea what the next year will bring for me in this program. Only one thing is certain. I'll be back at the news 6th with a new episode of Cybersecurity Today. I'm your host, Jim Love. Thanks for listening.