Components of DOT Security’s Services
Explore each of the core elements that combine to form DOT Security’s complete offering
See how it all comes together
DOT Security’s holistic service- A plan to get back up and running if a problem occurs
- Comply with data security laws and industry regulations
- Expert planning and training to improve overall security
- Protection for a controlled internal environment
- Coverage for individual systems and devices
- Control who can get into your networks
- Improved insight into data and communications
- Extra fortification for your most sensitive data
Risk Assessment
InsightsCybersecurity insights and analyses
Dive into the world of modern cybersecurity with explanations, predictions, and expert opinions
Find blogs, infographics, videos, and more
DOT Security insights- Definitions for industry terms and acronyms
- The complete beginner’s guide to everything cybersecurity
Cybersecurity Consulting
Cybersecurity in June – A Recap
June 27, 2023
10 minutes
Last year, June became National Cybersecurity Education Month thanks to Senators Jacky Rosen and Bill Cassidy as well as Representatives Andrew Garbarino and Yvette Clarke.
The initiative is aimed at raising awareness around cybersecurity practices and addressing the current and future talent needs of cybersecurity professionals. Especially as we see more and more cyberattacks being mounted each and every year. Some of the biggest in June are covered below.
If you don’t know where to start with your cybersecurity practices, download DOT Security’s Cybersecurity Checklist: How Covered is Your Business to get the ball rolling today.
International MOVEit Cyberattack Detected June 1st
One of the largest stories to come out of June is the massive cyberattack on MOVEit. MOVEit is a popular data transfer software used by many organizations internationally. The cyberattack was detected by the United States government on June 1st and proceeded to urge clients of the software to conduct an audit for malicious behavior specifically.
The MOVEit attack was far-reaching and hit a flurry of household brand names including BBC, Shell, Ernst and Young, Zellis, British Airways, and a growing list of others.
While investigations are pending, these attacks have been claimed by the ransomware gang known as Clop. Despite infiltrating multiple government agencies in addition to the growing list of private companies and individuals who have been compromised, Clop has stated they’ve deleted governmental data as they have “no interest to expose such information.”
Clop threatened to release stolen data by June 14th if ransoms weren’t met, however victims like Ernst and Young and PwC claim that the damage from the MOVEit attack is limited.
The Reddit Stand Off
Reddit is coming under fire in what’s shaking out to be a modern day Western. Users, moderators, and even hackers had a fire lit under their seat when Reddit announced a major price spike to their API.
The price increase to the API is Reddit’s way of locking down access to their data and making sure that AI language models can’t scrape the site for free. It’s also a step that indicates they’re preparing to launch an IPO, which has been in the works for quite some time.
However, the price spike created an absolute uproar in the community as over 8,000 prevalent subreddits with tens of millions of subscribers each have gone dark in a massive unified protest. Reddit hosts over 100,000 subreddits and boasts a whopping 500 million monthly visits globally, making it one of the most popular sites in the world. In the United States, Reddit outranks Amazon, Twitter, and Yahoo in monthly traffic.
The pushback is mainly coming from two groups. The first being the moderators who volunteer their time to keep the site safe, friendly, and as spam-free as possible. The second is the trove of users who rely on third-party apps for increased accessibility, organization, or other features that lack on the Reddit app. The situation has become so intense, that the online ransomware gang BlackCat/AlphV joined the Reddit revolt, as it’s been coined.
The ransomware group has threatened to release 80GBs of Reddit data stolen in February unless the company pays a ransom of $4.5 million and backs off with the API price spike.
ChatGPT Vulnerabilities Exposed
ChatGPT ripped across the globe with breakneck speed when it was released by OpenAI. The most powerful natural language processor (NLP) our world has ever seen naturally garnered an incredible amount of attention right out the gate.
Despite attracting 100 million users globally, the AI is far from perfect. In fact, there’s still a lot more grey area that needs to be charted before an AI model like ChatGPT is going to be a standard implementation. Not only are there concerns with the accuracy, biases, and legality involved in using generative AI, but we can officially add cybersecurity vulnerability to that growing list of concerns.
ChatGPT has already been the source of a few blunders, like when a lawyer tried to cite fabricated ChatGPT cases in a court of law. Now, though, the real cybersecurity vulnerabilities in ChatGPT are coming to light as over 100,000 user credentials have been stolen and are now up for sale on the dark web.
This demonstrates how new generative AI is, and the risks involved in an unmeasured approach to AI implementation. The stolen ChatGPT credentials also showcase the importance of having clearly stated guidelines for employees' use of the generative AI NLP. Additionally, if your employees are using ChatGPT actively, they should take precautions, like changing their passwords and considering slowing down use of the AI.
When it comes to cybersecurity, it’s considered a best practice to have a standardized password policy in place. This can mean requiring multi-factor-authentication or encouraging the use of passphrases over passwords.
Universities Under Attack
Educational systems and universities seem to be magnets for malicious actors and hackers. On June 13th and 16th Hawaii Community College and the University Systems of Georgia confirmed they were victims of cyberattacks.
The incidents represent a growing trend in the cybersecurity space that is seeing school systems as primary targets for cyberattacks. This is sometimes due to a lack of cybersecurity awareness and training in the staff, making them a soft target for phishing emails, and other times has to do with a limited IT department that’s already stretched thin.
NoEscape is currently credited for the attack on Hawaii Community College whereas the Georgia university systems are added to the list of victims from the wide-spread MOVEit attack mounted by Clop.
Wrapping up on Cybersecurity in June
Cybersecurity is an ever-evolving space and keeping your thumb on the pulse of the latest stories in the industry is the only way to maintain cybersecurity best practices as they become more and more advanced.
The truth of the matter is that no one person or company is impervious to a cyber-attack. However, the more defense you have, the better protected you’ll be, dropping the chances of a successful cyber-attack. Having a dedicated team of cybersecurity experts will give you the best chance of keeping sensitive data and information under lock and key.
To help keep your companies name off the growing list of MOVEit victims, audit your cybersecurity practices with DOT Security’s Cybersecurity Checklist: How Covered is Your Business?