Components of DOT Security’s Services
Explore each of the core elements that combine to form DOT Security’s complete offering
See how it all comes together
DOT Security’s holistic service- A plan to get back up and running if a problem occurs
- Comply with data security laws and industry regulations
- Expert planning and training to improve overall security
- Protection for a controlled internal environment
- Coverage for individual systems and devices
- Control who can get into your networks
- Improved insight into data and communications
- Extra fortification for your most sensitive data
Risk Assessment
InsightsCybersecurity insights and analyses
Dive into the world of modern cybersecurity with explanations, predictions, and expert opinions
Find blogs, infographics, videos, and more
DOT Security insights- Definitions for industry terms and acronyms
- The complete beginner’s guide to everything cybersecurity
Cybersecurity Consulting
Cybersecurity News and Headlines From January 2024
January 31, 2024
7 minute read
In our first news recap of 2024, we cover: the Mother of All Breaches (which saw 26 billion stolen account records published), the Microsoft email breach, AI misuse abroad, and what we can expect from AI in cybersecurity this year.
Keep reading to get the scoop on these cybersecurity news stories and insights from DOT Security.
Sign up for our newsletter!
Stay informed on everything cybersecurity and have headlines delivered directly to your inbox by subscribing to the DOT Security blog.
26 Billion Account Records Stolen
2024 started out with a cybersecurity splash unlike any other in the history of the internet. A whopping 26 billion records are reported stolen in what is known as the Mother of All Breaches (MOAB). All-in-all, the breach constitutes 12 terabytes of stolen data.
While a lot of this stolen data is simply a compilation of previously leaked information, there is reason to believe that there is a sea of new data in this massive dataset.
“According to the team, while the leaked dataset contains mostly information from past data breaches, it almost certainly holds new data that was not published before. For example, the Cybernews data leak checker, which relies on data from all major data leaks, contains information from over 2,500 data breaches with 15 billion records.”
The staggering dataset has leaked information from a number of businesses including LinkedIn, Twitter, Weibo, Tencent, Snapchat, Adobe, Venmo, and others. Making matters worse, much of the information that’s been published is considered sensitive, making it more valuable to malicious actors.
Not only is there a significant potential for unauthorized access to personal and financial accounts, but if credentials within this dataset are repeated by users elsewhere, malicious actors may be able to launch sophisticated attacks that allow them access to additional user accounts.
Businesses and individuals alike want to keep their eye on this story as it continues to develop and should proactively install multi-factor authentication protocols and strengthen passwords for important accounts.
Microsoft Executives Email Infiltration
On January 12th, Microsoft detected an unauthorized presence lurking in the background of senior leadership, cybersecurity, and legal emails. As soon as the threat was detected, they were able to swiftly decapitate the attack, effectively putting a halt to the siphoning on January 13th.
The attack began in November 2023, and has been linked to a Russian state hacking group that uses a series of pseudonyms including Midnight Blizzard, Nobelium, APT29, and CozyBear.
The hacking group launched a cyberattack known as password spraying and gained access to a limited number of corporate email accounts. While the financial impact isn’t yet completely clear, ongoing investigations indicate that the malicious group was looking for specific information Microsoft had gathered or associated with Midnight Blizzard.
"The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself. We are in the process of notifying employees whose email was accessed."
Italy Takes Action Against AI
Italy's data protection authority, GPDP or Garante per la protezione dei dati personali, has fined the city of Trento 50,000 euros (54,225 USD) for violating data protection rules in the implementation of artificial intelligence (AI) in street surveillance projects.
This marks the first instance of a local administration in Italy being penalized by the GPDP for improper use of data and AI tools. The data protection agency is known for its proactive approach in assessing AI platform compliance with the European Union's (EU) data privacy regulations.
As such, the agency instructed Trento to delete all data collected in two EU-funded projects when an investigation revealed multiple privacy regulation violations, citing insufficient anonymization of collected data and improper and unauthorized data sharing with third parties.
City representatives believe they acted in good faith and are considering an appeal, asserting that current legislation inadequately regulates the use of AI for large data analysis and enhanced city security.
This story underscores a growing global concern around privacy rights, personal data sharing, and cybersecurity amid rapidly advancing AI technology.
A Look Ahead at Cybersecurity in 2024
2024 is bound to bring about a slew of changes to the cybersecurity space, making it all that much more important that organizations keep up with this shifting landscape. Between new regulations and compliance guidelines, fundamental pivots to the standard security framework, and further advancements in AI technology, we’re expecting another year full of cybersecurity evolution.
Here are just a few predictions of what’s to come in the cybersecurity space in 2024.
Zero Trust Takes the Mainstage
One of the major shifts in the cybersecurity space that we’ve already started to see is the transition from perimeter-based security frameworks that heavily rely on VPNs and firewalls to a zero trust architecture that operates on a “never trust always verify” ideology.
Due to the cultural shifts in working environments and the evolution in cyberattack technology, organizations are prioritizing zero trust security strategies to shore up network defenses in the face of sophisticated cyberattacks.
“In fact, 2023 saw an increase in VPN vulnerabilities and, accordingly, nearly 1 in 2 organizations reported that they experienced VPN-related attacks. With 92% of those organizations considering, planning, or in the midst of a zero trust implementation, it’s an encouraging sign that zero trust grew as a priority in 2023.”
Zero trust security implementation will continue to grow as it provides stricter verification and authentication protocols that enhance identity access management strategies and ensure that only authorized users are accessing sensitive information.
Increase in Ransomware
In 2023, the ransomware industry saw significant growth. This correlated with the growing sophistication of AI technology and its application in cybercrime. However, the escalation of ransomware threats is only projected to accelerate.
Part of this is due to the growth in cybercrime facilitators who essentially act as brokers, helping less advanced hackers execute cyberattacks. You may be familiar with the software as a service model (SaaS) which has become so popular it’s been adopted by cybercrime groups that offer things like ransomware as a service (RaaS).
The scale and scope of the cybercrime industry is continuing to blossom and organizations must be prepared to handle cyberattacks with increasing levels of sophistication by continually adapting and evolving their own cybersecurity posture.
Enhanced Security and Additional Regulations
As discussed earlier with Italy’s legal action against the city of Trento, security remains a top concern for organizations looking to implement AI solutions into their operations.
Creating additional regulations, and standard operating processes for artificial intelligence models is going to be a major point of emphasis in 2024 for both governing organizations and cybersecurity professionals.
More AI Cyberattacks
Lastly, it’s critical to keep in mind that the increased access to AI tools and improvements in AI models will also help those conducting the cyberattacks, not just those defending against them.
Hackers can make use of AI tools to launch more sophisticated cyberattacks, create convincing emails or documents, and improve the success rate of phishing campaigns and other malicious attacks.
In 2024, it’s more imperative than ever to have a layered cybersecurity strategy that includes comprehensive employee awareness training.
Wrapping Up on Cybersecurity News and Headlines
As we wrap up the first of our cybersecurity news recaps in 2024, we're reminded that the world of cybersecurity never stands still. In an era defined by data and constant evolution, staying on top of the latest headlines, stories, and developments is not just advisable but crucial.
Being informed about these key events empowers us to understand security trends, learn from recent breaches, and anticipate shifts in regulations and best practices. The world of cybersecurity demands vigilance and adaptability, and staying ahead of the curve is our best defense against emerging threats.
If you want to keep your thumb on the pulse of the cybersecurity industry and want more monthly headlines, subscribe to the DOT Security Blog and never miss a beat.