It's 'CIS Week' on the D&D Daily! Follow along in the 'Vendor Spotlight' column below as CIS Security Solutions showcases solutions for the retail industry

---

Leading Multi-brand QSR Franchiser, BRIX Holdings, Chooses Interface to Streamline Network and Security Operations at All Locations

Interface will deploy standardized restaurant technology solutions at Friendly's, Red Mango Cafe, Smoothie Factory + Kitchen, Souper Salad, Orange Leaf, Humble Donut Co, Greenz, and Pizza Jukebox

St. Louis, MO (June 13, 2023) - Interface Systems, a leading managed service provider of business security, actionable insights, and purpose-built networks for multi-location businesses today announced that BRIX Holdings ("BRIX"), a leading multi-brand franchising company that specializes in the "better-for-you" QSR segment, has chosen Interface to deploy managed network, business voice, PCI compliance, business security, and business intelligence solutions for all their franchise locations, including Red Mango Cafe, Smoothie Factory + Kitchen, Souper Salad, Orange Leaf, Humble Donut Co, Greenz, Friendly's and Pizza Jukebox.

Interface's solutions enable BRIX to offer its franchisees a modern and proven technology template that can be replicated with ease at any number of locations consistently. By choosing Interface's suite of managed services, BRIX has laid the foundation to accelerate expansion and offers franchise operators a proven technology model to run successful businesses.

Read more here
 

---

The U.S. Crime Surge
The Retail Impact

House Subcommittee Hearing on Organized Retail Crime - Today
The Rise in Organized Retail Crime and the Threat to Public Safety

Date: Tue, 06/13/2023 - 2:00 PM
Location: 2141 Rayburn House Office Building

The House Judiciary Subcommittee on Crime and Federal Government Surveillance will hold a hearing on Tuesday, June 13, 2023, at 2:00 p.m. ET. The hearing, "The Rise in Organized Retail Crime and the Threat to Public Safety," will examine the rise in organized retail crime that is causing businesses to close and endangering the public. Criminals who engage in organized retail crime are emboldened by leftist rogue prosecutors, progressive bail reform laws, and other soft-on-crime policies in Democrat-run cities.

WITNESSES:

• Attorney General Kris Kobach, Kansas
• Lorie Mohs, Mother of Blake Mohs, organized retail crime victim Murdered at Home Depot
• John Milhiser, former U.S. Attorney, Central District of Illinois

Subcommittees: The Subcommittee on Crime and Federal Government Surveillance house.gov

NRF worked closely with committee staff and provided the opportunity for several retailers to talk to staff on background about the ongoing challenge of ORC. NRF also submitted a written statement for the record
which can be viewed here. NRF continues to encourage members to send letters of support of the Combating Organized Retail Crime Act (S. 140/H.R. 895). nrf.com

Stand up against organized retail crime.

Send a message to Congress today!

TODAY: Congressional hearing about organized retail crime

A key congressional committee is holding a hearing today to discuss the rise in organized retail crime and how it threatens public safety. It is crucial to voice your concerns to your representatives in Congress and urge them to act.

Join NRF in calling on Congress to address rising retail crime by passing the Combating Organized Retail Crime Act. This bipartisan bill enhances federal coordination for law enforcement, targeting crime gangs that harm retailers and jeopardize public safety.

Together, we can make a difference. Stand up against organized retail crime by showing your support today.

SEND A MESSAGE: https://www.votervoice.net/NRF/Campaigns/98241/Respond
 
This may be our only chance to help get this passed. The CEOs have stood up. Now it's time for everyone in this industry to Stand Up and Be Heard by Sending the Message above!
 

NRF Urges Congress to Advance ORC Legislation Ahead of Hearing
WASHINGTON - The National Retail Federation today urged Congress to formally advance the Combating Organized Retail Crime Act, which would amplify resources and coordination among federal, state and local law enforcement agencies to address ORC. The House Judiciary Committee's Subcommittee on Crime and Federal Government Surveillance meets tomorrow at a hearing entitled "Rise in Organized Retail Crime and the Threat to Public Safety" to examine the impact of ORC on communities nationwide.

NRF submitted a written statement for the record in advance of the hearing detailing the growing negative impact of ORC on American businesses, workers and consumers.

According to the statement:

"Retailers' foremost concern with ORC activity is the safety of retail workers and their customers. Individuals and groups committing these crimes have used threats and acts of violence, including the use of weapons, to aid theft. Eighty percent of retailers noted an increase in violence and aggression by customers toward workers in 2021. Extremely concerning is the depressing fact that several retail workers have been killed during recent theft incidents - including trained security personnel as well as retail workers serving in customer-facing roles.

"As more acts of blatant and deadly thefts take place in stores, the consequences are apparent for both retailers and consumers alike. Both store associates and customers are being harmed and threatened. Shoppers are now seeing everyday items like toothpaste and dish soap behind lock and key. Retailers know it is an inconvenience for customers. The anti-theft security measures can lead to lost sales from customers who must wait for an employee to unlock a cabinet so they can access a product. As the theft of merchandise continues, the cost of securing those items skyrockets. Retailers already operate on very slim margins and can only absorb so much cost to remain profitable."

The testimony also cited NRF's latest research on retail crime, which shows retail loss is a nearly $100 billion problem and growing. Another study cited from NRF and global risk advisory firm K2 Integrity found that ORC groups are growing in both their scope and complexity, making them harder to stop. Both reports highlight the need for federal solutions like the Combating Organized Retail Crime Act.

The hearing follows last week's NRF PROTECT event, where more than 2,000 retail professionals convened in Grapevine, Texas, to examine the loss prevention community's most prominent issues, including ORC. In a flash poll during the event among 232 retail professionals, 90% said ORC is more of a risk to their business than it was three years ago.

As the leading authority and voice for the retail industry, NRF has spearheaded industry efforts to address ORC, including support for the now-enacted INFORM Act, which takes effect on June 27. The organization has also launched a national grassroots campaign in support of the Combating Organized Retail Crime Act. nrf.com


Retailers Battle Crime As The Government Continues to Fall Short
With new anti-theft stores, companies step in where governments are missing
Concepts like the new Walgreens anti-theft store mark a further shift in responsibility for managing criminal behaviour to the corporate world from government. Increasingly, companies, particularly retailers, are tasked with making sure law-abiding customers can still get essential services - such as access to pharmacies - without being victimized by bad apples.

The problem is, dealing with crime is not Walgreens' job or the job of the private sector in general. It's the government's job, and that's why we pay taxes to fund law enforcement.

Theft and violence against retail employees - and even customers - have risen sharply in Chicago, New York, San Francisco, Los Angeles, Seattle and other cities. The main culprits: roving bands of marauders whose smash-and-grab methods make up a new commercial threat called organized retail crime.

So prevalent is the problem that many retailers have pulled out of troubled urban neighbourhoods after efforts to improve store security using advanced electronic surveillance, product monitoring and more security guards has failed.

The list of departures is the longest in San Francisco. Old Navy recently said it would close its flagship Market Square location after three decades because of losses and concerns about employee safety. The clothier's move follows closings by T-Mobile, Whole Foods, Nordstrom, Office Depot, Starbucks and Anthropologie, among others. Target and others are restricting nighttime hours at downtown stores for security reasons.

To be sure, the risk for Walgreens is in alienating customers in an effort to reduce the cost of theft. Win or lose, the company deserves some credit. For all the bad press companies get about putting performance ahead of people, this is one example of how a company is finding new ways to manage the unpleasant reality of modern urban life and serve its communities, particularly those that are under-resourced.

The nuclear option is for Walgreens to do what so many retailers have done - pull out all together. If the company did that, the South Loop neighbourhood would be left without an important source of essential services. That doesn't seem like a people-first option at all. theglobeandmail.com


Backlash to CA Bill That Prohibits Employees From Confronting Shoplifters
Opinion: California's proposed shoplifting law would be a disaster
Few would deny crime is a growing concern in the Golden State, especially in major cities. The culture has caused companies such as Walgreens, which shuttered 22 stores in San Francisco alone over a period of five years, to cease doing business in many of these locations. Many accused Walgreens of "crying wolf" on the matter of retail theft, and California lawmakers recently made it clear they don't take the matter seriously.

Earlier this month, the California Senate passed Bill 553, legislation that would discourage retail store employees from confronting shoplifters. The legislation - passed weeks after a Home Depot security guard was shot and killed during a Pleasanton, California, robbery - is designed to protect employees, supporters say, by forbidding employers from instructing employees to confront shoplifters.

The legislation would be disastrous. A law that would prohibit employers from telling their employees that customers are not allowed to take whatever they want without paying would clearly incentivize shoplifting. It would further promote the culture Fuller described, one in which it is viewed as "optional" to pay for things.

This is the culture that is driving companies out of California. It's not just crime or high taxes or pandemic mandates. It's a culture that shows disdain for property rights, which are the wellspring of all human rights and a pillar of civilization.

California lawmakers have shown utter contempt for property rights for years. Making it illegal for employers to instruct employees to stop customers from stealing is just the latest example.

Until California changes this culture and demonstrates it respects the property rights of people and businesses, it will continue to decline. washingtonexaminer.com


Funding Retail Crime Sting Ops & Two Positions to Track and Help Prosecute ORC
Oregon ORC Bill Update: Retail Theft Funding Measure Advances
Two funding bills that are part of the organized retail theft package are moving through the process. SB 900, which would set up a grant program available to local governments to bolster retail crime sting operations, moved through the Joint Committee on Ways and Means June 2. Its companion bill, SB 318, would fund an analyst and two investigator positions within Oregon Department of Justice to help coordinate prosecution of organized retail theft. It has been assigned the public safety subcommittee of the Joint Committee on Ways and Means, a sign that it's moving forward. A vote for that bill should happen in the next week or two, though both bills ultimately would have to pass the paralyzed Senate. oregonbusinessreport.com


Bill to Fight Gun Store Smash & Grabs Introduced in the Senate
New legislation cracks down on 'smash-and-grab' gun store robberies
A bill to toughen penalties for "smash-and-grab" thefts at federally licensed gun stores has been reintroduced. Sen. Shelley Moore Capito, R-W.Va., joined 22 of her GOP colleagues, led by Sen. Lindsey Graham, R-S.C., to reintroduced the Federal Firearms Licensee (FFL) Protection Act of 2023. The legislation would address the unacceptably high number of "smash-and-grab" thefts targeted at federally licensed gun dealers by enhancing penalties for criminals who steal firearms from federally licensed firearms and ammunition dealers. "Burglaries of gun dealerships continue to rise, which is why we must put solutions forward that deter these would-be criminals from committing these robberies and endangering our communities," Capito said in the announcement. "I'm proud to support this legislation that implements swift and strong penalties for these crimes, and further protects our communities." The act would increase the statutory maximum penalty for knowingly stealing any firearm in an FFL's business inventory from 10 to 20 years; impose a mandatory minimum sentence of three years for burglary from an FFL and five years for robbery from an FFL; and criminalize the attempted theft of a firearm from a licensed importer, manufacturer, dealer or collector.  news.yahoo.com


Highest Number of Jewelry Industry Crimes Ever Recorded
Jewelry Industry Crimes Hit Record Level in 2022, JSA Reports
JSA has released its 2022 Annual Crime Report which described how the number of Crime against the U.S. jewelry industry reached a record level in 2022. The total number of crimes committed against U.S. jewelry firms was 2,211 - the highest number of crimes JSA has ever recorded, according to a press release. The number of crimes in 2022 represented an increase of 31.1% from 2021, when 1,687 crimes were reported to JSA. "Soaring crime needs to be a concern for the entire diamond, jewelry and watch industry," said John Kennedy, president of JSA. "This Report can help jewelers become better prepared for the dangerous crime risks they face every day, and can alert law enforcement agencies to the serious crime risks of the jewelry industry."  instoremag.com


NY lawmakers pass controversial bill to seal most criminal records
The long-debated controversial Clean Slate Act - which will automatically seal most criminal records - has passed both houses of the state Legislature.

The legislation, which still must be signed into law by Gov. Kathy Hochul, wipes a New Yorker's conviction record clean three years after sentencing for misdemeanors, and eight years for felonies. nypost.com


Here's How Long It Took To Buy Locked Up Basic Items in San Francisco Stores

NYPD Commissioner Keechant Sewell resigns

Research sheds light on the costs of mass shooting injuries

Employers Must Discuss Trauma Strategies Amid Rising Violence
Do Workplaces Need to Discuss Trauma?

When talking to employees about an event, tell the truth while respecting confidentiality, and only share what is absolutely necessary.

Workplace shootings continue to increase. In 2023 more than 100 mass shootings have occurred in the U.S. according to the Gun Violence Archive. Behind those numbers are victims as this grim document from Statista shows. Along with the horror, what about the trauma experienced by employees involved in these incidents?

In an article in Harvard Business Review, Katharine Manning, president of Blackbird DC, a training company, talks about what employees expect of their employers.

When we are in a period of crisis, many of us look to our institutions to support and protect us. If they fail to do so, or if they take steps that we fear will harm us or those we care about, that can create a second injury, called an institutional betrayal.

Thus, if we fail to respond appropriately in our work with those experiencing trauma, we can add a second injury to the first. But if we respond well, we build trust and connection. Either way, the manner in which we support each other in times of crisis will reverberate in our organizations for many years to come.

There are steps employers can take including these strategies offered by Workplace Response.

Acknowledge what happened - Address that an event or situation occurred that impacts workers and the workplace. The key to this step is to check in and take the lead of the survivor or person who has experienced or is experiencing harm or trauma. Be open and available to the person experiencing trauma or violence, and take their lead. Their safety and privacy are most important.

Practice Emotional Intelligence - Try and let go of this solution-oriented mindset and approach with empathy, compassion, and active listening. Let people know that you are here for them and will be supportive in the ways that feel supportive to them.

Be aware of the signs and side effects of trauma and stress - When these signs are present, reconnect, engage, and offer support. As you help others, remember that you also deserve space to process and receive support. You do not have to "have it all together" all the time. ehstoday.com


Target Bomb Threats Continue to Make National Headlines

Target Continues to Get Bombarded with Bomb Threats
Locations in at least five states were evacuated this weekend

Target stores see more bomb threats over Pride merchandise
Target stores in at least five states were evacuated this weekend after receiving bomb threats. Though no explosives were discovered, the incidents tie into the backlash over the retail chain's Pride Month merchandise.

The threats Saturday in parts of Oklahoma, New York, New Hampshire, Vermont and Louisiana mirror those made in recent weeks in Ohio, Utah and Pennsylvania. In most instances, unknown individuals emailed the threats to local news outlets. The FBI and the regional Joint Terrorism Task Force have been assisting with the investigation in some jurisdictions.

Law enforcement investigated the threats and determined the stores are safe, Target said in a statement. All stores are "currently open and operating regular hours."

News outlets in Vermont, New Hampshire and New York received the same threatening email Saturday, according to South Burlington Police Chief Shawn Burke. The message, which accused Target of betraying the LGBTQ+ community, named a store in South Burlington, Vt., and ones in Plattsburgh, N.Y., and in Keene and West Lebanon, N.H.

Burke said his officers helped evacuate the store and do a "cursory search to render the store safe," which lasted about 25 minutes. washingtonpost.com


NRF Responds Amid Pride Month Threats
NRF Statement on Store Safety
WASHINGTON - The National Retail Federation has provided the following statement regarding store safety.

"Acts of violence - real or threatened - by those who seek to bring attention to themselves and their cause have no place in retail stores.

"The number one priority for retailers is ensuring the safety and security of both customers and workers. Retailers provide their teams with trainings to prevent or de-escalate situations that may result in confrontation. Also, they are close partners with law enforcement who help support them when situations may escalate.

"Threats, violence and protest will not deter a retailer's commitment to protecting the health and safety of the customers they serve and the people they employ." nrf.com

   Click here to read the D&D Daily's Special Report over recent retail bomb threats


More Highlights from NRF PROTECT 2023
The Vitamin Shoppe follows a people-first path to positive results

NRF PROTECT: Chief Operating Officer Andrew Laudato on building a safe environment for innovation

It's possible to innovate in a way that values safety and security, he said. Build cybersecurity into the innovation process from the beginning, and identify and prioritize risks up front and early.

Leaders should foster communication and cooperation between the innovation teams and cybersecurity experts. And they must continuously monitor emerging threats and technology.

But the best way retailers can create an environment where innovation thrives is by putting people before technology.

"It's all about the people," he said. "Companies don't innovate, people do." When he's hiring, Laudato looks for four key attributes - integrity, intelligence, ambition and temperament. "This may seem aspirational, but you can teach someone the technology, the process, project management, but you can't teach them these attributes."

After that, it's up to retail leaders to keep those people. "There's nothing more important - no matter what your job is - than hiring the best people, making them feel safe and then taking really good care of them. It's expensive to hire and hard to find good people. You've got to keep them." nrf.com


Facial Recognition's Continued Expansion to Boost Safety & Security
Detroit Metro Airport's TSA implements facial recognition technology for faster, safer screening process
TSA is relying on facial recognition technology to not only speed up the screening process but also to keep travelers safe. As the summer travel ramps up, officials have an important reminder about something you must do before heading to the airport.

A faster passenger screening known as CAT-2, which stands for Credential Authentication Technology, is a machine that is quick and efficient with its process. The device validates a passenger's I.D. without those few extra minutes of a TSA agent looking at your I.D., looking at you, looking at Your I.D., and so on.

The TSA Federal Security Director for Michigan states that this will be a time saver and says that images of your I.D. will not be stored. The machine is used for onsite verification. clickondetroit.com


Inflation cools sharply in May to 4%, lowest in 2 years
The Labor Department said Tuesday that the consumer price index, a broad measure of the price for everyday goods including gasoline, groceries and rents, rose just 0.1% in May from the previous month, far lower than the 0.4% increase recorded in April.

Prices climbed 4% on an annual basis, slightly below the 4.1% increase forecast by Refinitiv economists. It marked the slowest pace of inflation since March 2021. foxbusiness.com


Ollie's raises outlook, plans to open 45 new stores in 2023

Westpac to layoff 300 workers in business and retail unit, says trade union

Despite recent losses, DOJ doubles down on antitrust enforcement


Quarterly Results

Ollie's Bargain Outlet Q1 comp's up 4.5%, total net sales up 12.9%
 

Senior LP & AP Jobs Market

Senior Loss Prevention Director job posted for Draeger's Supermarkets, Inc. in South San Francisco, CA
Conduct store surveillance via CCTV and sales floor. Safely detain shoplifters when necessary. Protect company's assets by conducting internal and external investigations using data analytics (Hawkeye). Shrink Management - Identify shrink caused by fraud, theft, operational errors, and policy violations, etc. Produce and submit detailed reports supported by facts and evidences in a timely manner. Implement metrics: areas of loss, remediation, strategy. indeed.com
 

To Pay or Not to Pay - That is the Question for Leadership & Security Teams
The FBI Could Help Retrieve Your Data After a Ransomware Attack
The recommendation from the FBI is to not pay, stating on its website that "paying a ransom doesn't guarantee you or your organization will get any data back. It also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity."

And the FBI could play a role in ensuring you avoid paying the ransom and get your data back without having to deal with the cybercriminal gang.

Tools Unavailable to Most Organizations

One of the first things an organization should do if they are hit with a ransomware attack is contact the FBI. It's not just because a ransomware attack is a crime-although that is a compelling reason. It's because law enforcement agencies have tools that can help you get your stolen or encrypted data back.

Perhaps one of the most eye-opening messages at RSA this year was the revelation that the FBI has the ability to decrypt data held for ransom. (If it had been mentioned once, it would have raised some questions, but the advice could have easily been dismissed. But this was repeated in a number of ransomware-related sessions and by a couple of keynote speakers.) As was mentioned more than once, the FBI has access to the encryption codes for a number of ransomware variants and, as at least one speaker suggested, ransomware gangs are lazy and rarely bother to change encryption keys.

In a document aimed at CISOs and security teams, the FBI stated that law enforcement has access to tools that most organizations do not and can enlist the assistance of international partners to help retrieve data. The document also pointed out that the FBI can conduct investigations that minimize disruptions and works closely with the organization to limit "unwarranted disclosure of information."

Emphasis on Victim Recovery

Ransomware has become so disruptive that the FBI has put a greater emphasis on victim recovery, Deputy Attorney General Lisa Monaco told The Record podcast.

This was evident in the FBI's recent takedown of the Hive ransomware variant. As the Department of Justice explained, "Since late July 2022, the FBI has penetrated Hive's computer networks, captured its decryption keys and offered them to victims worldwide, preventing victims from having to pay $130 million in ransom demanded."

In its focus on victim recovery, the FBI has shifted its strategy. The goal now is to disrupt the threat actors and cut into their revenues. To take down Hive, the FBI infiltrated the Hive crime ring's servers and "hacked the hackers." Much like threat actors would do, the FBI's team moved around Hive's server network and took over, so much so that they created decryption keys for victims of the ransomware attack.

Federal law enforcement is uniquely situated to be an ally to your organization's battle against ransomware. If "contacting the FBI to report ransomware attack" isn't on your post-attack procedure guidelines already, it should be added as one of the first things to do in the mitigation phase. Taking that step will go a long way in guiding your decision about whether or not to pay a ransom. Chances are favorable that you can recover your data with the FBI's assistance at no cost and little disruption. securityboulevard.com


Data Breaches Cause Significant Damage
DOS Attacks Dominate, but System Intrusions Cause Most Pain

In the latest Verizon "Data Breach Investigations Report," denial-of-service attacks are the most common type of security incident, but when it comes to breaches, nearly four-in-ten attackers compromise systems.

Denial-of-service attacks continued to dominate the threat landscape in 2022, but breaches - those security incidents that resulted in confirmed data loss - more likely included system intrusions, basic Web application attacks, and social engineering.

Out of more than 16,300 security incidents analyzed in Verizon's "2023 Data Breach Investigations Report," more than 6,250, or 38%, were denial-of-service attacks, while almost 5,200, or 32%, were confirmed data breaches. While the denial-of-service attacks were disruptive until they were mitigated - much of the data in the report came from DOS defense providers rather than victims - data breaches through system intrusions, web application compromises, and social engineering usually resulted in significant impacts on business.

The two top attack types in the report - DOS attacks and system intrusions - target different parts of the CIA (Confidentiality, Integrity, Availability) triad. System intrusions typically affect confidentiality and integrity, while denial-of-service attacks target availability, says Erick Galinkin, principal researcher at vulnerability management firm Rapid7.

The data highlights the differences in threat activities that become notable incidents and those that cause real harm to companies. The damage caused by the average ransomware incident, which accounted for 24% of all breaches, doubled to $26,000, according to the report. In contrast, only four of the 6,248 denial-of-service incidents resulted in data disclosure, the "2023 Data Breach Investigations Report" stated.

The report also underscored the fact that while patterns are informative, they can also vary widely, says Joe Gallop, intelligence analysis manager at Cofense, an e-mail security company.

More System Intrusions, Because More Ransomware - Employees Critical to Defense: darkreading.com


Threat intelligence programs poised for growth

Enterprise organizations will increase spending, investing in areas like threat intelligence distribution, digital risk management, and security technology integration.

CISOs clearly believe that further investments in threat intelligence programs can mitigate cyber-risks while improving threat prevention and detection. Over the next 12 to 24 moths:

Thirty percent of organizations will prioritize sharing threat intelligence reports more readily with internal groups. This is a step in the right direction as threat intelligence has value beyond the security operations center (SOC) for alert enrichment.

Twenty-seven percent of organizations will prioritize investing in digital risk protection (DRP) services. As organizations expand their digital footprints, they need a better understanding of the accompanying risks. DRP services provide this visibility by monitoring things like online data leakage, brand reputation, attack surface vulnerabilities, and deep/dark web chatter around attack planning.

Twenty-seven percent of organizations will prioritize integration with other security technologies. Beyond endpoints, email, and network perimeters, CISOs want CTI integration with cloud security tools, security information and event management (SIEM) and extended detection and response (XDR) solutions, and security service edge (SSE) tools like secure web gateways and cloud access service brokers (CASBs).

Twenty-seven percent of organizations will prioritize acquiring a threat intelligence platform (TIP) for threat intelligence collection, processing, analysis, and sharing. Once the exclusive domain of the largest enterprises, TIPs are slowly moving down market.

Twenty-six percent of organizations will prioritize developing a more formal program. Organizations realize they can no longer skate by on some open-source threat intelligence feeds reviewed by part-time threat analysts. Rather, they need staffing and processes to execute a full CTI lifecycle. csoonline.com


Fighting AI-Powered Fraud: Let the Battle of the Machines Begin
As cybercriminals tap the power of machine learning and generative AI to outwit fraud-detection systems, online fraud-prevention technologies must evolve accordingly.

Leveraging the power of the cloud, new malicious machine learning (ML) models offer the prospect of automating tasks that only humans could perform a few years ago.

How AI Can Help Fool Fraud-Detection Systems

Consider a typical fraud-mitigation system in a retail setting. Say a company sets a rule that in certain locations, transactions over $900 are automatically flagged for secondary verification. An ML tool could be programmed to calculate through trial and error the point at which high-value transactions are inspected. Then the adversary need only ensure their fraudulent transactions stay under $900 and are based in the right geolocation to avoid detection. What was once a time-consuming process becomes a simple matter of cloud-powered analytics.

Even sophisticated ML models can be probed and attacked for weaknesses by malicious AI. The more opaque AI systems become, the riskier they are to deploy in production settings. Humans will only have a limited understanding of their behavior and the outputs they might generate. Plus, to remain effective, they need to be trained on data from previous attacks. This combination make them vulnerable to exploitation when presented with a slightly different scenario. It only takes some targeted trial and improvement for malicious AI to learn those oversights and blind spots.

How Defenders Can Strike Back darkreading.com


Examining the long-term effects of data privacy violations

Researchers Report First Instance of Automated SaaS Ransomware Extortion

Police investigating rash of jewelry store burglaries in NJ; 12 stores in 2 weeks
Police in Maplewood, Scotch Plains and Union are investigating a string of smash and grab burglaries that have impacted jewelry stores in New Jersey. The thieves ripped off about a dozen jewelry stores in these areas in just the past two weekends, with the most recent occurring Monday morning. At around 3:58 a.m., police responded to a call from an alarm company about multiple motion activations inside Union Jewelers Exchange on Route 22 in Union. Surveillance footage captured the thieves forcibly entering the front door, using a tire iron and a sledgehammer.They made out with thousands of dollars' worth of jewelry. According to Union Police Deputy Chief Scott Breslow, a dozen jewelry stores in the area have been targeted in similar instances, dating back to June 2nd. Among the mentioned, these other recent locations include Linden, Woodbridge, Middletown, Eatontown, Green Brook, Hainesport, Robbinsville, Long Branch, and Westfield.  abc7ny.com


Gurnee, IL: 4 suspects arrested for stealing thousands of dollars worth of products from Gurnee Mills mall
Four California residents were arrested after prosecutors say they stole thousands of dollars in products from the Nike store inside Gurnee Mills mall in Gurnee. Lake County Assistant State's Attorney Colleen McConnell said the Gurnee Police Department was called on May 30 to a retail theft at Gurnee Mills. Five suspects were reported to have stolen from the Nike Clearance Store. Officers observed surveillance video and saw several people enter the store with empty bags, McConnell said. The suspects placed merchandise into the bags and fled. The suspects got into a vehicle outside the store and the license plate was obtained, McConnell said. A license plate reader camera alerted officers days later that the same suspect vehicle was detected again at Gurnee Mills. McConnell said officers responded and located the same five suspects who were involved in the May 30 retail theft. They recovered approximately 100 pairs of shoes. The theft on May 30 resulted in a loss of $3,909.  lakemchenryscanner.com


Manchester, CT: Masked juveniles caught burglarizing Macy's at Shoppes at Buckland Hills
Three juveniles were arrested at the mall in Manchester over the weekend after they allegedly tried to steal more than $7,000 worth of jewelry during a burglary, police said. Police were dispatched to the Macy's store at the Shoppes at Buckland Hills, at 194 Buckland Hills Drive, in the late evening hours Saturday after a loss prevention employee observed on the store's cameras three suspects wearing masks at the jewelry displays filling up backpacks with merchandise, according to the Manchester Police Department. Two of the suspects were taken into custody following a brief foot pursuit after the first officers arrived on scene, police said. A Connecticut State Police dog was called to the scene, as it was believed the third suspect was hiding somewhere in the store, according to police. South Windsor police helped establish a perimeter around the building before that suspect was located in the store.  courant.com


Linden, NJ: 4 Newark Residents Charged with Trying to Steal Over $5500 in Merchandise From Linden Kohl's

Lower Makefield Township, PA: Police investigating $2500 Retail Theft at Kohl's