6/21/21

LP, AP & IT Security's #1 News Source

Gus Downing's Exclusive Interview with Rex Gillette, VP Retail Sales, ADT
Discussing ADT Commercial's expansion into the EAS market.
(This week's focus - Part 1 of 4)

This past February ADT Commercial, a premier provider of commercial security, fire, life safety and risk consulting services in the U.S., announced its expansion into the electronic article surveillance (EAS) market through a strategic alliance with WG Security Products, Inc. ADT Commercial will install and service WG Security Products' comprehensive EAS portfolio in the U.S., including a full range of detection systems, hard tags, specialty tags, disposable labels, deactivation devices and detachers.

This strong alliance offers retailers another provider to consider in their search for EAS solutions, and one with service excellence at its core.

In the press release, Dan Bresingham, Executive Vice President, Commercial, at ADT spoke to the dedicated team they've assembled, with decades of retail and EAS experience to deliver on the promise of best-in-class service, including Rex Gillette, a 35-year veteran in retail loss prevention and the EAS market."

With this exciting new resource for the retailers we sat down with Rex and asked him for his perspective, how ADT Commercial is tapping into their teams extensive experience in the EAS market, and the added value this brings to the retail market?

Gus: Rex, you've spent decades in the retail loss prevention and EAS market, with your father Dennis Gillette being one of the founding fathers of EAS in retail. Can you talk to the value that drives for the retailers and give us a feel for how many others in your organization have EAS market experience?

Rex: For decades, EAS has a long and proven history in helping retailers curtail shoplifting. While the underlying, basic principles of the technology have remained largely the same over the years, advancements in tag technology, serviceability and connectivity have evolved immensely. Today, through our partnership with WG, our team has access to a broad portfolio of specialty tags designed to protect a wide range of merchandise - from boxed goods to luggage and handbags, along with IR versions with built-in intelligence features for both visible and concealed EAS systems.

Our dedicated retail National Accounts team also has decades of experience with EAS, many coming to ADT Commercial from early beginnings with Sensormatic or working directly for some of the largest retailers in the U.S. Our team has cultivated deep relationships with their customers and works closely with them in a consultative fashion to address their unique needs.
 

Stay tuned tomorrow for Part 2 of this Interview.
 

Security Company CEO Faces Federal Charges Over Cyberattack
CEO of network security company charged with cyberattack on
Gwinnett Medical Center

Vikas Singla has been arraigned on federal charges arising out of a cyberattack conducted on Gwinnett Medical Center in 2018. Singla was indicted on June 8.

"Cyberattacks that target important infrastructure, like healthcare, pose a serious threat to public health and safety," said Acting U.S. Attorney Kurt R. Erskine. "In this case, Singla allegedly compromised Gwinnett Medical Center's operations in part for his own personal gain."

"Criminal disruptions of hospital computer networks can have tragic consequences," said Acting Assistant Attorney General Nicholas L. McQuaid of the Justice Department's Criminal Division. "The department is committed to holding accountable those who endanger the lives of patients by damaging computers that are essential in the operation of our healthcare system."

"This cyberattack on a hospital not only could have had disastrous consequences, but patient's personal information was also compromised," said Chris Hacker, Special Agent in Charge of FBI Atlanta. "The FBI and our law enforcement partners are determined to hold accountable, those who allegedly put peoples health and safety at risk while driven by greed."

According to Acting U.S. Attorney Erskine, the indictment, and other information presented in court: Vikas Singla, the Chief Operating Officer of a metro-Atlanta network security company that served the healthcare industry, allegedly conducted a cyberattack on Gwinnett Medical Center that involved: Disrupting phone service, obtaining information from a digitizing device, and disrupting network printer service. The indictment further alleges that the cyberattack was conducted, in part, for financial gain.

Vikas Singla, 45, of Marietta, Georgia, made his initial appearance before U.S. Magistrate Judge Linda T. Walker. Singla was charged with 17 counts of intentional damage to a protected computer and one count of obtaining information from a protected computer. Members of the public are reminded that the indictment only contains charges. The defendant is presumed innocent of the charges and it will be the government's burden to prove the defendant's guilt beyond a reasonable doubt at trial.

This case is being investigated by the Federal Bureau of Investigation. justice.gov

Cyberattacks Having Similar Impact as COVID
Are Ransomware Attacks the New Pandemic?

Ransomware has been a problem for decades, so why is government just now beginning to address it?

Ransomware attacks are the new pandemic, threatening the US economy, commerce, and the flow of goods to market. First, there was the Colonial Pipeline shutdown, then JBS USA. However, those were not even close to being the first; ransomware attacks have been around for decades.

If this is the case, why is the federal government only now weighing in on addressing these attacks? Three factors come to mind:

● The impact on the US economy and literal flow of goods (gas and meat are just the latest) at this critical juncture, just as the US economy is recovering from the COVID-19 pandemic

● The weaponization of ransomware attacks and the involvement of foreign governments in the disruption of the economy and the escalation of attacks

● A general erosion of confidence in the cybersecurity of IT infrastructure, on which so much of daily life now depends

When ransomware attacks were thought to be crimes of opportunity and cryptocurrencies were both the "getaway car" and the financial instrument of the benefit, common best practices were considered adequate defenses. The nation-state nexus changes the motivation from monetary reward to intelligence gathering and operational disruption. The typical ransomware attack is based on a near-term time horizon and ability to cash in on the attack, yet intelligence gathering and maximizing the disruptive potential (and, in parallel, camouflaging its presence) may be components of a nation-state attack.

At the federal level, we need to address the pervasive fear when cyberattacks are reported. This is not to discount the actual impact and disruption caused by the SolarWinds attack or the loss of millions of identities in the Office of Management and Budget data breach several years ago - but we need to balance the reports of data loss with clear descriptions of how the attacks were perpetrated, how they were discovered, and what is being done to remediate and prevent future events.

Yes, ransomware attacks have the potential to be the new pandemic - but they don't have to be. We can be more resilient and better prepared with adequate preparation and leadership. darkreading.com

Insider Negligence Causing Data Breaches
Accidental Insider Leaks Prove Major Source of Risk

Research reports highlight growing concerns around insider negligence that leads to data breaches.

While malicious insiders often make headlines, most enterprise data leaks are accidental - caused by end users who fail to follow corporate security policy or try to work around it.

The "2020 Cost of Insider Threats: Global Report" by Ponemon Institute found only 23% of insider incidents last year were caused by criminal or malicious insiders. Approximately 62% were caused by employee or contractor negligence. The remaining 14% came at the hands of credential thieves posing as insiders.

The unintentional insider threat is only expected to worsen. The recent "2021 Data Exposure Report" by Code42 found employees are now 85% more likely to leak sensitive files now than they were before COVID-19. Since the start of the pandemic, 61% of IT security leaders say their remote workforce was the cause of a data breach.

Yet investment in this area does not keep pace. The Code42 research found more than half (54%) of IT security leaders spend less than 20% of their budget on insider risk, and 66% say their budget for insider risk is insufficient.

The Dark Reading Tech Insight "Detecting and Preventing Insider Data Leaks" examines the growing problem around unintentional insider data exposures and how security leaders are addressing the challenges around containing these risks. darkreading.com

Scammers are impersonating the DarkSide ransomware gang
Someone out there is impersonating the infamous DarkSide ransomware gang and trying to trick companies in the energy and food industry to part with 100 Bitcoins, Trend Micro warns.

But the campaign is not producing the desired results, because the Bitcoin wallet to which the ransom should be directed has yet to receive or send any payment.

The threat actor is contacting a few targets each day, either by sending an email to companies' generic email addresses or by entering the same text into contact web forms on their official website.

The threat actor claims to have breached the company's servers and to have access to sensitive company data, but offers not actual proof. Instead, they are hoping that invoking the DarkSide name will push companies into making a rash decision. But so far, that trick hasn't paid off. helpnetsecurity.com

Attackers Find New Way to Exploit Google Docs for Phishing

Prime Day is an Attractive Target for Fraudsters
Be Vigilant Against eCommerce Fraud this Prime Day
Online retail has always been an attractive target for fraudsters, as it provides them with ample opportunities to orchestrate many types of fraud - account takeover, new fake account registration, scraping, and more. The COVID-19 pandemic accelerated this trend with consumers transitioning to eCommerce platforms due to shuttering down of physical storefronts.

Fraudsters followed suit and adopted innovative techniques to take advantage of the increased traffic levels. Online retail was the most attacked sector in Q4 2020, due to high eCommerce activity owing to Black Friday, Cyber Monday, and holiday shopping. This trend continued well into Q1 of 2021 before easing out by spring. The traffic levels on eCommerce platforms - and fraud - have continued to be high since then.

With high-volume events such as Prime Day, fraudsters begin their preparations much in advance to be able to maximize their exploits. Credential stuffing, brute force, and botnet activities are some of the preparations that fraudsters undertake so they can orchestrate automated account takeover attacks. The volumes of account takeover attacks recorded on the Arkose Labs Network registered a 50% spike over the second half of 2020, and a 90% increase in Q4, 2020.

Just as businesses are prepping up deals to entice customers, they must double up on their efforts to fight fraud - especially during periods of elevated eCommerce activity. As consumers, especially millennials and Generation Z, increasingly use mobiles for online shopping, businesses must also adopt security measures that provide device-agnostic protection. This is because online retail businesses are obliged to keep user accounts safe as it can harm them through fraudulent transactions, payments fraud, and negative brand reputation, which can, in turn, impact their revenues.

Being aware of the emerging fraud trends and using proactive defense strategies, businesses can sharpen their fight against fraud. securityboulevard.com

Ace Hardware - Bed Bath & Beyond - Office Depot
Three more big retailers enter Prime Day competition
With Adobe predicting that Amazon's upcoming Prime Day megasale (June 21-22) will be the biggest U.S. shopping event of all time, it is not surprising that retailers including Walmart, Target, and Kohl's have all scheduled online sales extravaganzas that overlap Prime Day. Now Ace Hardware, Bed, Bath & Beyond, and Office Depot are also rolling out promotions that just happen to coincide with Prime Day. Following is an overview of each event.

Ace Hardware
For the third straight year, retailer-owned hardware cooperative Ace Hardware Corp., is hosting Ace Rewards Day. The two-day event-June 21-22, 2021-offers exclusive online deals and special bonus offers for Ace Rewards loyalty program members.

Bed Bath & Beyond
Bed Bath & Beyond Inc. is running its annual Beyond Big Savings Event from June 20-22. The promotion will include free same-day delivery for orders $39 or more, and a rewards offer that will give customers up to $100 for future purchases. This is in addition thousands of other deals, both online or in-store, without any membership required.

Office Depot
Specialty office products retailer Office Depot is running Depot Discount Days, Monday, June 21 - Wednesday, June 23. Customers who shop online and in Office Depot and OfficeMax stores during the event can save up to 50% on furniture and chairs, plus get deals on PCs, tech accessories and other accessories. chainstoreage.com

How to avoid scams while shopping during Amazon Prime Day

A Homeless Amazon Warehouse Worker in New York City Tells Her Story

Harris County, TX: Man charged for allegedly stealing $1.3M in high-end vehicles
A 62-year-old man has been charged in Harris County after being accused of an elaborate scheme using fake identities to buy high-end vehicles totaling to $1.3 million. Jorge Lamarche was charged after prosecutors said he fraudulently purchased 19 brand new, fully loaded vehicles from multiple dealerships. The vehicles include a nearly $90,000 Mercedes and a $125,000 Cadillac Escalade. "It is a pretty sophisticated scheme of basically using other people's information to get credit to finance vehicles," said Tara Parker, with the Harris County District Attorney's Office. Prosecutors also said Lamarche wouldn't just steal anyone's identity. He found people with good enough credit to buy a six figure vehicle.

"Using his photo on IDs and then other people's identifying information. So names, birth dates, social security numbers, all of that stuff, addresses to make it seem like he was that person with his photograph," said Parker. "He would essentially get the vehicle and be able to drive off the lot with it before they figured out it was fraudulent." The recent charge stems from crimes committed from January to March, but Lamarche could be good for others. "Various other counties, possibly states, there's a lot going on with it. He's a very sophisticated criminal," said Parker. abc13.com

Tulare County, CA: Thieves have been stealing truckloads of nuts, police say
The latest heist was 42,000 pounds of pistachios. As Touchstone Pistachio Company ran through its routine audit earlier this month, something wasn't adding up. More than 42,000 pounds of pistachios had vanished. The company soon enlisted the sheriff's office in Tulare County, Calif., for help and on Saturday, law enforcement officials said they had found the missing nuts and arrested the thief. Police said the culprit, Alberto Montemayor, 34, was hiding the pistachios in a tractor trailer parked in a nearby parking lot and then repackaging them to sell. The case is just the latest heist of pistachio nuts in Central California, where the nuts were a $5.2 billion economic engine tied to more than 47,000 jobs last year, according to studies commissioned by the industry. Last August, the Tulare County Sheriff's Office arrested a 23-year-old man for allegedly stealing two trucks full of pistachios valued at $294,000. washingtonpost.com

Chubbuck, ID: Man accused of 12-month theft binge at Home Depot
A Bannock County man has been charged for repeatedly trying to return items to a Home Depot he had not purchased. Michael Wayne Roden, 61, faces a felony grand theft charge after making at least 28 separate trips to Home Depot in Chubbuck. During those trips he allegedly returned items he had selected off the store shelves, according to an affidavit of probable cause. A Chubbuck Police Department detective was contacted by the store's loss prevention team, which had compiled a list of incidences, dating back to June 30, 2020. Store employees said they repeatedly observed a man, identified as Roden, enter the store empty-handed only to see him minutes later returning an item at the returns desk.

Roden was pulled over before leaving the parking lot. While performing searches of his person and vehicle, officers found a THC vape pen, as well a binder containing Home Depot sales receipts. While being interviewed by the detective at the store, Roden said he suffered from "early dementia," police reports show. Still, he told officer he realized what he was doing was wrong. Having reviewed footage of two incidences of alleged theft prior to his arrival, the detective asked Roden if he recalled the two interactions. In one, Roden is allegedly seen returning a $99 gas trimmer he had not entered with store with. In the other, he returns a $376 door.Roden told officers that he did recall the incidents, according to court documents. If found guilty of grand theft, Roden would face up to 14 years in prison and a $5,000 fine. eastidahonews.com

Evansville, IN: More Than $15,000 of Merchandise Stolen From Dollar Variety Plus store
Officers were called to North Green River Road for suspicious circumstances. When they arrived, they found the bottom pane window of the Dollar Variety Plus store had been removed and items were in boxes. After investigating, EPD saw that multiple windows looked to have been tampered with and several items had been disturbed throughout the store. The owner found that most of the vaping products in the business had been stolen, estimating the loss at around $14,000. There was also $700 in cash that was taken and $700 in Hookah smoking devices. Video surveillance shows two suspects in the store around 2am, stuffing bags full of products before leaving. wevv.com

Perry, GA: Two men wanted in Perry, steal 19 cellphones from Walmart while wearing employee vest
The man with the employee vest then entered through the swinging doors to the rear employee back hall area where he walked to the employee lounge. There he exited the employee lounge and walked up to the electronic key box that holds all the store keys. He acted like he was trying to use a white card to access the box but was unsuccessful. He then walked past the electronics security room, where all the high-dollar electronics such as phones, video game consoles, and laptops are kept. The man pushed on the door and gained access. He then exited the room with a cardboard box that was closed and has some paperwork in his hand. He left the store just after the driver did and it was determined a total of 19 cell phones were stolen as a result. wgxa.tv

Charlotte, NC: $8K in meds, perfume stolen from NC Costco, Ulta. Police suspect multi-state ring

Suffolk County, NY: Man, Woman Wanted For Stealing $745 Worth Of Items From Lowe's

Clark County, OH: Suspect killed during attempted robbery at Papa John's
A person was fatally shot in Clark County during an attempted robbery at a pizza restaurant Sunday. The shooting happened at the Papa John's on the 400 block of North Main Street in New Carlisle. The Clark County Sheriff's Office said two suspects attempted to rob the store just after 11 p.m. During that attempt, one of the suspects was shot and killed. The other suspect got away and officials said they are still looking for that person. It is not clear who shot the suspect. The sheriff's office said they are not releasing that information at this time. All of the workers inside of the building are safe. No one else was hurt in the incident. wdtn.com

Birmingham, AL: Man shot, killed during alleged attempted robbery at Auto store
Authorities say that a man attempted to rob an employee of an auto store before being shot and killed Saturday morning. When Birmingham Fire and Rescue arrived to the scene, they pronounced the suspect dead. Josiah Bryant, 22, was identified as the deceased. The preliminary investigation suggests that Bryant was in the process of robbing an employee of the business when shots were exchanged between him and the employee. Bryant was struck by gunfire. A handgun was recovered on the scene near Bryant. The associate of the business remained and cooperated with police when they arrived. cbs42.com

West Miami-Dade, FL: Officer shoots at suspected thief's car heading toward her outside Home Depot
A Miami-Dade Police sergeant who was investigating a reported theft at a Home Depot store in West Miami-Dade opened fire at the subject's getaway vehicle as it headed toward her, authorities said. 7News cameras captured a heavy police presence at the store and crime scene tape cordoning off the parking lot, Saturday night. According to investigators, the sergeant was patrolling the parking lot when she was flagged down by an employee who told her a shopper had stolen items from the store, on West Flagler Street, Saturday night. When the sergeant attempted to get the subject's attention, police said, the subject, who was hauling the items in the cart, fled from her and jumped into a black two-door Honda. As the car advanced toward the sergeant, detectives said, she fired at least one shot and was able to get out of the way. She was not injured. wsvn.com

Linn County, IA : Deputy shot and seriously wounded responding to an Armed Robbery at Casey's General Store, suspect still at large
The suspect fired multiple shots at the deputy, hitting him with several rounds. The deputy has since been flown to University of Iowa Hospitals and Clinics for serious injuries. The suspect then fled in a van heading north out of Coggon. He was seen by another responding deputy, who pursued the suspect until the vehicle crashed on the north edge of town. The suspect then reportedly fled on foot. Officials report numerous agencies from all over eastern Iowa responded to the area and are assisting with the search for the suspect. The suspect has not yet been found, but law enforcement is continuing the search. kcrg.com
 

Robberies, Incidents & Thefts

Memphis, TN: Amazon On-duty Security Guard arrested for stealing money from job seeker using CashApp
A security guard was cuffed and carried away after police said she stole money using an app. At first detectives said she did not confess right away. But when police plugged her phone number into CashApp, it revealed the same user name from the victim's fraudulent charges. WREG-TV spoke with the victim who said the fact she was on duty when this allegedly happened makes things worse.

It is a case that is so surprising and so strategic, it left the victim shocked. The man on the phone told us he never thought meeting Chism, a security guard at the Amazon facility, would result in missing money. While going through the line, he said Chism volunteered to help him fill out an employment verification form on his phone. "In my mind I was thinking maybe she is trying to help, you know," the victim said. Although it gave him pause, he proceeded. It wasn't until a recruiter asked for the appointment invite that the victim noticed something else in his email. A message from CashApp, he told us verifying a recent transaction. "Money that I sent. I said 'no, no I didn't send money to nobody,'" the victim said. The victim said it was $700 total, although police said one transaction may not have gone through. The victim made a beeline to the security desk to confront the security officer. wreg.com

Florida man allegedly pulls a gun on Starbucks employee over botched order, but not on just any employee
He just wanted some cream cheese for the bagel. But when a Florida man allegedly pulled a gun at a Starbucks drive-thru, irate over a botched order, he unwittingly brandished the firearm at the local police chief's daughter, who was working the counter, according to Miami Gardens authorities. Chief Delma Noel-Pratt told local media that her 23-year-old daughter was berated with verbal and physical threats before she handed the driver his cream cheese and he drove off. "She felt in fear of her life," Noel-Pratt said. "It was upsetting to me to know that someone would go to that extreme not having cream cheese on his bagel." Separately, she told Local 10 News the incident hit close to home occurring just hours before she delivered remarks at a previously scheduled rally against gun violence. yahoo.com

Fargo, ND: Suspect Who Allegedly Stole Golf Carts In North Dakota and Other States Busted In Georgia
A man linked to the thefts of golf carts in North Dakota and six other states is in custody in Georgia. According to FBI officials, Nathan Rodney Nelson used the alias "Mason Weber" to secure self-storage units he used to store and transfer at least 63 vehicles since 2017. Nelson was reportedly apprehended with counterfeit vehicle documentation and burglary tools in Seminole County, Georgia, on Friday, June 11th. am1100theflag.com

Fort Worth, TX: Man armed with handgun robs 4 convenience stores early Monday

Coral Spring, FL: Theft In Coral Springs, June 9-15: At Least $41,200 Stolen In 26 Incidents

Submit Your New Hires/Promotions or New Position

Featured Job Spotlights
 

	Asset Protection Coordinator Rochester, NH - posted June 17 Preventing and deterring theft and limiting the loss of company assets in the stores through best-in-class service, healthy business partnerships, profit analysis, and investigations. Oversee and complete Asset Protection Department responsibilities including but not limited to internal theft investigations, external theft investigations, and physical security...
	Asset Protection Coordinator York, ME - posted June 17 Preventing and deterring theft and limiting the loss of company assets in the stores through best-in-class service, healthy business partnerships, profit analysis, and investigations. Oversee and complete Asset Protection Department responsibilities including but not limited to internal theft investigations, external theft investigations, and physical security...
	Asset Protection Coordinator Dover, NH - posted June 17 Preventing and deterring theft and limiting the loss of company assets in the stores through best-in-class service, healthy business partnerships, profit analysis, and investigations. Oversee and complete Asset Protection Department responsibilities including but not limited to internal theft investigations, external theft investigations, and physical security...
	Sr. Lead, Organized Retail Crime Baltimore, MD - posted May 25 The Sr Lead, Organized Retail Crime (ORC) is responsible for the direction and support of Organized Retail Crime (ORC) investigations, strategies and training to ensure the effective execution of asset protection and retail initiatives...
	Area Loss Prevention Manager Pittsburgh, PA - posted May 11 Our Area Loss Prevention Managers ensure safe and secure stores through the objective identification of loss and risk opportunities. Our Area Loss Prevention Managers plan and prioritize to provide an optimal customer experience to their portfolio of stores. They thrive on supporting and building high performance teams that execute with excellence...
	Area Loss Prevention Manager Sacramento, CA - posted April 20 Our Area Loss Prevention Managers ensure safe and secure stores through the objective identification of loss and risk opportunities. Our Area Loss Prevention Managers plan and prioritize to provide an optimal customer experience to their portfolio of stores. They thrive on supporting and building high performance teams that execute with excellence...
	Corporate Security Manager Calabasas, CA - posted April 6 The Corporate Security Manager will, among other things, (a) be responsible for ensuring a safe and secure environment for our employees, vendors, and visitors, (b) develop, manage, execute and continuously improve corporate security processes and protocols, and (c) lead a team of security specialists at our corporate offices...

Featured Jobs

To apply to any of today's Featured Jobs, Click Here

View Featured Jobs   |   Post Your Job
 

We want to post your tips or advice... Click here

Not getting the Daily? Is it ending up in your spam folder?
Please make sure to add d-ddaily@downing-downing.com to your contact list, address book, trusted sender list, and/or company whitelist to ensure you receive our newsletter. 
Want to know how? Read Here

FEEDBACK    /    downing-downing.com    /    Advertise with The D&D Daily