Tomas Knopp / Shutterstock.com
CYBER SECURITY
Garett Seivold, LPM Senior Writer Garett Seivold is senior writer for LPM. A trained journalist, he has spent the majority of his career writing about security, risk management, supply chain, and loss prevention topics. He can be reached at GarettS@LPportal.com.
Ransomware Thrives in Retail with Focus on COVID F
Mat Newfield
It’s not surprising to see people’s level of concern for their personal safety jump in light of the global health crisis.
or more than a year, the pandemic has been consuming most of the bandwidth that people have for “things to worry about.” Consequently, the risk of ransomware seems to have fallen somewhat off the radar, suggests a new study by Unisys. But such attacks haven’t slowed much, and retailers are still vulnerable as indicated by attacks in April on premium men’s wear brand Boggi Milano and a Canadian hardware chain with 1,050 stores, Home Hardware Store, Ltd. In the latter case, the DarkSide ransomware group posted a sampling of the corporate data it had copied from the retailer, which it threatened to release publicly unless the company contacted the attackers to arrange payment for decryption keys. A company spokesperson acknowledged the attack in an email to ITWorldCanada.com but wouldn’t say how much the ransom was for. The stolen documents were reported to include the privately held
Complacency is especially evident in the US—24 percent of Americans are less likely to say they’re concerned about a data breach during the pandemic than the global average.
retailer’s financial reports and documents relating to a recent acquisition. The attack on Boggi Milano, which operates approximately 200 shops in thirty-eight countries, was carried out by a hacker group called Ragnarok. It claimed that its attack on company servers included theft of forty gigabytes of corporate data including human resource files such as salary information, and the company confirmed it was the victim of a cyber attack. Both attacks reflect a trend in ransomware attacks since 2019. Hacker groups not only lock up their targets’ systems and deny them access to files, but also exfiltrate data. The strategy has proved effective, forcing many organizations—even ones capable of recovering their systems through backups—to still pay attackers to prevent the publishing of their data online. It is that backdrop that makes results from the 2020 Unisys Security Index worrisome. While remote work and data sharing persist, people generally are growing complacent about internet security, the results suggest. Overall concerns around internet security, including computer viruses and hacking, dropped thirteen points from 2019 levels in the survey’s zero to 300 index, despite a significant
May–June 2021
| 58 |
LossPreventionMedia.com
increase in the number of cyber attacks in 2020. The company’s analysts suspect that a laxer attitude toward online security is because people have been so focused on health and personal well‑being. Complacency is especially evident in the US—24 percent of Americans are less likely to say they’re concerned about a data breach during the pandemic than the global average. “It’s not surprising to see people’s level of concern for their personal safety jump in light of the global health crisis,” said Mat Newfield, chief information security officer at Unisys. “However, the fact that it is not only matched by but also exceeded by a drop in concerns around hacking, scamming, or online fraud reflects a false sense of consumer security.” Individuals seem to be paying a price for their diverted attention. The number of online crimes reported to the FBI’s Internet Crime Complaint Center has jumped nearly 400 percent during the pandemic, with up to 4,000 incidents per day. But individuals’ lack of focus can also impact retailers and other employers, warn Unisys analysts. According to Newfield, the survey results underscore the need for businesses “to ensure Continued on page 60
