CYBERSECURITY Tom Meehan, CFI Jozsef Bagota / Shutterstock.com
Meehan is retail technology editor for LPM as well as chief strategy officer and chief information security officer for CONTROLTEK. Previously, Meehan was director of technology and investigations with Bloomingdale’s, where he was responsible for physical security, internal investigations, and systems and data analytics. He currently serves as the chair of the Loss Prevention Research Council’s (LPRC) innovations working group. Meehan recently published his first book titled Evolution of Retail Asset Protection: Protecting Your Profit in a Digital Age. He can be reached at TomM@LPportal.com.
Global Cyber Warfare and the Possibility of a “New” World War T
Ransomware attacks have become much more common. As more hackers enter the “business” of ransomware, they tend to target smaller businesses that are more vulnerable to cyberattacks and more likely to pay the ransom to regain access to their systems.
he idea of a third World War seems like something in the far distant future, to be explored in books and movies rather than in real life. However, with the growing prevalence of cyberattacks, many of which come from government bodies, the potential of cyber warfare might push us much closer to the brink of war than we realize. Hackers use ransomware to encrypt their victims’ data and lock them out of their networks. Then, the hackers offer victims a key in exchange for a ransom that can run into hundreds of thousands or even millions of dollars, usually paid in cryptocurrency to make it near impossible to trace the ransom payment. Sometimes victims regain access to their data without any issues after paying the ransom. However, the real concern is for organizations that pay the ransom, only for hackers to delete their data or leak sensitive data like customer information, credit card numbers, social security numbers, and classified corporate or government data to the dark web for other bad actors to exploit.
Today’s Biggest Cyber Threat Ransomware has become a popular type of cyberattack in recent years, with ransomware gangs operating around the world in countries like Russia, China, and North Korea. These cyber gangs November–December 2021
even offer “ransomware as a service,” selling their malware on the dark web for anyone to use— and business is booming. As hundreds of headlines proclaim just how profitable ransomware can be (like the announcement that Colonial Pipeline paid nearly $5 million in ransom to recover its stolen data in May of this year), more bad actors are drawn to the ransomware business in pursuit of a quick profit. As more hackers enter the “business” of ransomware, they tend to target smaller businesses that are more vulnerable to cyberattacks and more likely to pay the ransom to regain access to their systems. The widespread use of cryptocurrencies, such as bitcoin, has made it even easier for hackers to receive ransoms as well. According to a recent report from cybersecurity firm Sophos, the average cost of recovering from a ransomware attack has doubled, increasing from $761,106 in 2020 to $1.85 million in 2021 and becoming higher than the ransom itself. Another company, Chainanalysis, found that ransomware attacks led to at least $350 million in ransom payments in 2020, a 311 percent increase compared to 2019. However, it is difficult to estimate the full financial impact of these attacks because ransomware is highly underreported.
| 60 |
LossPreventionMedia.com
A Pattern of Ransomware Originating from Overseas In June 2021, the FBI reported that they were investigating around 100 different types of ransomware, many of which trace back to actors in Russia. In fact, some of the biggest cyberattacks in history have happened in the past 12 to 18 months alone, and most of them came from hacker groups in China and Russia. Although these groups are usually not official state actors, both the Chinese and Russian governments have a reputation for ignoring international calls to crack down on cybergangs in their jurisdictions, essentially protecting these groups and sometimes even enabling their operations. In December 2020, SolarWinds, a major US information technology firm, discovered it was the victim of a massive cyberattack that targeted the company’s clients, affecting approximately 18,000 government agencies and businesses. A group of state‑sponsored hackers working with the SVR, Russia’s foreign intelligence service, added malware to a legitimate software update that created a backdoor into the software, allowing the hackers to enter victims’ systems whenever they wanted. Some of the victims of the SolarWinds attack include parts of the Pentagon, DHS, the State Department, the Department of Energy, and the Treasury, along continued on page 62
