Posts

Ghost-Ransomeware-Attack

Ghost Ransomware Widespread Attacks on Organizations Internet-Facing Devices

/in , , , /by

Frank Costa, President, Nexgen Protection Services on Ghost Ransomware: 

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have issued a joint advisory on Ghost ransomware (also known as Cring).

The advisory, which is primarily aimed at network defenders, provides critical details on Ghost ransomware activities, including:

  • Indicators of compromise (IOCs)
  • Tactics, techniques, and procedures (TTPs)
  • Detection methods

The data used to compile the advisory comes from FBI investigations into Ghost ransomware incidents. It highlights how Ghost actors are launching widespread attacks by targeting organizations that use outdated software and firmware on internet-facing devices. These threat actors often exploit publicly available code linked to Common Vulnerabilities and Exposures (CVEs) to gain access to vulnerable systems.

The advisory urges network defenders to carefully assess the risks and take appropriate measures to mitigate them. CISA also recommends reviewing the advisory and implementing its suggested mitigations. For additional guidance on ransomware protection, detection, and response, refer to the #StopRansomware initiative and the associated guide. More information on CISA’s Cross-Sector Cybersecurity Performance Goals (CPGs), including recommended baseline protections, is available on their website.

Source:
Alger, J. (February 21, 2025). CISA and FBI Issue Warning for Ghost Ransomware Activity. Security Magazine.
Hashtags: #protectionservices #securitystandards #publicsafety #mobilesecurity #securitythreats

 

Loss Prevention Strategies

Loss Prevention Strategies for Combating Organized Retail Theft

/in , , , , , , , /by

Frank Costa, President of NEXGEN Protections Services on Loss Preventions Strategies:

Organized retail theft (ORT) impacts more than just a retailer’s bottom line; it creates dangerous environments for both staff and shoppers. The increasing incidents of violence and aggression have pushed retailers to invest heavily in loss prevention strategies. In response, major retailers are partnering with technology innovators to strengthen their defenses. 

(ORT) involves coordinated efforts by professional thieves to steal large quantities of merchandise from retail stores. Unlike casual shoplifting, ORT is systematic, with stolen goods often resold through various channels, including online marketplaces. This form of theft has seen a significant rise in recent years, resulting in billions of dollars in annual losses for retailers.

Companies such as Walmart, Target, Lowe’s, Kroger, Macy’s, CVS, and others are at the forefront, using cutting-edge technology to deter and detect criminal activity. From advanced video surveillance systems to biometric cameras and autonomous security robots, retailers are deploying a formidable arsenal to combat the growing threat of ORT. Central to this technological revolution is the integration of artificial intelligence (AI), which enhances the sophistication and effectiveness of existing security measures.

Source:
Danielson, R. (February 20, 2025). Retail Resilience: Technology Strategies to Combat Organized Theft. Security Magazine.
Hashtags: #protectionservices #securitystandards #publicsafety #mobilesecurity #securitythreats



Law-Enforcement

New Framework for Law Enforcement to Make Ethical Decisions

/in , , , , /by

Frank Costa, President of NEXGEN Protection Services on Law Enforcement:

Europol released a new framework designed to help law enforcement make ethical decisions regarding the incorporation of new technologies into their work.

The framework is part of the report Assessing Technologies in Law Enforcement: A Method for Ethical Decision-Making, which provides a structured approach for evaluating new technology while ensuring the preservation of public trust and the protection of fundamental rights.

The goal of the framework is to ensure that the adoption and use of new technologies align with core values such as transparency, fairness, privacy, and accountability. By implementing this structured ethical framework, Europol aims to enhance public confidence in law enforcement’s use of technology, ensuring that innovation in policing aligns with societal values and legal safeguards.

The framework outlines steps to support law enforcement in making ethically sound decisions when using innovative technology. It encourages law enforcement agencies to ask the following four questions to assess the ethical appropriateness of technology:

  1. Consistency: Is the use of the technology always appropriate under similar conditions?
  2. Dignity: Does the technology usage demonstrate that law enforcement agencies are acting in the best interest of the people, rather than using their authority solely for other objectives?
  3. Public Acceptance: Would the use of this technology be acceptable to the public if it were made generally known?
  4. Accountability: Are the necessary competencies and resources in place to take responsibility for the use of the technology?

If the answer to any of these questions is “no,” Europol recommends rejecting or modifying the use of the technology in that specific case. If the answers are affirmative, Europol suggests law enforcement agencies evaluate the potential short-term and long-term consequences of using the technology. This step helps weigh the potential impacts on all parties involved and assess any biases that might arise.

Source:
Gates, M. (February 21, 2025). Europol Publishes Framework on Ethical Use of New Technology in Law Enforcement. Security Management Magazine.

 

Terrorist-Organizations

The Trump Administration Designates Several Cartels as Terrorist Organizations

/in , , , , , , /by

Frank Costa, President of NEXGEN Protection Services on Terrorist Organizations:

The Trump administration designated eight Latin American cartels as terrorist organizations on Thursday, a designation typically reserved for groups with political goals achieved through violence.

The U.S. Department of State filed the notice of the designation in The Federal Register on February 20. The action targets the following cartels:

  • Cartel del Golfo (CDG), also known as the Gulf Cartel and the Osiel Cárdenas-Guillén Organization
  • Cartel del Noreste (CDN), also known as the Northeast Cartel and Los Zetas
  • Cartel de Jalisco Nueva Generación (CJNG), also known as the Jalisco New Generation Cartel
  • Cartel de Sinaloa, also known as the Sinaloa Cartel, the Mexican Federation, and the Guadalajara Cartel
  • Carteles Unidos, also known as United Cartels, Tepalcatepec Cartel, Cartel de Tepalcatepec, the Grandfather Cartel, Cartel del Abuelo, and Cartel de Los Reyes
  • La Nueva Familia Michoacana (LNFM)
  • Mara Salvatrucha (MS-13)
  • Tren de Aragua (Aragua Train)

The eight cartels’ members are described as “foreign persons who have committed or attempted to commit, pose a significant risk of committing, or have participated in training to commit acts of terrorism that threaten the security of U.S. nationals or the national security, foreign policy, or economy of the United States,” according to the State Department filing.

Source:
Gates, M. (February 20, 2025). United States Designates 8 Cartels as Terrorist Organizations. Security Management Magazine.



security threats

Security Threats: Keeping Convenience Stores Safe

/in , , , /by

Frank Costa, President of NEXGEN Protection Services on Security Threats:

Store owners and operators often face security threats. A difficult balancing act between maintaining profits and implementing security measures—especially when the costs of security are presented alongside traditional profit generators like marketing or product stocking.

Convenience stores come in many forms, from the mom-and-pop bodega in New York City to the sleek Speedway on the side of a cross-country highway. Despite their differences, all of these stores serve millions of U.S. customers looking for a quick drink, snack, or pack of cigarettes.

Given the transient nature of the convenience store industry, it’s a business where you never know who will walk through your door at any given time. While the convenience of these stores appeals to patrons, it also attracts criminals. Thieves frequently target these locations in hopes of stealing cash and merchandise. Organized criminal groups tend to focus on items that can be resold on the black or gray market, such as cigarettes, alcohol, lottery tickets, or other popular products.

Some owners might assume that enhancing store security requires the latest (and possibly most expensive) surveillance system or locks. However, it’s essential to first assess the overall environment and understand the specific threats a store faces.

Larger companies with multiple locations, whether regionally or nationwide, often have security departments that can conduct risk assessments. Relying on these resources can help identify local crime trends and determine what factors might impact a particular store.

Source:
Mosqueda, S. (February 10, 2025). Keeping Convenience Stores Safe from Physical Threats. Security Management Magazine.


Fraud-Schemes-Continue-to-Rise

Fraud Schemes Continue to Rise

/in , , , , , /by

Frank Costa, President of NEXGEN Protections Services on Fraud Schemes:

Fraud remains a persistent problem that organizations continue to struggle with, including the U.S. Federal Trade Commission (FTC), one of the federal agencies tasked with addressing fraud schemes.

Below are some of the top fraud scams that affected individuals and organizations in 2024 and are likely to continue being a problem in 2025.

  1. Investment Scams
    This scam tactic has been around for ages. Fraudsters often present themselves with seemingly lucrative business opportunities that promise regular returns—if you invest immediately.
  2. Business Email Compromise (BEC)
    BEC schemes have been around since email was first introduced and typically occur in one of two ways, according to Schlereth.
    Fraudsters either spoof a legitimate email address or domain name, often adding an extra letter so the sender appears authentic at a quick glance. Alternatively, they may use social engineering to obtain an employee’s credentials and then log into the victim’s work email. CFOs and CEOs are particularly lucrative targets.
  3. Check Fraud
    What’s old is new again. Check fraud surged last year, especially after individuals posted videos on social media showing themselves writing bad checks, depositing them at ATMs, withdrawing cash before the check bounced, and sharing their behavior.
    “Fraudulently altered checks can cause significant losses to financial institutions and disrupt bank operations,” the report states. “Due to the nationwide surge in check fraud targeting U.S. mail, the Financial Crimes Enforcement Network (FinCEN) issued an alert urging financial institutions to be vigilant in identifying and reporting such activity.”
  4. Impersonation Fraud
    In this scam, criminals claim victims are suspects in financial crimes and threaten arrest or violence unless they pay the criminals. Additionally, fraudsters are impersonating customer service and tech support providers, often targeting individuals over 60 by phone. They claim that the victim’s computer has been compromised and needs immediate repair.

Source:
Gates, M. (February 1, 2025). Trend Alert: 4 Fraud Schemes to Watch in 2025. Security Management Magazine.

 

Security Protection

Executive Security Protection: Risks, Extremist Influencers, Shifting Tactics

/in , , , , , /by

Frank Costa, President of NEXGEN Protection Services on Security Protection:

Concerns about executive safety remain high. Not only was UnitedHealthcare CEO Brian Thompson tragically killed in December 2024, but there have also been multiple other incidents involving threats against business executives. Additionally, social media influencers and other sources have incited calls for similar attacks.

High-level executives without an executive security protection (EP) team are increasingly vulnerable to becoming targets.

The heightened emotional climate surrounding politics and public figures has made executive protection more challenging—and more essential. Politically motivated threats were notably higher in 2024. More than 50 members of Congress were victims of swatting attacks, and 700 members had faced threats the previous month. (Many threats were not publicly reported, so they are not included in TorchStone’s official threat count.)

Tactics are also evolving. Threat incidents are now categorized as verbal or written threats, harassment, stalking, physical attacks, and other crimes, which may include financially motivated offenses such as robberies, home invasions, and property crimes.

Source:
Gates, M. (February 5, 2025). EP Trends: Residential Risks, Extremist Influencers, Shifting Tactics. Security Management Magazine.



Fraud-Detection-with-Video-Surveillance-Analytics.

Ways to Boost Fraud Detection with Video Surveillance & Analytics

/in , , , , , /by

Frank Costa, President of NEXGEN Protections Services on Fraud Detection:

Fraud costs the financial sector billions of dollars each year. It’s a persistent challenge for banks globally, made more complex by increasingly sophisticated fraud tactics and methods.

To stay ahead of fraud, financial institutions must leverage every available tool to protect their customers and assets. One such tool is video surveillance and analytics. By integrating video technology with fraud detection systems, banks can gain real-time insights, spot patterns, and take a proactive approach to security. This not only helps detect fraud but also prevents it from escalating.

  1. Real-Time Fraud Alerts
    Fraud detection systems generate a massive amount of data, but not every alert indicates a genuine threat. Video surveillance adds a critical visual layer, helping differentiate between legitimate fraud and false alarms.
  2. License Plate Recognition
    Drive-up ATMs and tellers face unique security challenges, especially in suburban and rural areas. License Plate Recognition (LPR) technology, integrated with video systems, offers a powerful way to identify vehicles linked to fraudulent activities. This information can be used to flag repeat offenders or known fraudsters.
  3. Behavioral Analytics
    ATM skimming is one of the most persistent threats to banks. Video surveillance equipped with behavioral analytics can identify suspicious patterns, such as individuals loitering near ATMs without conducting transactions or using multiple cards in quick succession.
  4. Integrated Surveillance
    ATM jackpotting—where criminals manipulate ATMs to dispense large amounts of cash—is a growing global issue. Combining video surveillance with physical sensors offers an effective defense. Cameras can detect unusual activity, like tampering, suspicious vehicles parked near ATMs, or vehicles with no license plates, and trigger real-time alerts.
  5. Loitering Detection
    Ensuring customer safety, especially at ATMs after hours, is a top priority for banks. Video surveillance with loitering detection analytics can identify individuals lingering near ATMs for extended periods, enabling timely intervention.
  6. Video Storage with Hybrid Solutions
    Storing surveillance footage for extended periods can be expensive. Hybrid storage solutions, which combine on-premises and cloud-based video storage, offer a practical alternative. Banks can securely store critical footage without the need for large-scale on-site infrastructure.
  7. Camera-to-Cloud Solutions for Remote Monitoring
    In some areas, installing on-site recorders can be impractical due to space or connectivity issues. Camera-to-cloud solutions address this by streaming video directly to the cloud. This eliminates the need for on-site hardware while maintaining full surveillance capabilities.
  8. Disaster Preparedness for Video Data
    Natural disasters pose a significant challenge to video surveillance systems. To mitigate this risk, banks should ensure that critical footage is preserved, even when on-site systems are compromised. Centralized evidence archiving allows banks to offload important video data to secure locations before a disaster strikes.

Transforming Fraud Prevention with Video Analytics

Video surveillance and analytics are revolutionizing fraud prevention, equipping banks with powerful tools to detect threats in real-time, enhance customer safety, and streamline security operations. From preventing ATM skimming and jackpotting to addressing loitering and improving evidence management, integrating video technology with existing systems strengthens banks’ ability to combat financial crime.

Source:
Corral, J. (February 5, 2025). 8 Ways to Boost Fraud Detection with Video Surveillance and Analytics. Security Management Magazine.



To-Increase-Security-Invest-in-Inclusion

To Increase Security, Invest in Inclusion

/in /by

Frank Costa, President NEXGEN Protection Services —

A core principle of buy-in strategies is simple: when people feel personally invested in an activity, they are more likely to want to see it succeed. However, many organizations fail to make frontline employees feel that their involvement is vital to the success or failure of the company. One effective way to foster this sense of ownership is by creating an inclusive workplace.

“When people feel cared for in the workplace, that sense of care often extends to their attitudes toward coworkers, customers, and leadership.”

From a security standpoint, this means involving employees in shaping security policies, procedures, and changes. It’s essential to gather input directly from those on the frontlines to ensure that security measures align with the needs of both employees and customers. Addressing their concerns and questions helps strengthen overall security efforts.

Building connections, trust, and inclusivity can yield substantial benefits for security. “It doesn’t take much to lose trust, but if leaders can foster it and create an environment of psychological safety, that trust can spread throughout the organization.”

Source:
Meyer, C. (July 3, 2025). To Increase Security, Invest in Inclusion. Security Management Magazine.



Incident Report

Well-Written Incident Reports: An Essential Element of Effective Public-Private Partnerships

/in , , /by

Frank Costa, President NEXGEN Protection Services —

Receiving well-written, complete, and timely incident reports from private security partners is a critical aspect of any case. While verbal witness statements can be helpful, they do not provide the level of detail that investigators need to understand the full scope of a case.

In recent years, there has been growing emphasis on the importance of effective partnerships between private security and public law enforcement. As the demands on law enforcement increase alongside recruiting challenges and shrinking budgets, private security will inevitably take on more responsibilities traditionally handled by public agencies.

With law enforcement struggling to meet the rising demand for their services and facing a shortage of new officers, the burden of safety and security falls increasingly on private security personnel. This shift means that private security must excel in all aspects of their role. One core requirement is proficiency in writing comprehensive and factual Case Incident Reports (CIRs).

Furthermore, the ability of private security officers to write clear and effective reports becomes especially crucial when facing legal challenges. In the eyes of the court, if an event isn’t documented, it essentially didn’t happen.

 

Source:
Conley, T. (January 20, 2025). Well-Written Incident Reports Are an Essential Element of Effective Public-Private Partnerships. Security Management Magazine.