Tag: cyber threat

AI, Security, Tech

GoldAxe was wrong, here’s why…

Consider following on social media!

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

Throughout the years, keep in mind, that we didn’t start the fire.
Photo by Brett Jordan, please support by following @pexel.com

Throughout the many years of us being on this planet, this rock, this existence, or whatever you would like to call it. The complexity of life hasn’t lessened with the release of the Matrix. If you haven’t seen the movie, check it out. It’s a really good movie, it just ugh, will have you question your whole existence. Like “What even am I?” Questioning life aside, you’re probably wondering what new and exciting way technology is being exploited and the possible way your information is being collected. With the recent brainwashing rise of getting everyone comfortable with using AI (artificial intelligence), facial recognition has been employed in scams. We don’t feel the threat in the great US because, well… too much violence (guns, bad, people, worse) but in a nutshell, be glad you don’t live in Thailand. They have a whole different banking system set up over there.

AI is learning what you like, it’s always watching.
Photo by Pixabay, please support by following @pexel.com

The Attack

Facial recognition, what is it? In simple terms, the device uses the images from your face that it captures so when it comes time for a function to be completed, the device knows that it is you and will complete that function or task. In complex terms; the device captures your images with the camera with an overlay of dots which are a kind of reference point for certain sectors of your face, stores them, finds key features from your face that pair up with the stored image data, this could be anything like a mole, birthmark, or beauty mark, (not sure if women still use that term nowadays), once the process is complete and everything checks out. Congrats, you got in. You are now the one. This whole process is done in ones and zeros and is done in nano-to-milliseconds, you don’t care but it’s still nice to know. We’re all nerds here, of course. Armed with the knowledge of what biometrics or an item of what it is, here’s the attack. Threat actors can use your likeness to get into many areas of your life. Areas such as your phone, financial institution, and pretty much anywhere that requires the use of your facial recognition. Alarming, we know, however, people tend to think “They won’t get anything from me, they’re just practicing.” That’s true if you’re getting robbed at an ATM, however, getting robbed online is a whole new and hard-to-catch ball game.

We see all your secret…purchases.
Photo by Almada Studio, please support by following @pexel.com

Who Can It Be Now

So, who would do something like this we can hear you ask. Clearly, they’re a monster although they might live in a poor country, and this might be a way for them to feed their family. Ha, guilt trip engaged, just because they’re the villain in your story doesn’t mean they’re a villain in others. A group by the name GoldFactory was factored in for the use of the trojan called “GoldPickaxe”, they were spotted some time ago in Thailand and maybe Vietnam. GoldPickaxe was created with the intent to collect face profiles, identification documents, and text messages from the victim’s phone. All of this gave them access to having great names like GoldDigger, GoldDiggerPlus, and GoldKefu given to them by researchers.

Enjoy the read so far? Why don’t you consider subscribing so you can keep up to date?

I’m not into computers, but I want in on your wallet.
Photo by Basian Riccardi, please support by following @pexel.com

That Sinking Feeling

How does the GoldPickaxe work? As mentioned earlier, GoldPickaxe will infect the victim’s device and begin to collect any information pertaining to facial recognition, and this includes their ID card. Once this information is collected, the threat actor can then gain access to anything tied to the victim. This is a massive problem because, in Thailand, their banking system requires them to use facial recognition to access their accounts. So, pretty much, there’s no way around it, you have to use your face to withdraw or make a deposit.

Hackers are gonna hack.
Photo by Matthew DeVires, please support by following @pexel.com

The Prevention

You don’t want someone to use your face and make a withdrawal from your account? You may be wondering how you protect yourself from something like this happening to you. Since these play on 2MFA (2 multi-factor authentication), you would have to add another level of protection from threat actors having access to your accounts. The best way to think of this is having vault door upon vault doors to protect your valuables. A setup of this would be a password, SMS message verification, email verification, and facial recognition. It may seem like a lot of work to protect what’s important but it’s better than not having anything important to protect.

If you have gold, we’ll be coming for you. That’s GoldFactory’s stand.
Photo by Dakota Edwards, please support by following @pexel.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, sharing this with whomever, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Do you feel like there is something I may have missed on GoldPickaxe? Script a comment below.

Cloud Talk, Programming, Security, Tech

Breaching the Great Lakes

Consider following on social media!

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

I don’t know what this website is but they’re talking about something on data. Did we have a issue with data?
Photo by RDNE Stock project, please support by following @pexel.com

We as humans, take many things for granted. Family, friends, pets, and quite often, our personal information. We often share our personal data to make purchases or access services, and we expect it will be protected and used responsibly. But how often is this true?

Many organizations sometimes fail to safeguard or even bravely misuse our information for their own purposes. Then go on record saying that it’s a “you problem” and not a “them problem”, which is kinda correct because you didn’t bother to read the twenty-two-page privacy agreement policy.

Word to the wise, start reading those policies. You’ll start to see how jacked-up companies really are. But outside of the evil corporate overlords being okay with you skimming over the fine print, there is a bigger threat to your information, and it happens more than you would think.

Don’t worry, we have you covered on this one. We’re going to be going over what kind of attack this is, who uses it, the functionality and effects upon release, and what are some of the ways you can keep your information safeguarded better than most companies you’ve done business with.

Yea, I’m about to read another one. Forget work, they’re keep me in the know on threat actors.
Photo by Andrea Piacquadio, please support by following @pexel.com

The Attack

So, what is this attack that most companies just can’t seem to stop? Well, let’s get you acquainted with what’s called a data breach. For those who might not know, a data breach is a serious incident that can compromise the security and privacy of individuals or organizations.

It occurs when sensitive, protected, or confidential data is accessed, copied, transmitted, viewed, stolen, altered, or used by someone unauthorized. Data breaches can have various causes, such as hacking, phishing, malware, insider threats, human errors, or physical theft.

What’s that? They just take your information, that’s not a big deal we can hear you say. While true however stay tuned because data breaches can result in, but are not limited to, financial losses, reputational damage, legal consequences, or identity theft for the affected parties.

Dude 1: Bro, catfishing chicks isn’t illegal.
Dude 2: It’s not but phishing is. You might want to change your username, that’s all I’m saying.
Dude 1: Nah, you worry too much. It’ll be fine.
Photo by Wendy Wei, please support by following @pexel.com

Who Can It Be Now

In this crazy world, who would use such a dirty tactic to harm people? The real answer is it could be anyone. There are times when individuals or groups are named but for the most part, a data breach could be on anyone’s part.

One possible suspect, which is a popular case and highly likely in this day and age, is an unhappy employee who may be in the running to leave the company. They might have access to sensitive data and could leak it to competitors or seek to harm the organization.

A few things that could lead up to this would be but are not limited to; sharing passwords with others, the downloading of unauthorized software or applications on company device systems, and networks that can be compromised by negligence, ignorance, or malicious intent. In simpler terms, business owners, if you want to keep your business healthy, try keeping your workers happy.

Always follow the notion that it’s cheaper to keep them. Ah, that good old married life.

Enjoy the read so far? Why don’t you consider subscribing so you can keep up to date?

I was reading a few scripts on Scriptingthewhy and I think it’s about time we came up with a better place to house the voters’ information.
Photo by Mikhail Nilov, please support by following @pexel.com

That Sinking Feeling

Sometimes, these breaches involve voter information, such as names, addresses, party affiliations, or voting histories. This can pose a serious threat to the privacy and security of voters, as well as the integrity of the electoral process. How does this happen you may wonder.

As mentioned before, data breaches can occur due to various reasons, such as hacking, phishing, insider threats, human error, or natural disasters. Pretty much anything that may be considered critical information that is not authorized access to the individual is a data breach.

So, what could be done with this information? Well, a number of things, none of them good. Your information could be sold, or collected, threat actors could pose as you to others you know in order to trick them into giving sensitive information about you or themselves. The mess of a data breach is limitless, and one should act quickly when compromised.

That’s right voter, if germs can’t have your vote than neither should criminals.
Photo by Edmond Dantes, please support by following @pexel.com

The Prevention

Not sure if your information was a part of a data breach? Well, we’re here to tell you more than likely it was. As mentioned, all companies are susceptible to their data being leaked.

To prevent or mitigate data breaches, organizations that handle voter information should adopt best practices for data protection because if threat actors have your voter information, then they have your vote. Best practices such as encryption, authentication, backup, and monitoring help to ensure you have a secure connection. you may not always notice the signs of a cyberattack, especially if it targets your social media habits.

For example, you may see a change in the content you view online, such as going from cute animals to political messages. This could be a way of manipulating your opinions or influencing your decisions.

To prevent this, you should regularly check your accounts and settings, and be aware of what you share online. You can also use a website like “HaveIBeenPwned.com” to see if your email or password has been compromised in a data breach.

You can reduce the subconscious effects of these hidden influence strategies by educating yourself. You can watch documentaries like “The Big Hack”, read about how Russia used social media to interfere in Ukraine, the Brexit scandal, and the recent US elections, and learn how social media and voter data are used to manipulate elections.

One way to resist social influence is to be aware of its presence. When you see different people and posts on your Facebook timeline during an election period, don’t assume they are genuine. They might be bots trying to sway your opinion with customized information based on your profile.

So wait, you’re saying that my information was leaked and since it was my voter information, the “threat actors” were able to sway me via social media and advertisement to vote for someone who I didn’t even like in the first place?
Photo by Edmond Dantes, please support by following @pexel.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, sharing this with whomever, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Do you feel like there is something I may have missed on data breaches? Script a comment below.

Tech

Never Going Trip Again

Consider following on social media!

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

Scriptingthewhy, what do you mean I’ll never vacation again? I can’t do it now.
Photo by Robert Nagy, please support by following @pexel.com

After reading this, you just may never trust writing a review ever again. And you know what, we don’t blame you. It’s getting pricey just to exist. We all enjoy traveling to new places, especially with our partners.

You may have seen or shared some photos of yourself or others on their romantic getaways from the kids, job, or life just in general on social media. But let’s say you visited a vacation spot, and it left a sour taste in your mouth, clearly, your next course of action is to fire up your computer and write a review.

However, you may want to hold your horses before letting that Sandals resort owner know how you really feel because not all websites are created equal or with good intentions.

We’re going to be going over what kind of attack this is, who is using it, the functionality and effects upon release, and what are some ways you can prevent this from being the beginning to the end of your vacations.

Oh, would you look at that, someone else filed another complaint. That would hurt my business…if they were complaining on the real website.
Photo by Mikhail Nilov, please support by following @pexel.com

The Attack

We as humans have a common tendency to seek out others who align with our current or pending point of view. Sometimes when we can’t find this we may resort to posting online as a signal for someone to agree or just be wrong in their thought.

But given the current growing threat in the landscape of the internet, it seems like those days are about to be numbered due to malicious actors making use of the complaint form of TripAdvisor as an attack vector for cyber-attacks. This may sound absurd, but like Spandau Ballet, this much is true.

We revamped the malware and made it better. Don’t call it a comeback.
Photo by Cleber wendder Nascimento, please support by following @pexel.com

Who Can It Be Now

So, an old menace brings an onset of new challenges. The group operating behind the Cyclops campaign back in May 2023 had revamped and offered Knight ransomware as RaaS (Ransomware-as-a-Service)—this is the act of offering the use of ransomware with different payment plans to interested parties, on the RAMP hacking forum.

This was done with the intent to invite affiliates to join their scheme and share the profits from extorting victims. We’re not sure as to how many partake in this invite but it’s something to keep an eye out for.

Enjoy the read so far? Why don’t you consider subscribing so you can keep up to date?

I didn’t download a file, did I? How would I remember? I was just trying to get off the computer. 36 hours a day at work is driving me mad.
Photo by Mikhail Nilov, please support by following @pexel.com

That Sinking Feeling

So, how does something like this work, well, we’re glad you asked. This campaign was spotted by Bleeping Computer and after analyzing they found an HTML (Hypertext Markup Language) file, “TripAdvisor-Complaint-[random].PDF, htm”. When opening the file, a fake browser window is launched within the real one. This window displays a TripAdvisor website however, this is a spoofed domain name and URL (Uniform Resource Locator). This technique is called browser-in-the-browser (BitB).

This aims to trick users into thinking they’re on a trusted site but in reality, the stealing of your credentials is pending. What makes BitB attacks more dangerous is, unlike normal phishing attacks where the user is redirected to a malicious website, BitB attack does not require the victim to click on any link or download a file because the fake browser window is embedded in the HTML attachment itself. The user may not notice the difference between the real and fake browser windows, this is unless they pay close attention to the details or have security tools in place for detecting phishing attempts.

However, the fun doesn’t stop there, when interacting with this particular BitB, it pretends to be a complaint submitted, asking for the user to review it. When clicking on the “Read Complaint” button, an Excel XLL file is downloaded named “TripAdvisor_Complaint-Possible-Suspension.xll”.  This file delivers the malware payload to encrypt files appending the “.knight_l” extension to encrypted files’ names, where ‘l’ portion likely stands for ‘lite’.

Once this process is complete a ransom note will be created named “How to Restore Your Files.txt” in all the folders of the computer. The note will demand a payment of $5,000 to be sent to a listed Bitcoin address. Trust us, even if you find the means to pay the ransom, there will be no restoration of your files.

They said they revamped it and made it better, but it still looks the same to me.
Photo by Pixabay, please support by following @pexel.com

The Prevention

While reading this you probably think it’s the end of the world and that you may never go on vacation again. We’re here to tell you, that is not the case. A few ways of protecting yourself is familiarizing yourself with the actual website. When visiting a website make sure you look for “https” and a lock image in your search bar as this will ensure that not only the site is secure, but your personal information is encrypted.

Some fake websites will be harder to spot since scammers are kind of clever, so they’ll be sure to come as close to mimicking the real website as possible, but a bit of mindfulness and staying up to date with your operating system and rising threat trends could safeguard you for your next vacation.

Always remember it’s better to file a complaint with the real TripAdvisor. Sure, they might not listen to you and take your money but it’s better than the alternative of scammers holding your data hostage with the intent to sell at a cost way lower than that Sandals resort owner had charged you.

They charged me an “existence fee”. How do you someone for just being in the area!?
Photo by Mikhail Nilov, please support by following @pexel.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, sharing this with whomever, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Do you feel like there is something I may have missed on Knight ransomware? Script a comment below.