Article Read Time
When we think about the Red Cross, we don’t think about AtlasCross; we picture people lining up to donate blood or volunteers helping with disaster relief and recovery. Many of us have a personal connection to the Red Cross, whether it’s a loved one saved through blood donation, a family given shelter and food after a fire, flood, or tornado, or simply a sense of gratitude for the organization’s work. The American Red Cross epitomizes neighbors helping neighbors.
Because of this wholesome, overwhelmingly positive reputation, it is unfortunately understandable that cybercriminals who rely on social engineering techniques would try to capitalize on the Red Cross’s good name to trick victims into sharing personal information.
What Happened to the Red Cross with AtlasCross?
In late September 2023, an advanced persistent threat (APT) group deemed “AtlasCross” sent their victim pool an attachment called Blood Drive September 2023.docm
Inside was a file titled “Become a Blood Donor,” which secretly kicked off malware.PKG in the background. Just like that, the victims’ desire to do good backfired, endangering their private data. AtlasAgent, as the trojan was dubbed, would then begin stealing user information and system data.
What is an Advanced Persistent Threat Like AtlasCross?
Known commonly as APT, these threats encompass any sophisticated, long-term, undetected hack on your system. By remaining secretive, these malicious actors can steal sensitive data over an extended period. They are known for being quite patient and persistent, allowing them to stay in a network for months or even years without detection.
APT groups often target specific organizations or industries for long-term espionage or sabotage, utilizing sophisticated tools to evade traditional security controls. That’s why advanced protection against advanced persistent threats is so important.
Once they have access to a network, APT attackers have carte blanche; they can move laterally within the network, escalate their privileges, and easily steal sensitive data. In the case of the Red Cross, the software allowed AtlasCross to harvest information about the victims.
Why Phish as the Red Cross?
Threat actors often use “masks” of large organizations to increase their likely victim pool; in this case, the lure is doubled by using a charitable organization as a cover. Phishing scams often rely on pivotal emotions, such as goodwill, guilt, pity, and fear, to create a sense of urgency regarding their proposal. It makes sense why these amoral threat actors might choose the Red Cross as a mask.
This is why it is critical to beware of attachments, even when you THINK it’s coming from somebody you trust.
Whenever possible, go through the organization’s main site in a separate tab to ensure you communicate with the real team on secure channels. For example, the American Red Cross’s website allows potential blood donors to sign up for local blood drives on their secure site. NEVER send private information through insecure channels.
Avoid Getting Hooked by Phishers!
Be cautious of any email that requests personal information. Legitimate companies will not ask for your personal information via email.
Hover over links before you click on them. This will display the actual URL to which the link directs. If the URL does not match the website the link is intended to direct you to, do not click on it.
Be careful about opening attachments. Only open attachments from people you know and trust. If you are unsure about an attachment, do not open it.
Keep your software up to date. Software updates often include security patches that can help protect you from phishing attacks.
If you are unsure about an email or attachment, it is always best to err on the side of caution! Delete or verify the sender before proceeding. Together, we can make the Internet a safer place to surf.
At Commonwealth Sentinel, we can assess your existing IT security and collaborate with your team to enhance it. We can also provide a complete source of services. At Commonwealth Sentinel, we stay focused on cyber security so you can focus on other things. Contact us today or sign up for a free consultation.
At Commonwealth Sentinel, we stay focused on cyber security so you can focus on other things.