When we think about the Red Cross, we don’t think about AtlasCross; we picture people lining up to donate blood or volunteers helping with disaster relief and recovery. Many of us have a personal connection to the Red Cross, a loved one saved thanks to blood donation, or a family given shelter and food after a fire, flood, or tornado. The American Red Cross is the epitome of neighbors helping neighbors.
Because of this wholesome, overwhelmingly positive reputation, it unfortunately makes sense that cyber criminals who rely on social engineering techniques would try to capitalize on the Red Cross’s good name to trick victims into sharing personal information.
What Happened to the Red Cross with AtlasCross?
In late September 2023, an advanced persistent threat (APT) group deemed “AtlasCross” sent their victim pool an attachment called Blood Drive September 2023.docm
Inside was a file titled “Become a Blood Donor,” which secretly kicked off malware.PKG in the background. Just like that, the victims’ desire to do good backfired and endangered their private data. AtlasAgent, as the trojan was dubbed, would then begin stealing user information and system data.
What is an Advanced Persistent Threat Like AtlasCross?
Known commonly as APT, these threats encompass any sophisticated, long-term, undetected hack on your system. By remaining secretive, these bad actors can steal sensitive data over a prolonged period. They are known for being quite patient and persistent so that they can remain in a network for months or even YEARS without detection.
APT groups often target specific organizations or industries for long-term espionage or sabotage and use sophisticated tools to evade traditional security controls. That’s why advanced protection against advanced persistent threats is so important.
Once they have access to a network, APT attackers have a carte blanche; they can move laterally within the network, escalate their privileges, and easily steal sensitive data. In the case of the Red Cross, the software allowed AtlasCross to harvest information about the victims.
Why Phish as the Red Cross?
Threat actors often use “masks” of large organizations to increase their likely victim pool; in this case, the lure is doubled by using a charitable organization as a cover. Phishing scams often rely on pivotal emotions like goodwill, guilt, pity, and fear to create a sense of timeliness regarding their proposal. It makes sense why these amoral threat actors might choose the Red Cross as a mask.
This is why it is critical to beware of attachments, even when you THINK it’s coming from somebody you trust.
Whenever possible, go through the organization’s main site in a separate tab to ensure you communicate with the real team on secure channels. For example, the American Red Cross’s website allows potential blood donors to sign up for local blood drives on their secure site. NEVER send private information through insecure channels.
Avoid Getting Hooked by Phishers!
Be suspicious of any email that asks for personal information. Legitimate companies will not ask for your personal information via email.
Hover over links before you click on them. This will show you the actual URL to which the link goes. If the URL does not match the website the link is supposed to go to, do not click on it.
Be careful about opening attachments. Only open attachments from people you know and trust. If you are unsure about an attachment, do not open it.
Keep your software up to date. Software updates often include security patches that can help protect you from phishing attacks.
If you are unsure about an email or attachment, it is always best to err on the side of caution! Delete or verify the sender before doing anything else. Together, we can make the Internet a safer place to surf.
At Commonwealth Sentinel, we can evaluate your existing IT security and work with your team to improve it. We can also provide a complete source of services. At Commonwealth Sentinel, we stay focused on cyber security so you can focus on other things. Contact us today or sign up for a free consultation.
At Commonwealth Sentinel, we stay focused on cyber security so you can focus on other things.