A new hacking group called AtlasCross is targeting organizations with phishing lures impersonating the American Red Cross. The group uses macro-enabled Word documents to deliver backdoor malware to victims' devices.
The phishing emails typically contain a link to a malicious website or an attachment containing a macro-enabled Word document. If the victim opens the attachment and enables macros, the malware will be installed on their device.
The malware used by AtlasCross is called DangerAds and AtlasAgent. DangerAds is a system profiler and malware loader, while AtlasAgent is a backdoor that allows attackers to remotely control the victim's device.
Once the attackers have control of the victim's device, they can steal sensitive data, such as login credentials, financial information, and trade secrets. They can also use the device to launch further attacks against other organizations.
Bill Toulas, CEO of NSS Labs, aptly notes, "The AtlasCross phishing campaign is a reminder that even the most sophisticated organizations can be targeted by cybercriminals. It is important to be vigilant and take steps to protect yourself from these attacks."
How to protect your organization from AtlasCross phishing attacks:
- Exercise Caution with Unsolicited Emails: Especially those bearing attachments or links.
- Scrutinize Known Senders: Verify email addresses to confirm legitimacy.
- Exercise Restraint with Unknown Emails: Refrain from opening attachments or clicking links if authenticity is in doubt.
- Disable Macros in Microsoft Office: Unless they are absolutely essential, it's prudent to keep macros disabled to thwart potential malware delivery.
- Maintain Updated Software: Ensure your operating system, web browser, and antivirus software are up-to-date, as these updates frequently contain vital security patches.
- Employee Education: Provide thorough training on recognizing and evading phishing attempts, as employees are the first line of defense.
- Utilize a Robust Security Solution: Employ a solution adept at detecting and thwarting phishing emails based on various indicators.
- Segment Your Network: Isolate devices to prevent easy lateral movement in case of a compromise.
- Enforce Stringent Password Policies: Implement multi-factor authentication to bolster device and account security.