Hackers have been using this technique for years
Recently though, researchers at the security company Cofense have spotted a new twist to the ploy, aimed squarely at Human Resources (HR) departments. The recently detected campaign uses fake resume attachments to deliver Quasar Remote Administration Tool. It is affectionately known as RAT. It tries to get any unsuspecting Windows user who can be tricked into jumping through a few hoops.
Here's how it works
An email containing a document that appears to be a resume is sent to someone in a given company. The document is password-protected, but the password is politely included in the body of the email, and is usually something simple like '123.' If the user enters the password, a popup box will appear, asking the user if he/she wants to enable macros.
Here's where it gets interesting
If the macros are allowed to run, they'll display a series of images and a message announcing that content is loading. What it's actually doing is throwing out garbage code that's designed to crash analysis and detection tools while RAT is installed quietly in the background.
At that point, the system is compromised. RAT's capabilities give the hackers the ability to open remote desktop connections, log keystrokes and steal passwords, record any webcams in use, download files, and capture screenshots of the infected machine.
Worst of all, the first part of the infection process knocks out most detection programs. So, the hackers generally have a large window of time to take advantage of the newly created beachhead. That can cause all manner of havoc in your network or simply choose to quietly siphon proprietary data from your systems.
Our perspective
Be on the alert and make sure your HR staff is aware. This is a nasty campaign and it's just hitting stride.
As Hill Street Blues' Sgt. Esterhaus always advised: "Hey, let's be careful out there!"
Meanwhile, check out this report
This free executive report may give you insights into how to build your business with safe IT environments: 10 Hidden IT Risks That Might Threaten Your Business and 1 Easy Way to Find Them
The author
Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPia Blogs. I am also available on LinkedIn, Facebook, and Twitter.
I am Denis Wilson, President and Principal Consultant for DWP Information Architects. I help professionals grow their business by building a foundation of rock-solid information solutions for smaller healthcare, insurance, financial, legal, and nonprofits firms in Ventura County and San Fernando Valley. And have created cost-effective IT solutions, for over 20 years, specializing in cybersecurity and regulatory compliance. I am also a published author and speaker, working extensively with a variety of organizations, as well as providing small business technology education programs through business and professional associations. This just in: I will be speaking regularly at California Lutheran University's Center for Nonprofit Leadership starting in September.
Contact me if you would like me to speak at your association.