Connect with us

Tech News

New Qilin tactics a ‘bonus multiplier’ for ransomware chaos

Published

on

New Qilin tactics a ‘bonus multiplier’ for ransomware chaos

The Qilin ransomware gang, known for their high-stakes ransomware attacks, has taken their tactics to a new level by not only stealing data from their victims but also harvesting credentials stored within Google Chrome browsers on their endpoints. This unprecedented technique has raised concerns among cybersecurity experts, as it poses a significant threat to both targeted organizations and individuals.

In a recent incident uncovered by the Sophos X-Ops research team, Qilin targeted a domain controller within a victim’s Active Directory domain, using compromised credentials obtained from a VPN portal lacking multifactor authentication. The cybercriminals then executed a series of scripts to extract credential data stored within Chrome browsers on connected machines, ultimately exfiltrating sensitive information and encrypting the victim’s files.

With Chrome being the dominant browser in the market, the potential impact of such a breach is substantial, as users often store a multitude of passwords within the browser. The X-Ops team emphasized the importance of changing all Active Directory passwords and recommended that users also update their passwords for third-party sites stored in Chrome.

Ransomware gangs are constantly evolving their tactics, and the X-Ops team warned that Qilin’s shift towards credential theft could have broader implications for future cyberattacks. By targeting endpoint-stored credentials, threat actors could gain easier access to additional targets or valuable information for targeted attacks.

What do I do now?

Google’s Password Manager service offers convenience for users but may not provide the highest level of security. It is recommended to use a reputable password manager application that follows industry best practices and has been third-party tested for security.

See also  Cloud databases: Base jumping for the bigger picture

Implementing multifactor authentication (MFA) can significantly enhance security and prevent unauthorized access to systems. While MFA adoption is increasing among businesses, smaller enterprises should also prioritize this security measure to protect themselves and others from potential cyber threats.

It is crucial for businesses to improve their cybersecurity practices to safeguard against evolving cyber threats and protect sensitive information from malicious actors. Stay vigilant and proactive in addressing security vulnerabilities to prevent becoming a victim of cybercrime.

For further insights on this matter, Computer Weekly reached out to Google for comment but had not received a response at the time of publication.

Trending