1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Watch out Google Chrome details can be stolen by this clever new

    From TechnologyDaily@1337:1/100 to All on Fri Aug 23 13:15:04 2024
    Watch out Google Chrome details can be stolen by this clever new ransomware

    Date:
    Fri, 23 Aug 2024 13:03:00 +0000

    Description:
    Qlin ransomware attack could have been avoided with password managers and MFA.

    FULL STORY ======================================================================

    The Qilin ransomware variant has been spotted successfully exfiltrating sensitive data stored in the Google Chrome browser .

    In its writeup , researchers from Sophos revealed how a criminal group used previously compromised credentials to enter the IT infrastructure of an unnamed organization. The credentials were for a Virtual Private Network
    (VPN) portal, which lacked multi-factor authentication (MFA), and as such was relatively easy to access.

    It is unknown if the initial breach was made by an Initial Access Broker
    (IAB) and then handed over to the ransomware operators, or if it was all done by a single organization. En masse credential theft

    In any case, the group dwelled for more than two weeks (18 days) before
    moving laterally to a domain controller using the compromised credentials. While the crooks were spotted on a single domain controller within their targets Active Directory domain, other domain controllers in that AD domain were infected, the researchers concluded. They were, however, affected differently.

    Qilin is a classic ransomware operation that engages in the usual double-extortion attack - it first steals as much information as possible, before encrypting the compromised device and asking for payment in exchange for the decryption key. However, what makes this operation relatively unique, the researchers claim, is the way it targets Google Chrome.

    During a recent investigation of a Qilin ransomware breach, the Sophos X-Ops team identified attacker activity leading to en masse theft of credentials stored in Google Chrome browsers on a subset of the networks endpoints a credential-harvesting technique with potential implications far beyond the original victims organization, the researchers explained. This is an unusual tactic, and one that could be a bonus multiplier for the chaos already inherent in ransomware situations.

    In other words, Qilin would harvest the credentials saved in Chrome browsers on machines connected to the same network as the initially compromised one.

    Cybercriminals continue to evolve their tactics, Sophos concluded, stressing that organizations need to rely on password managers more, and make sure to enable MFA wherever possible, to minimize the chances of falling prey. More from TechRadar Pro Russia-linked Qilin group says it was responsible for London hospitals cyberattack Here's a list of the best firewall software around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/google-chrome-details-can-be-stolen-by- this-clever-new-ransomware


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)