Qilin ransomware gang ramps up attacks

Attacks by the Qilin ransomware gang have escalated, with the group exploiting vulnerable VPN appliances and management interfaces to mostly compromise small and mid-sized businesses across the healthcare, finance, and construction industries, reports Infosecurity Magazine.

Qilin has also ventured to expand its operations by adopting a ransomware-as-a-service model for the last two years, with multiple Scattered Spider hacking group affiliates observed to have utilized its RaaS platform, according to findings from S-RM.

Telegram, WikiLeaksV2, and other public websites have also been tapped for extortion by Qilin, whose intrusions mostly involved data exfiltration and file encryption. Organizations have been advised to improve defenses through regular VPN and remote access device patching, universal multi-factor authentication, restricted management interface exposure, and network segmentation.

"[Qilin] doesn't always grab headlines, but it's increasingly being used by other threat groups, including Scattered Spider [...]. That makes attribution harder and defense even more complex," said S-RM Head of Cybersecurity UK Ted Cowell.