Cyware Daily Threat Intelligence October 24, 2018

Share Blog post

Top Malware Reported in the Last 24 Hours

Ramnit malware
The prolific Ramnit banking trojan is now being distributed by a new malware downloader called sLoad. The malware downloader is capable of gathering system information such as a list of the processes running, and whether Outlook and Citrix-related files are present on the system. sLoad can also take screenshots and check the DNS cache for specific domains, and load external binaries. The new campaign has targeted Canada, Italy and the UK. 

Triton malware
The powerful Triton malware, which was first discovered in 2017 targeting industrial control systems, has been linked to a Moscow-based research facility. Researchers discovered that the TRITON deployment was carried out by the Central Scientific Research Institute of Chemistry and Mechanics (CNIIHM). Triton was previously used to target a Saudi petrochemical plant, which had to temporarily shut down after the malware almost caused an explosion. 

Top Breaches Reported in the Last 24 Hours

Pocket iNet
The Washington-based Internet service provider Pocket iNet inadvertently exposed 93GB of sensitive data online. The ISP leaked data such as passwords, sensitive files, and network schematics. The data was stored in an S3 bucket that contained no passwords. The database also contained the password information of firewalls, wireless points, and switches. It included a list of the priority customers of the company. The exposed data is believed to have been publicly available for six months.

Adult sites hacked
A database belonging to the adult site Wife Lovers was hacked and around 1.2 million users' email addresses were exposed. The database was protected by an easy-to-crack and outdated hashing technique known as ‘DEScrypt algorithm’. Wife Lovers was one of eight adult websites that relied on the database in question. All of these adult sites were compromised thanks to an attack on the 98MB database. Exposed information includes email addresses, IDs, IP addresses used to register on the sites, and encrypted passwords.

 Tags

ramnit banking trojan
data breaches
sload downloader
triton malware
data leak
pocket inet

Posted on: October 24, 2018

Get the Daily Threat Briefing delivered to your email!



More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.



Join Thousands of Other Cyware Followers!