Cyware Daily Threat Intelligence October 24, 2018

The prolific Ramnit banking trojan is now being distributed by a new malware downloader called sLoad. The malware downloader is capable of gathering system information such as a list of the processes running, and whether Outlook and Citrix-related files are present on the system. sLoad can also take screenshots and check the DNS cache for specific domains, and load external binaries. The new campaign has targeted Canada, Italy and the UK. 

The powerful Triton malware, which was first discovered in 2017 targeting industrial control systems, has been linked to a Moscow-based research facility. Researchers discovered that the TRITON deployment was carried out by the Central Scientific Research Institute of Chemistry and Mechanics (CNIIHM). Triton was previously used to target a Saudi petrochemical plant, which had to temporarily shut down after the malware almost caused an explosion. 

The Washington-based Internet service provider Pocket iNet inadvertently exposed 93GB of sensitive data online. The ISP leaked data such as passwords, sensitive files, and network schematics. The data was stored in an S3 bucket that contained no passwords. The database also contained the password information of firewalls, wireless points, and switches. It included a list of the priority customers of the company. The exposed data is believed to have been publicly available for six months.

A database belonging to the adult site Wife Lovers was hacked and around 1.2 million users' email addresses were exposed. The database was protected by an easy-to-crack and outdated hashing technique known as ‘DEScrypt algorithm’. Wife Lovers was one of eight adult websites that relied on the database in question. All of these adult sites were compromised thanks to an attack on the 98MB database. Exposed information includes email addresses, IDs, IP addresses used to register on the sites, and encrypted passwords.