Duke Energy’s Third-Party Data Breach Affects 375,000 Customers Across 5 States

This week, the Alert Logic team highlights the Duke Energy Corp. Data Breach and how a Mirai Botnet Successor “Satori” is Expanding Rapidly. Read the full report to learn more and get access to the week’s Top Malicious IP addresses.

Data Breach

Duke Energy’s Third-Party Data Breach Affects 375,000 Customers Across 5 States

Nearly 375,000 Duke Energy Corp. customers were affected by a third-party data breach dating back to 2008. Duke Energy’s partner and payment processor is TIO Networks, in which Duke Energy makes up nearly 1.6 million of TIO’s customer base. This breach affects anyone who paid their bill in one of the 550 payment processing centers across North Carolina, Indiana, Ohio, Kentucky, and Florida.

Evidence was discovered during the TIO Networks acquisition with PayPal Holdings Inc back in July. Personal identifiable information (PII) in the incident includes names, addresses, electricity account numbers and banking information if payments were made by check. TIO Networks is sending out letters to notify those affected.

References:  Duke Energy vendor's hack may mean stolen customer bank info | Data breach affects 370,000 Duke Energy customers, 15 in Florida

Mitigation Strategies:

Malware

Mirai Botnet Successor “Satori” Infects Over 280,000 IP Addresses in 12 Hours

A new IoT botnet has emerged as the successor of last year’s infamous Mirai botnet. Dubbed by the Qihoo 360 Netlab researchers as "Satori", this botnet mutation acts as a IoT worm, using 2 exploits to attempt to connect to with devices on ports 37215 and 52869 instead of searching for vulnerable routers. Century Link's Chief Security Strategist Dale Drew explains that the botnet “has already infected 2 widely-used types of home routers, even when secured by strong passwords."

The botnet recently infected over 280,000 IP addresses in just 12 hours. Drew has warned “Satori’s operators could potentially launch an internet-crippling DDoS attack at any time.” Researchers are still gathering more information about the Satori botnet through tracked activities.

References: Satori botnet: Mirai successor awakens with zero-day powers and over 280,000 bots in 12 hours | IoT Botnet Satori Grows Rapidly Thanks to Zero-Day Flaw

Mitigation Strategies:

Security Insights

More Security Insights and Industry News

Check out our new blog posts, plus you can follow the blog on our social media outlets.

This Week's Suspicious IP Addresses

185.94.111.1 114.76.216.220
185.35.63.131 218.95.249.22
186.250.241.25 218.95.250.74

*IP addresses provided by Recorded Future.