IT disaster recovery, cloud computing and information security news

The Sunburst backdoor attack, which was publicly announced on December 13th, 2020, is still keeping researchers on edge as they untangle the true scale and the interests of the actor behind this supply chain attack. While the official confirmed number of affected users amounts to 18,000, there is limited information about what kind of organizations used the backdoored SolarWinds versions and fell victim to the attack. To answer this question, Kaspersky ICS CERT researchers assessed internal and publicly available information and defined which industries have been affected the most.

Through analysis of all available decoded internal domain names obtained from DNS names generated by the SunBurst DomainName Generation Algorithm, the researchers were able to compile a list of nearly 2000 readable and attributable domains. From these, the overall percentage of industrial organizations among all organizations on the list is estimated at 32.4 percent with manufacturing having been hit the most (18.11 percent of all victims), followed by utilities (3.24 percent) and construction (3.03 percent). Transportation and logistics (2.97 percent), as well as oil & gas (1.35 percent) industries concluded the list of top-5 industries affected. This data correlates with Kaspersky’s analysis of its affected customers and the industries they belong to.

The geographical distribution of the industrial organizations is broad and includes the following countries and territories: Benin, Canada, Chile, Djibouti, Indonesia, Iran, Malaysia, Mexico, the Netherlands, the Philippines, Portugal, Russia, Saudi Arabia, Taiwan, Uganda, and the USA.

“The SolarWinds software is highly integrated into many systems around the globe in different industries and, as a result, the scale of the Sunburst attack is unparalleled – a lot of organizations that had been affected might have not been of interest to the attackers initially. While we do not have evidence of a second-stage attack among  these victims, we should not rule out the possibility that it may come in the future. Therefore, it is crucial for organizations that may be victims of the attack to rule out the infection and make sure they have the right incident response procedures in place,” comments Maria Garnaeva, senior security researcher at Kaspersky.

Read the full report on this research here.

Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.