News & Insights

Whelp, there it happens again.  It seems that our filters blew up again and everyone is receiving a much larger set of data than normal.

Our goal as always has been to get data about infected, compromised or abuse-able hosts to the network owners as efficiently as possible.  The most consistent and effective vehicle for that is using National CERT's.  In many ways they are the gateway to the rest of the networks of a country.

We have been engaged in scanning of the internet for its better health for over a year (we started with a few, then grew to a dozen).  The decreases in abusable systems has dropped significantly in several areas.  We have also had an inadvertent effect of identifying networking misconfiguration on many networks which has helped improve the stability and security of those organizations.

On Monday June 2nd 2014, the US Department of Justice announced an ongoing operation to take down the infamous Gameover Zeus and CryptoLocker cybercrimal botnet infrastructures. "Operation Tovar" is a joint effort between international law enforcement agencies, such as the FBI, UK NCA and Europol/EC3, plus multiple private partners.

While this has been communicated via e-mail to most of our report recipients, we wanted to make a quick note on our blog regarding the Open Resolver report that recently went out dated 2014-05-22. Please disregard the DNS openresolver data from this data. It lists all DNS servers, not only the ones that are open resolvers.

Reporting has been fixed and all data going out in the reports again.

The news and our networks have been full of articles and packets related to the different UDP amplification attacks that have been ongoing.  We and several other researchers have been looking at this problem for a while and while there are not any easy solutions we can at least make network owners more aware of the issues that we can see on their networks from the outside. This has led to some interesting results, most of which are not pleasant.

Shadowserver added a new set of reports to all of those who have signed up to receive information about their networks.  The report is the culmination of months of work figuring out how to reliably scan the Internet for potential Distributed Denial of Service (DDoS) amplification.

One of our core missions is to provide actionable data to network owners and researchers. Given this mission, we are constantly on the lookout for new and interesting ways to deliver our data and we are now pleased to announce that we have published a Maltego transform compatible with the Malformity Project.

At Shadowserver we have observed cyber threat actors use strategic web compromise as an avenue to infect high-value victims. There are a number of ways that a threat actor can gain administrative access to a strategically important website.