In early 2020, Shadowserver unexpectedly lost a major sponsor. After working successfully behind the scenes as a non-profit organization (NPO) for 15 years, we found ourselves needing to move our entire data center at short notice, and facing a major funding gap. We had to take the unprecedented step of making a public call for urgent financial support, just as the world was going into COVID-19 lockdown.
Despite the terrible timing, many people and organizations quickly offered to assist. Due to their swift and generous financial support, Shadowserver was able to continue offering and expanding our free public benefit services to constituents, with minimal disruption.
Shadowserver’s mission is to provide a baseline of free, timely, actionable cyber threat Intelligence to raise the bar on Internet security for everyone. The financial support we received enabled us to continue playing our unique role in recent global cyber security incidents, including:
- Sinkholing the main and secondary command and control (C2) domains during the December 2020 Solarwinds SUNBURST supply chain incident and reporting out potentially infected victims
- Providing trusted victim notification channels for Law Enforcement partners, such as during the January 2021 Emotet botnet takedown or the February 2022 Cyclops Blink botnet disruption
- Reporting out Microsoft Exchange Servers compromised with webshells during the March 2021 HAFNIUM APT incident; then deploying large scale honeypots; and using internet-wide scanning to report out additional dropped webshells once the vulnerability was adopted by other cybercriminals
- Using our global honeypot sensor network to detect attempted exploitation of new vulnerabilities and track the payloads being dropped, such as in Log4j in December 2021
- Working with private industry partners to identify and quietly remediate a world record breaking reflective Distributed Denial of Service (DDoS) vulnerability during the Russian invasion of Ukraine in February 2022
- Continuing to sinkhole hundreds of different malware families infecting millions of unique IP addresses, and reporting that information to Internet defenders globally
- Expanding the breadth and depth of our daily Internet-wide scanning, including reporting of 18 exposed Industrial Control System/Operational Technology (ICS/OT) protocols, novel Middlebox DDOS amplification devices, exposed IoT and database services, enhanced device fingerprinting and adding one billion daily IPv6 “hitlist” addresses to our existing global IPv4 scans
- Introducing dozens of new daily data feeds about exposed attack surfaces, including IoT & ICS reports, honeypot-based Common Vulnerability and Exposures (CVE) tracking, malware C2 reports and DDoS reports
- Expanding daily feed coverage to over 7000 subscribers (such as ISPs, financial institutions, enterprises, SMEs, universities, schools, utilities, hospitals, etc.) and 201 National Computer Security Response Teams (CSIRTs) in 175 countries and territories – including adding new APIs for improved integration and focused outreach to Africa and the Indo-Pacific
We publicly recognized some of the awesome people and organizations for their support at the time. We would now like to take the opportunity to thank everyone who has provided financial assistance to Shadowserver during 2020 to 2022 – whether by direct donation/sponsorship, by requesting and paying voluntary invoices, or through funding specific projects and services. We – and the world – owe our continued operation to all of these generous benefactors.
On behalf of the entire team at Shadowserver, and all of our constituents, we want to recognize the essential financial support you have provided. We could not continue to serve the Internet defender community without your vision, leadership and generosity. Thank you all.
We look forward to continuing to work with you, and many more organizations and individuals, to make the Internet more secure together through our soon-to-be-announced Shadowserver Alliance. If you share Shadowserver’s belief in an open, secure, resilient Internet for all – please consider joining us and our existing supporters and become a Shadowserver Alliance founding Partner.