News & Insights

Shadowserver has unexpectedly lost the financial support of our largest sponsor. We need to transition the impacted operations staff and move our data center by May 26th 2020. This is an extremely aggressive timeline. We urgently appeal to our constituents and the community to rally together, help save Shadowserver and help secure the Internet. Read the full story here.

Shadowserver has unexpectedly lost the financial support of our largest sponsor. We need to transition the impacted operations staff and move our data center by May 26th 2020. This is an extremely aggressive timeline. We urgently appeal to our constituents and the community to rally together, help save Shadowserver and help secure the Internet. Learn Shadowserver's background and how we evolved to become what we are today.

Shadowserver has unexpectedly lost the financial support of our largest sponsor. We need to transition the impacted operations staff and move our data center by May 26th 2020. This is an extremely aggressive timeline. We urgently appeal to our constituents and the community to rally together, help save Shadowserver and help secure the Internet. Learn more about how can you help Shadowserver and the community.

New MQTT IPv4 scans are now carried out daily as part of our efforts to expand our capability to enable the mapping of exposed IoT devices on the Internet. A new report - Open MQTT - is now shared in our free daily victim remediation reports to 107 National CSIRTs and 4600+ network owners. In particular, the report identifies accessible MQTT broker service that enable anonymous access. The work is being carried out as part of the EU CEF VARIoT (Vulnerability and Attack Repository for IoT) project.

Celebrating a particularly significant long term milestone - our 107th National CERT/CSIRT recently signed up for Shadowserver's free daily networking reporting service, which takes us to 136 countries and over 90% of the IPv4 Internet by IP space/ASN. This has finally changed our internal CERT reporting coverage map of Europe entirely green.

The Dridex botnet was sinkholed in October 2015 and the infected victims remediated via Shadowserver's free daily network reports. In December 2019, the US DoJ, FBI and UK NCA unsealed criminal charges against other actors alleged to be behind the Dridex botnet’s activities, via an organization self described as “Evil Corp”. This included a record US $5M FBI Most Wanted cyber criminal reward being offered.

Between May 2016 and April 2019, The Shadowserver Foundation participated in the SISSDEN EU Horizon 2020 project. The main goal of the project was to improve the cybersecurity posture of EU entities and end users through the development of situational awareness and sharing of actionable information. It exceeded KPIs, with 257 sensors in 59 countries, using 974 IP addresses across 119 ASNs and 383 unique /24 (Class C) networks, and collected 31TB of threat data. This blog post provides detail on Shadowserver's role in SISSDEN, including a 3 minute explainer video.

2019-06-02 - 0820 UTC-7 - It seems that the power company "accidentally" turned off all the power to the building where our data center resides for about 20 minutes.  This of course took everything out. 

After over a decade over operations, the Shadowserver Foundation finally launches a shiny new website. The new site hopefully better explains to the public our values, free services and constituents, and what we continue to do to improve the overall security of the Internet. Our team, focus and mission remain otherwise unchanged. But we may hopefully spare ourselves the occasional embarrassing question!

Shadowserver has been participating in an EU Horizon 2020 funded project called SISSDEN from May 2016 to April 2019. Multiple network report types have become available due to the deployment and operation of a new large scale distributed honeypot sensor network, as well as from other SISSDEN partner collected attack data sets. This data is available to subscribers via our free daily network remediation reports.