News & Insights

We have recently enabled a new IPv4 Internet-wide scan and report for accessible Radmin services on port 4899/TCP. Radmin is a remote access software product commonly in use today. Our daily scans uncover around 50,000 accessible Radmin services on port 4899/TCP. While Radmin is in general considered a secure mechanism for remote access, care should be taken as with all similar types of services to ensure no misconfiguration has taken place.

We have enabled a new scan for exposed CoAP (Constrained Application Protocol) devices on port 5683/UDP. The scan has uncovered around 460 000 exposed CoAP services that can be potentially abused for CoAP amplification DDoS attacks. These services may also leak information or expose other vulnerabilities. This is the third IoT scan implemented as part of the EU CEF VARIoT project.

We have enabled a new scan dedicated to finding open IPP (Internet Printing Protocol) devices exposed on port 631/TCP. The roughly 80,000 devices uncovered as a result of the scan have connected to the Internet without adequate access controls or authorization mechanisms in place. This could allow for a potential range of different types of attacks, from information disclosure and service disruption/tampering, to, in some cases, remote command execution. Results of the scan are collected in the new Open IPP report. This is the second scan enabled under the EU CEF VARIoT project.

Another fundraising update: fellow not-for-profit organisation The Internet Society (ISOC) has very generously provided $400,000 to support our data center move and the continuing operation of Shadowserver’s public benefit services. We thank you ISOC! Getting closer to our urgent 2020 target and can achieve it with the continued help of the community.

An update on progress towards our urgent 2020 fundraising target. Long term partner in fighting cybercrime Trend Micro has very generously committed $600,000 to support Shadowserver’s public benefit services ($200,000 per year for three years). Thank you very much Trend!

As planned, we have spent all of April talking to potential hosting and colocation providers about providing space for our new Shadowserver data center, including following up with everyone who had already contacted us to offer assistance. We have completed the review of all of our options and have signed a contract for a new home for our Data Center.

This blog is the first in a series in which we will take a look at different world regions in order to demonstrate what taking a more holistic view of our data can reveal - starting with the African continent. The derived insight helps us better drive our outreach activities and hopefully allows National CSIRTs in the region, as well as numerous other authorities/partners and private enterprises, to enhance their incident response coordination and share information from our public benefit victim remediation network reports with local communities in a more effective manner.

Shadowserver urgently needs to move our current data center by August 2020. We are blogging our data center requirements for hosting and colocation providers, or other companies who might be able to help provide a new home for our public benefit services for the global Internet. Please reach out and get in touch if you can help.

The original deadline for Shadowserver to move our data center has been extended from May 26th to August 31st 2020, due to the worsening COVID-19 pandemic and Silicon Valley 'Shelter in Place' lockdowns. This extension provides us with some much needed additional time to continue raising funding for our 2020 operations, such as the recently received donation from cryptocurrency exchange BitMEX.

Our first status update on the critical initial milestone in Shadowserver's urgent 2020 funding challenge. Great progress from our awesome community, with particular thanks to philanthropist Craig Newmark, but more help still needed to fully secure our data center operations in 2020. Join with us to continue protecting victims of cybercrime and help protect the Internet.