News & Insights

Topic: Statistics

Open MQTT Report - Expanding the Hunt for Vulnerable IoT devices

March 15, 2020
New MQTT IPv4 scans are now carried out daily as part of our efforts to expand our capability to enable the mapping of exposed IoT devices on the Internet. A new report - Open MQTT - is now shared in our free daily victim remediation reports to 107 National CSIRTs and 4600+ network owners. In particular, the report identifies accessible MQTT broker service that enable anonymous access. The work is being carried out as part of the EU CEF VARIoT (Vulnerability and Attack Repository for IoT) project.

Beyond the SISSDEN event horizon

October 1, 2019
Between May 2016 and April 2019, The Shadowserver Foundation participated in the SISSDEN EU Horizon 2020 project. The main goal of the project was to improve the cybersecurity posture of EU entities and end users through the development of situational awareness and sharing of actionable information. It exceeded KPIs, with 257 sensors in 59 countries, using 974 IP addresses across 119 ASNs and 383 unique /24 (Class C) networks, and collected 31TB of threat data. This blog post provides detail on Shadowserver's role in SISSDEN, including a 3 minute explainer video.

One Billion Binaries

December 10, 2018
Breaking news: Shadowserver's malware repository now exceeds the One Billion Binaries milestone (and, spoiler alert - not everyone in the team is as excited by this news as some of us). We provide a little bit of history about the growth of our malware collection, and the some of the challenges we continue to face.

Of Data Sharing and Statistics Being Removed

June 9, 2016
As most of you may know The Shadowserver Foundation is a non-profit organization in both the US and in the EU.  We survive through donations, sponsorships, as well as project work to expand out what we are able to do.  We share our data for no cost with the direct network owners.  From our last few posts you can get an idea of how many drives we go through and the possible cost to maintain all the work that we have been doing.  We do not ask for credit, only the occasional support.

Of Scannings and Statistics

August 22, 2014
We have been engaged in scanning of the internet for its better health for over a year (we started with a few, then grew to a dozen).  The decreases in abusable systems has dropped significantly in several areas.  We have also had an inadvertent effect of identifying networking misconfiguration on many networks which has helped improve the stability and security of those organizations.

The scannings will continue until the Internet improves

March 28, 2014
The news and our networks have been full of articles and packets related to the different UDP amplification attacks that have been ongoing.  We and several other researchers have been looking at this problem for a while and while there are not any easy solutions we can at least make network owners more aware of the issues that we can see on their networks from the outside. This has led to some interesting results, most of which are not pleasant.

Surprise! You have ntp!

March 26, 2014
Shadowserver added a new set of reports to all of those who have signed up to receive information about their networks.  The report is the culmination of months of work figuring out how to reliably scan the Internet for potential Distributed Denial of Service (DDoS) amplification.