News & Insights

New MQTT IPv4 scans are now carried out daily as part of our efforts to expand our capability to enable the mapping of exposed IoT devices on the Internet. A new report - Open MQTT - is now shared in our free daily victim remediation reports to 107 National CSIRTs and 4600+ network owners. In particular, the report identifies accessible MQTT broker service that enable anonymous access. The work is being carried out as part of the EU CEF VARIoT (Vulnerability and Attack Repository for IoT) project.

Between May 2016 and April 2019, The Shadowserver Foundation participated in the SISSDEN EU Horizon 2020 project. The main goal of the project was to improve the cybersecurity posture of EU entities and end users through the development of situational awareness and sharing of actionable information. It exceeded KPIs, with 257 sensors in 59 countries, using 974 IP addresses across 119 ASNs and 383 unique /24 (Class C) networks, and collected 31TB of threat data. This blog post provides detail on Shadowserver's role in SISSDEN, including a 3 minute explainer video.

Breaking news: Shadowserver's malware repository now exceeds the One Billion Binaries milestone (and, spoiler alert - not everyone in the team is as excited by this news as some of us). We provide a little bit of history about the growth of our malware collection, and the some of the challenges we continue to face.

As you may remember, we recently moved data center. It took us a little longer than expected to bring everything back up. But it is all back up now. Tired but happy team!

Well, I hope everyone remembers last year when we moved successfully.  At that time we acquired a larger space and started the arduous process of negotiations on what will really happen to the new space and how the move will take place.

As we had previously stated, we are moving.  Or I should say we have moved.  It was a huge amount of effort by many of the team members.  A big thanks goes out to them all for the work, long hours, and back breaking exercise that no geek enjoys.

Well, as many of you know, we have always been kind of the underground heroes of the Internet.  We have scraped by with used gear, volunteers, and parts that fail often.  We have told stories about our failures and the tribulations of being a non-profit.  While none of that has really changed, we have finally gotten something nice.

After many years in our current datacenter, we've outgrown the space. We have found a new datacenter space nearby and have slowly been moving into it. We've reached a point where we have to shut everything down for a week to finish the migration.

As most of you may know The Shadowserver Foundation is a non-profit organization in both the US and in the EU.  We survive through donations, sponsorships, as well as project work to expand out what we are able to do.  We share our data for no cost with the direct network owners.  From our last few posts you can get an idea of how many drives we go through and the possible cost to maintain all the work that we have been doing.  We do not ask for credit, only the occasional support.

July of last year we had a little problem.  We had a lot of drives to dispose of and did so as inexpensively as possible via a drill press, a lot of time, and a lot of flying metal as we slowly destroyed stacks of drives one at a time.  Moving forward in time to today, we realized that our bins were once again full of drives, almost 1500 this time.  This adds up to almost three petabytes of storage in disks.  Knowing that it would take us days of drilling we sought out a faster solution, and here it is.