Media Coverage

Shadowserver in the news

UK law enforcement helps protect networks from cyber crime

CyberAware, March 2, 2018

This week the National Crime Agency (NCA), the police, and a range of partners across industry and the public sector are providing help to the public and small businesses in guarding against cybercrime. The NCA is producing customised intelligence reports in conjunction with  the UK’s Computer Emergency Response Team (CERT-UK) and the Shadowserver Foundation to be distributed by regional police forces to local businesses. These reports will inform businesses of the threats on their systems and how to subscribe to live threat update feeds.

Powerful New DDoS Method Adds Extortion

Brian Krebs, March 2, 2018

Attackers have seized on a relatively new method for executing distributed denial-of-service (DDoS) attacks of unprecedented disruptive power, using it to launch record-breaking DDoS assaults over the past week. Now evidence suggests this novel attack method is fueling digital shakedowns in which victims are asked to pay a ransom to call off crippling cyberattacks. Here’s the world at-a-glance, from our friends at

memcached on port 11211 UDP & TCP being exploited

Senki, February 28, 2018

As of 2018-03-17 ( Morning Update), more attack using the memcached reflection vector have been unleashed on the Internet. As shared by  Akamai Technologies “memcached-fueled 1.3 Tbps Attacks,” the application factors are “Internet Impacting.” Mitigation and Remediation Efforts are reducing the number of potential memcached reflectors. Please keep up the good work.

Using the DNS Resolver to Protect Networks

Senki, February 11, 2018

Your staff took every security precaution and still got infected! The infection was quickly caught (thanks to public benefit “outside in” – 3rd party monitoring). Yet, the lost time, productivity, and cost (hard drives being replaced) is not what your organization needs. What if there was a way to use the DNS infrastructure for something more than an address to name translation tool?

Cryptocurrency Miners Crash Malware 'Top 10'

Bank InfoSecurity, February 2, 2018

Several security companies this week released new research into how hijacking computers is turning real profits for cybercriminals. In fact, three cryptocurrency mining applications – Coinhive, Crytoloot and Rocks – are now among the top 10 malware families even though the code itself isn’t malware, according to Check Point Software. The company estimates that 55 percent of businesses have been affected by cryptocurrency mining applications.

Open Source Threat Intelligence Feeds

Senki, January 15, 2018

The community of open source threat intelligence feeds has grown over time. We have new sources being offered all the time. Many companies offer freemium services to entice the usage of their paid services.  There are community projects which aggregate data from new sources of threat intelligence. We also have an emerging market of companies who pull all this and other data into Threat Intelligence solutions. Finally, there are security companies who offer their threat intelligence as a community service. The result is a massive amount of information.  The following is maintained for the participants of the Operator’s Security Toolkit program.

FBI in Alaska just thanked Qihoo 360 for helping combat cyber crime

TechNode, December 14, 2017

FBI Anchorage in Alaska just showed its appreciation on Twitter to Qihoo 360, the leading Chinese cybersecurity company providing anti-virus solutions, for its role in cracking three local cyber crime cases involving significant DDOS attacks. Local FBI has tweeted out an appreciation note, saying that “#FBIAnchorage would like to thank our business partners in this case: 360.CN, AT&T, Dyn, Paterva, Paypal and ShadowServer.”

BrickerBot Author Retires Claiming to Have Bricked over 10 Million IoT Devices

Bleeping Computer, December 11, 2017

The author of the BrickerBot malware has announced his retirement in an email to Bleeping Computer, also claiming to have bricked over 10 million devices since he started the “Internet Chemotherapy” project in November 2016.

Global law enforcement operation decimates giant Andromeda botnet

SC Magazine, December 5, 2017

An international contingent of law-enforcement agencies on Friday dismantled the massive Andromeda malware botnet, sinkholing around 1,500 malicious domains and arresting a suspect in Belarus.

Andromeda Botnet Shut Down

PC Mag, December 4, 2017

Andromeda has been active at least since 2011, and was notorious for infecting computers around the globe to form a botnet. With the help of partners—including the FBI, Microsoft, and others—Europol intercepted the internet traffic between Andromeda-infected computers and the command servers to which the malware was communicating. All that traffic was then “sinkholed” and redirected to servers under the investigators’ control, giving law enforcement a detailed view of the malware’s activities. “Andromeda was also sometimes used to download up to 80 other malware families onto infected victim computers,” according to The Shadowserver Foundation, a group of security experts that also helped dismantle the Andromeda botnet.