security.nl, September 9, 2022
The Shadowserver Foundation has launched a new dashboard with “threat data”. The dashboard provides information about honeypots, DDoS attacks, brute force attempts, sinkholes, online scans and vulnerable systems. Shadowserver collects large amounts of information about botnets, malware and other criminal networks and shares it with providers and government services, such as Computer Emergency Response Teams (CERTs). In recent years, the Shadowserver Foundation has played an important role in the take-down of several large botnets. Every day, the organization scans four billion IP addresses for possible abuse and analyzes more than 700,000 malware copies. That information is now partly shared via the dashboard. For example, it appears that in the Netherlands seven thousand infected systems connect to a “sinkhole”. Traffic from an infected machine is redirected to a server of, for example, a security company, authority or provider, in order to prevent further damage and identify infected machines. There is also an overview of vulnerable Zimbra servers. There are still about three hundred of these in the Netherlands. Via the new dashboard, which is financed with money from the British government, it is possible to follow certain trends or compare figures from countries. Shadowserver hopes the data from the dashboard can help security researchers, policy makers, journalists, computer security incident response teams (CSIRTs), and others research and raise awareness about cyber threats.