Media Coverage

THE INTERNET SECURITY group Shadowserver has a vital behind-the-scenes role; it identifies online attacks and wrests control of the infrastructure behind them. In March, it learned that longtime corporate sponsor Cisco was ending its support. With just weeks to raise hundreds of thousands of dollars to move its data center out of Cisco’s facility—not to mention an additional $1.7 million to make it through the year—the organization was at real risk of extinction. Ten weeks later, Shadowserver has come a long way toward securing its financial future. On Wednesday, the IT security company Trend Micro will commit $600,000 to Shadowserver over three years, providing an important backbone to the organization’s fundraising efforts. The nonprofit Internet Society is also announcing a one-time donation of $400,000 to the organization.

Digital Realty has reached an agreement with The Shadowserver Foundation to support the foundation’s data centre infrastructure needs at Digital Realty’s facility in Oakland, California. The Shadowserver Foundation, a non-profit security organisation working to make the internet secure, launched a search for a data centre provider offering the footprint, connectivity and flexibility needed to support its growing collection, processing and analysis of critical internet security data that help businesses safeguard operations.

Digital Realty will be housing the non-profit Internet security analysts The Shadowserver Foundation at its Oakland data center, California. The Foundation had been looking for a new data center that could support its growing storage needs and allow it to be “independent”. By locating at the data center, Shadowserver will have easier access to Silicon Valley and enjoy enough space to support high-density deployments.

Digital Realty (NYSE: DLR), a leading global provider of data center, colocation and interconnection solutions, announced today it has reached an agreement with The Shadowserver Foundation to support the foundation’s data center infrastructure needs at Digital Realty’s facility in Oakland, California

Microsoft’s Remote Desktop Protocol (RDP) is used to remotely administer systems within Windows environments. RDP is everywhere Windows is and is useful for conducting remote work. Just like every other remote administration tool, RDP can be used for legitimate or malicious control of a computer and is used by administrators and attackers alike for command and control of a remote system. Financially motivated attackers aren’t the only classes of threat making use of RDP, however. RDP services are also a vector of attack for advanced offensive groups like APT39 and APT40. Discovered in January of 2020, the Trickbot malware family added a new module, rdpScanDll, giving the malware the capability of credential bruteforcing. Wormable exploits like BlueKeep, DejaBlue, and BlueGate plague RDP servers across the Internet. Shodan recently identified an increase in publicly exposed RDP services on the Internet, a measure which Shadowserver and Kaspersky also monitor.

The operations of the National Computer Security Incident Response Team of Cyprus (National CSIRT-CY) are vital for the secure functioning of the state and its economy. One of the most valuable operations of National CSIRT-CY which contributes greatly to proactive security is the processing of threat intelligence, daily reports and feeds received by external sources concerning current threats and malicious internet activity. One such external source is Shadowserver, a platform which provides valuable information and insights relating to emerging security threats. The main goal of the Shadowserver Foundation is to foster collaboration and to contribute to a culture in which the cybersecurity industry delivers ever greater service and capability. Shadowserver collaborates with major organizations such as Europol’s European Cybercrime Centre (EC3), Trend Micro, and the European Organization for Nuclear Research (CERN). Shadowserver is one of National CSIRT-CY’s primary threat intelligence sources. Close collaboration with the Shadowserver Foundation offers valuable operational intelligence enhancement. This puts National CSIRT-CY on the map of organizations and other entities which share the privilege of using Shadowserver’s services.

VictoryGate, a recently discovered botnet that infected about 35,000 devices with malware, has been disabled by researchers from security firm ESET. The botnet was designed to mine for the virtual currency monero, according to ESET analysts. It’s one of several recently discovered botnets that mine for cryptocurrencies other than bitcoin. The botnet mainly targeted victims in South America, with Peru accounting for about 90 percent of all infected endpoints, according to the report. ESET is working with No-IP and the nonprofit Shadowserver Foundation, which researches and tracks botnets, to notify victims and help clean devices of the VictoryGate malware.

ESET announced today that it took down a malware botnet that infected more than 35,000 computers. The botnet’s primary purpose was to infect victims with malware that mined the Monero cryptocurrency behind their backs. ESET reported and took down the botnet’s command and control (C&C) server and set up a fake one (called a sinkhole) to monitor and control the infected hosts. The company is now working with members of the Shadowserver Foundation to notify and disinfect all computers who connect to the sinkhole.

Security researchers have taken down a crypto-mining botnet that infected at least 35,000 devices and which is continuing to spread. The VictoryGate botnet mainly affects systems located in Latin America and particularly in Peru, where 90 percent of the infected machines are located. ESET was able to take down the botnet’s command and control servers and set up its own servers in their place, a technique called sinkholing. ESET said it is working with the Shadowserver Foundation to notify the owners of the affected systems and has made a tool available that removes the malware.

Do you want a repeat of Wanacry? Do you want an Internet Impacting Worm in the middle of the COVID-19 Crisis? All organizations can take two steps to minimize the risk of a potential Internet worm. First, they can deploy an access-list on the edge of their network that block TCP/UDP port 445. This can be part of your organization’s Exploitable Port Filtering. Second, organizations can monitor their network with Shadowserver’s Daily Network Report. This public benefit service provides an outside-in view of risk on your network. The Daily Network Reports provide a tool to reduce risk through action and then monitor the impact of that risk reduction. Both services are “no-cost.” Routers on the edge of the network can deploy Exploitable Port Filtering. Shadowserver’s Daily Network Report is a public benefit supported by organizations throughout the world.