Media Coverage

Shadowserver in the news

Shadowserver is in danger of being shut down

digi.no, March 19, 2020

Not all the work done to prevent the internet from becoming too uncertain and lawless is equally well known. Many people contribute without seeking so much attention. Among these is Shadowserver. It is a small non-profit organization that, despite its size, plays an important role in internet security by providing key IT security players and many other businesses with free access to a huge collection of up-to-date data and malicious activity analytics on the Internet. Unfortunately, Shadowserver is now in danger of having to shut down significant parts business. Cisco has been the organization’s main sponsor, but the company can no longer fund them. The company has provided data center facilities (which) must be relocated to a new location by May 26 in order for operations to continue. The organization needs $ 2.1 million in donations by the end of March.

Shadowserver Foundation: Nonprofit IT security team needs donations

Heise, March 19, 2020

The Shadowserver team supports law enforcement agencies to stop cyber gangsters. Now they need timely (financial) help themselves. The free work of the Shadowserver Foundation is at risk. According to its own statements, the nonprofit organization needs a total of more than $ 2 million in 2020 – with $400,000 of these by mid-May for the relocation of its complete data center infrastructure. The Shadowserver team explains the reasons for the sudden need for money in a detailed call for donations.

The German BSI and its CERT association have also worked with the Shadowserver team on several occasions in the fight against cybercrime, for example in the destruction of the botnet infrastructure Avalanche .

The BSI appreciates the excellent and tireless work with which the Shadowserver Foundation has supported the international security community for many years. The data made available to network operators and national CERTs around the world on malware infections and system vulnerabilities is high-quality information Notification to those affected: If the Shadowserver infrastructure is actually shut down, it would be a black day for IT security” the BSI told Heise Security.

Skimmer May Have Put NutriBullet Customers' Card Data at Risk for Nearly a Month

Dark Reading, March 19, 2020

Blender maker is the latest victim of Magecart. Blender manufacturer NutriBullet on Wednesday said it had identified and removed malicious code on its website that allowed attackers to steal data from customers entering payment card information on it when purchasing products. Researchers at RiskIQ, working in concert with ShadowServer and Abuse.ch — two malware fighting nonprofits — instead took down the domain the attackers were using to store stolen credit card data.

How Microsoft Dismantled the Infamous Necurs Botnet

Wired, March 18, 2020
A years-long investigation and global cooperation disrupted one of the biggest botnets ever. At the height of its powers, Necurs was one of the most disruptive forces on the internet. A sort of Swiss Army botnet, over the years it has harnessed more than 9 million computers unwittingly under its control to send spam, distribute ransomware, attack financial institutions, and more. Last week, Microsoft pulled its plug. Necurs has been silent lately—its most recent significant activity petered out last March—but it still has 2 million infected systems awaiting its next command. By disrupting what remains of the botnet—in coordination with law enforcement and internet service providers across 35 countries, and with the help of cybersecurity firms like BitSight and ShadowServer—Microsoft has effectively prevented Necurs from rising again.

Botnet fighter Shadowserver in major financial difficulties

Security.NL, March 18, 2020

The Shadowserver Foundation, a non-profit foundation registered in the Netherlands and the United States that works to combat botnets and cybercrime, is in serious financial difficulties now that Cisco has withdrawn as a sponsor. The foundation collects large amounts of information about botnets, malware and other criminal networks and shares it with providers and government services, such as Computer Emergency Response Teams (CERTs). In recent years, the Shadowserver Foundation has played an important role in the roll-up of several large botnets. At the end of February, Cisco announced that it was discontinuing as the largest financial sponsor. As a result, the Shadowserver Foundation immediately lost four of the seven donated staff and the other three employees will stop on May 26. Shadowserver also has to move the entire American data center infrastructure to a new location before May 26. Therefore, without immediate help, Shadowserver will have to stop offering the most important services, including free network reports with information about infected systems.

Hackers hit NutriBullet website with credit card-stealing malware

TechCrunch, March 18, 2020

According to new research by security firm RiskIQ, hackers broke into the blender maker’s website several times over the past two months, injected malicious credit card-skimming malware on its payment pages and siphoned off the credit card numbers and other personal data — like names, billing addresses, expiry dates and card verification values — of unsuspecting blender buyers.

The data was scraped and sent to a third-party server operated by the attackers. The stolen credit card data is then sold to buyers on dark web marketplaces. With the help of security outfits AbuseCH and Shadowserver, RiskIQ began efforts to take down the malicious domain that the hackers were using to send stolen credit card numbers.

The Shadowserver Foundation urgently needs financial help

CERT.at, March 17, 2020

The Shadowserver Foundation is not only the largest source of threat intelligence worldwide, it is also by far the most important source of information for CERT.at on topics such as malware infections, vulnerable systems, etc. in Austria . The Shadowserver Foundation provides 107 national CERTs / CSIRTs in 136 countries with valuable information on problems in their respective areas of influence. The quality of the data provided in this way is far higher than that of most others, although it is provided completely free of charge. In February, Cisco Systems surprisingly announced that they were no longer able to sustain the Shadowserver Foundation and gave notice they must urgently move their entire data center to a different location. That cost far exceeds the liquidity of this NPO. If you still have budget left in your company, this is surely one of the best ways to use it – the entire Internet will thank you.

Shadowserver, a nonprofit that helps protect the internet from botnets, is in grave danger of going under

INPUT Magazine, March 17, 2020

The internet has a lot of underlying infrastructure most of us seldom give much thought to, but which is essential to keeping it working… and working properly. One of those seldom-seen, essential services that works tirelessly to keep things running smoothly is a nonprofit called Shadowserver . The reason you’re hearing about it now? Shadowserver is about to lose its main source of funding. Shadowserver’s key function is running honeypots and sinkholes, which trick botnets into directing all of their traffic into a black hole rather than to an actual website. Shadowserver sinkholes five million infected machines every day. Without it, who knows where the malicious traffic they generate will end up, or what it’ll do to the usability of the internet. But Shadowserver are losing the funding from their primary supporter and it needs $1.7 million to make it through the rest of 2020. Perhaps that’s the one downside of being such a quiet, inconspicuous company is that few have heard of it, and even fewer understand why it matters. Being distracted by a pandemic, though, can’t be helping matters either. Shadowserver’s never wanted the limelight, but now for all of our sakes it needs as much as it can get.

European Parliament - Parliamentary Question: A serious blow to internet security - the possible disappearance of Shadowserver – assistance needed

European Parliament, March 17, 2020

There is a danger that financial support for the independent non-profit organisation Shadowserver may soon vanish. Shadowserver is a crucial link in efforts to combat internet crime. Shadowserver analyses malware and botnets, issues warnings free of charge to national CERTs and providers concerning victims who have been infected within their networks, and prevents abuse and wrongly configured or compromised hardware. The organisation’s US branch is losing its principal sponsors, and the European branch too may in due course lose its funding. The organisation is therefore urgently seeking new, reliable sources of income to enable the existing function to be maintained while preserving its independence. (1) In view of the important role that Shadowserver plays for society and the disastrous impact on European online security if the organisation were to cease to exist, the EU should consider ways of allowing that role to continue to be played. Will the Commission provide support without delay in the form of funding (even indirect), fund-raising, subsidies, etc. to ensure that Shadowserver does not go bankrupt and can continue its independent work?

The Web’s Bot Containment Unit Needs Your Help

Brian Krebs, March 16, 2020

Anyone who’s seen the 1984 hit movie Ghostbusters likely recalls the pivotal scene where a government bureaucrat orders the shutdown of the ghost containment unit, effectively unleashing a pent-up phantom menace on New York City. Now, something similar is in danger of happening in cyberspace: Shadowserver.org, an all-volunteer nonprofit organization that works to help Internet service providers (ISPs) identify and quarantine malware infections and botnets, has lost its longtime primary source of funding.

Shadowserver has time and again been the trusted partner when national law enforcement agencies needed someone to manage the technical side of things while people with guns and badges seized hard drives at the affected ISPs and hosting providers.

Anyone interested in supporting that migration effort can do so directly here; Shadowserver’s contact page is here.