Media Coverage

Shadowserver in the news

Ransomware Attacks Factor Honeypot

Duo Security, January 21, 2020

Me-Tech —a small prototyping company—was attacked several times over the space of seven months. The network was actually a honeypot consisting of real industrial control systems (ICS) hardware and a mix of physical hosts and virtual machines, set up by Trend Micro Research to mimic the operations of a small factory. The researchers monitored the attacks against the honeypot to determine how “knowledgeable and imaginative” attackers had to be to compromise a manufacturing operation, and to monitor firsthand what kind of attacks manufacturing companies dealt with on a regular basis. The threats didn’t come from sophisticated state-sponsored groups, but rather cybercriminals intent on fraud and financial gain. The researchers identified scanning traffic from 9,452 unique IP addresses, of which 610 were linked to scanners such as ip-ip, Rapid 7, Shadow Server, Shodan, and ZoomEye

CAIDA Spoofer

CAIDA, January 14, 2020

Seeking to minimize Internet’s susceptibility to spoofed DDoS attacks, we are developing and supporting open-source software tools to assess and report on the deployment of source address validation (SAV) best anti-spoofing practices. This project includes applied research, software development, new data analytics, systems integration, operations and maintenance, and an interactive analysis and reporting service.

We generate a summary report on the current “state” of Internet IP source address spoofing/filtering using data from an active measurement tool. Since 2015 when UCSD/CAIDA took over development and support of the spoofer infrastructure, we’ve collected data from 7468 autonomous systems in 207 countries. More details and published results from our research are also available. The CAIDA IP Spoofer report is highlighted by ShadowServer.

ProgrammableWeb's Most Clicked, Shared and Talked About APIs of 2019: Security and Privacy

ProgrammableWeb, January 3, 2020

ProgrammableWeb present the full list of the Most Clicked, Shared and Talked About APIs of 2019 in Security and Privacy, that piqued the interest of our readers, followers, and editors. Shadowserver is a non-profit, watchdog group of security professionals that gather, track, and report on malware, botnet activity, and e-fraud. The Shadowserver API provides a lookup mechanism to test an executable file against a list of known software applications. The details are serialized in JSON for integration with your application.

IntelMQ – Framework to Collect and Process Security Feeds

SecTechno, January 3, 2020

IntelMQ is a solution for IT security teams (CERTs & CSIRTs, SOCs, abuse departments, etc.) for collecting and processing security feeds (such as log files) using a message queuing protocol. It’s a community driven initiative called IHAP (Incident Handling Automation Project) which was conceptually designed by European CERTs/CSIRTs during several InfoSec events. Its main goal is to give to incident responders an easy way to collect & process threat intelligence thus improving the incident handling processes of CERTs. Current supported feeds include: ShadowServer.

NASK institute gets EU grant for IoT security development

Telecompaper, December 23, 2019
Polish R&D institute NASK has received almost EUR 1.5 million in co-funding from the EU’s Connecting Europe Facility for the VARIoT (Vulnerability and Attack Repository for IoT) project. The project totals almost EUR 2 million, and the work is planned to last for three years, until June 2022. Shadowserver is a non-profit, watchdog group of security professionals that gather, track, and report on malware, botnet activity, and e-fraud.

US sanctions Russian cybercriminal group 'Evil Corp' over $100 million hack

CNN, December 5, 2019

The US Treasury Department announced new sanctions Thursday on a Russian-based cybercriminal organization called “Evil Corp” for using malware to steal more than $100 million from hundreds of banks and financial institutions. Specifically, Evil Corp used the malware known as Dridex to “infect computers and harvest login credentials from hundreds of banks and financial institutions in over 40 countries, causing more than $100 million in theft,” according to the Treasury Department.

US charges Russian 'Evil Corp' hackers with $100m banking scheme

The Guardian, December 5, 2019

US prosecutors have charged two members of a Russia-based hacking group that calls itself Evil Corp with masterminding a global banking fraud scheme that netted the unsubtly named gang more than $100m. In a statement, US treasury officials called Evil Corp “one of the biggest hacking groups ever”.

Evil Corp: US charges Russians over hacking attacks

BBC, December 5, 2019

US authorities have filed charges against two Russian nationals alleged to be running a global cyber crime organisation named Evil Corp. An indictment named Maksim Yakubets and Igor Turashev – who remain at large – as figures in a group which used malware to steal millions of dollars in more than 40 countries.

International law enforcement operation exposes the world’s most harmful cyber crime group

NCA, December 5, 2019

A Russian national who runs Evil Corp – the world’s most harmful cyber crime group that created and deployed malware causing financial losses totalling hundreds of millions of pounds in the UK alone – has been indicted in the United States following unprecedented collaboration between the NCA, the FBI and the National Cyber Security Centre.

Russian National Charged with Decade-Long Series of Hacking and Bank Fraud Offenses Resulting in Tens of Millions in Losses and Second Russian National Charged with Involvement in Deployment of “Bugat” Malware

DoJ, December 5, 2019

The United States of America, through its Departments of Justice and State, and the United Kingdom, through its National Crime Agency (NCA), today announced the unsealing of criminal charges in Pittsburgh, Pennsylvania, and Lincoln, Nebraska, against Maksim V. Yakubets, aka online moniker, “aqua,” 32, of Moscow, Russia, related to two separate international computer hacking and bank fraud schemes spanning from May 2009 to the present.  A second individual, Igor Turashev, 38, from Yoshkar-Ola, Russia, was also indicted in Pittsburgh for his role related to the “Bugat” malware conspiracy. The State Department, in partnership with the FBI, announced today a reward of up to $5 million under the Transnational Organized Crime Rewards Program for information leading to the arrest and/or conviction of Yakubets.  This represents the largest such reward offer for a cyber criminal to date.

Shadowserver uses cookies to gather analytics. This allows us to measure how the site is used and improve the experience for our users. For more information about cookies and how Shadowserver uses them, see our privacy policy. We need your consent to use cookies in this way on your device.