HOME

TheInfoList



Click Here for Items Related To - Shadowserver
OR:
Shadowserver on:   [Wikipedia]   [Google]   [Amazon]

Shadowserver Foundation is a nonprofit security organization that gathers and analyzes data on malicious Internet activity (including
malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, de ...
,
botnets A botnet is a group of Internet-connected devices, each of which runs one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its conn ...
, and
computer fraud Computer fraud is a cybercrime and the act of using a computer to take or alter electronic data, or to gain unlawful use of a computer or system. In the United States, computer fraud is specifically proscribed by the Computer Fraud and Abuse Act, ...
), sends daily network reports to subscribers, and works with law enforcement organizations around the world in
cybercrime A cybercrime is a crime that involves a computer or a computer network.Moore, R. (2005) "Cyber crime: Investigating High-Technology Computer Crime," Cleveland, Mississippi: Anderson Publishing. The computer may have been used in committing t ...
investigations. Established in 2004 as a "volunteer watchdog group," it liaises with national governments, CSIRTs, network providers, academic institutions, financial institutions,
Fortune 500 companies The ''Fortune'' 500 is an annual list compiled and published by '' Fortune'' magazine that ranks 500 of the largest United States corporations by total revenue for their respective fiscal years. The list includes publicly held companies, along ...
, and
end users In product development, an end user (sometimes end-user) is a person who ultimately uses or is intended to ultimately use a product. The end user stands in contrast to users who support or maintain the product, such as sysops, system administrato ...
to improve Internet security, enhance product capability, advance research, and dismantle criminal infrastructure.


Funding

In early 2020,
Cisco Cisco Systems, Inc., commonly known as Cisco, is an American-based multinational corporation, multinational digital communications technology conglomerate (company), conglomerate corporation headquartered in San Jose, California. Cisco develo ...
, which has been the primary funder for 15 years, announced they would be withdrawing their funding. In late May 2020 it was announced that the Shadowserver Foundation had received funding from various sources to enable “the group to continue in a more sustainable way without becoming dependent on a single backer again.”


Activities


Data collection

Shadowserver scans the
IPv4 Internet Internet Protocol version 4 (IPv4) is the fourth version of the Internet Protocol (IP). It is one of the core protocols of standards-based internetworking methods in the Internet and other packet-switched networks. IPv4 was the first version d ...
45 times per day. It harvests data on malware, spam, bots, and botnets using large-scale sensor networks of honeypots and honeyclients placed throughout the world. It uses
sinkholes A sinkhole is a depression or hole in the ground caused by some form of collapse of the surface layer. The term is sometimes used to refer to doline, enclosed depressions that are locally also known as ''vrtače'' and shakeholes, and to openi ...
to collect data on bots and DDOS attacks. It also receives additional malware and sinkhole data from governments, industry partners, and law enforcement agencies that have established reciprocal data-sharing agreements with Shadowserver.


Data analysis

Shadowserver stores raw malware data permanently in its repository. As new data are collected, Shadowserver analyzes them using thousands of virtual sandboxes and hundreds of iron sandboxes. It regularly re-analyzes raw data previously collected. The results of these analyses are stored in the organization's analysis cluster.


Network reporting

Shadowserver sends free daily network reports to users who have subscribed to them. The reports contain all the data that Shadowserver has collected and analyzed about any suspicious activity it was able to detect within the specific networks or regions for which the subscriber is responsible. For example, a national government might receive data aggregated by geo-spatial coordinates defined by latitude and longitude, while an international network provider might receive data filtered by ASN.


Investigation support

Shadowserver liaises with security organizations, national governments, and CSIRTs to dismantle global cybercrime networks; for example, it worked with the
FBI The Federal Bureau of Investigation (FBI) is the domestic intelligence and security service of the United States and its principal federal law enforcement agency. Operating under the jurisdiction of the United States Department of Justice, t ...
, Europol, and
Interpol The International Criminal Police Organization (ICPO; french: link=no, Organisation internationale de police criminelle), commonly known as Interpol ( , ), is an international organization that facilitates worldwide police cooperation and cr ...
to take down the Avalanche network in 2016. It also helps law enforcement partners to develop strategies against cyber security threats and to mitigate threats as they emerge, focusing on cases that involve criminal abuse of the Internet’s infrastructure.


References


External links

* {{Official website Computer security organizations