Thanks to the generous support of the UK Foreign, Commonwealth & Development Office (FCDO), Shadowserver Team sannounce the launch of the new Shadowserver Public Dashboard:https://dashboard.shadowserver.orgShadowserver’s New Public Dashboard

The new Dashboard lets you explore some of the many facets of Internet-scale data sets and learn more about how Shadowserver sees the state of cyber security globally, over a rolling period of the last two years. The Dashboard is based on aggregated country level data – no individual IP addresses or personally identifying information (PII) is included.

You can use the Dashboard to start with a global view, and then drill down into observations about a particular threat, or to compare statistics about two countries side by side. Initial filters for Sinkhole, Scan, Honeypot, Distributed Denial of Service (DDoS) and Industrial Control System / Operational Technology (ICS/OT) based data sets are included on the left navigation menu of the home page. There are various forms of data visualization available through the top navigation menu, such as time series graphs, world maps, region maps, treemaps and bubblecharts/tagclouds. Each data visualization should generate a unique URL for your query, so you can share links that easily recreate the same information and presentation style for others to view too, or for when you return to drill down further.

Shadowserver’s New Public Dashboard

The ambition behind the new Dashboard is to empower security researchers, National CSIRTs, policy makers, journalists in the news media and other interested parties to use Shadowserver’s unique vantage point and extensive aggregated data sets as a public resource to help drive forward research and raise greater awareness of cyber security threats. With attribution, you can freely use the Dashboard for research purposes and to inform policy making, or to educate the public through news articles, but you are not permitted to scrape or resell the data. Please contact us if you have questions about licensing.

To illustrate some of the new capabilities and data sets, here are some examples:

1) The impressive impact of the Emotet botnet takedown on the number of daily infected unique victim IP addresses in March 2021:

https://dashboard.shadowserver.org/statistics/combined/time-series/?date_range=other&d1=2021-03-25&d2=2021-06-10&source=sinkhole%2Bsinkhole6&tag=emotet&style=stacked

Shadowserver’s New Public Dashboard

The distribution of infected Emotet victim IP addresses by country at the point of initial sinkholing:

https://dashboard.shadowserver.org/statistics/combined/visualisation/?date_range=other&d1=2021-03-25&d2=2021-03-26&source=sinkhole%2Bsinkhole6&tag=emotet&dataset=unique_ips&group_by=geo&count_as=avg&style=bubble_diagram

Shadowserver’s New Public Dashboard

2) Good news! The amount of exposed Zimbra Collaboration Suite instances vulnerable to CVE-2022-27925 / CVE-2022-37042 is decreasing. They started reporting these vulnerable instances on 2022-08-13:

Shadowserver’s New Public Dashboard

Location of vulnerable Zimbra Collaboration Suite systems, treemap by country:

https://dashboard.shadowserver.org/statistics/combined/tree/?day=2022-08-31&source=http_vulnerable&tag=zimbra%3Bcve-2022-37042&geo=all&data_set=count

Shadowserver’s New Public Dashboard

Read more about recent Zimbra ZCS CVE-2022-27925 and CVE-2022-37042 here: https://www.cisa.gov/uscert/ncas/alerts/aa22-228a

Let’s push to reduce the amount of vulnerable instances even further!

3)  Mirai/IoT related botnet infections are on the rise again. What is the root cause and how can we work together to more effectively combat these threats?

https://dashboard.shadowserver.org/statistics/combined/time-series/?date_range=180&source=honeypot&tag=mirai&style=stacked

Shadowserver’s New Public Dashboard

World map of detected Mirai bot locations:

https://dashboard.shadowserver.org/statistics/combined/map/?map_type=std&day=2022-08-31&source=honeypot&tag=mirai&geo=all&data_set=count&scale=log

Shadowserver’s New Public Dashboard

As you can see, these examples are only the tip of the iceberg. Petabytes of global cyber threat data, including some unique data sets, are being aggregated and made available to the public for interactive exploration and visualization – for the first time.

 

Related Posts
Shadowserver’s New Public Dashboard

ChatGPT Powered Malware Bypasses EDR

In research by Jeff Sims at HYAS, he creates “Blackmamba,” an “AI synthesize polymorphic keylogger” that uses python to modify its program randomly. The basic components of this polymorphic keylogger require a LLM, large language model like ChatGPT. The malicious...

read more
Shadowserver’s New Public Dashboard

Windows zero-day & Outlook zero-day resolved

The company corrects actively exploited vulnerabilities that affected Microsoft Outlook and the Windows OS in this month's batch of security updates.   Microsoft plugged two zero-days, one affecting Windows systems and another in Microsoft Outlook, for March...

read more

Pin It on Pinterest