Countless malware threats that have previously been contained are at risk of being released into the wild again.
This is because the world’s largest non-profit cybersecurity organisation, Shadowserver, is at risk of shutting down.
Shadowserver has historically aided federal law enforcement institutions, including the FBI, in “sinkholing” domain names which are used by extensive malware operations.
“Sinkholing” refers to the redirection of malicious Internet traffic so that law enforcement officials and other experts can capture and analyse this traffic.
This often also results in legal action being taken against those running these malware operations to ensure they lose power over their maliciously-used resources.
Shadowserver at risk
Shadowserver has published a statement stating that it is desperate for financial assistance from donors.
This is because Cisco recently informed Shadowserver that it would no longer provide support to the organisation.
Cisco has been the primary funding source of Shadowserver for over 15 years, and its withdrawal leaves Shadowserver at risk of being unable to continue operating.
“Consequently, Shadowserver unexpectedly lost seven donated-in US technical staff at short notice, and now has to move its entire US data centre (104 racks, 1,340 servers, ~12 petabytes of storage) somewhere else before 26 May 2020 to keep operating,” said Shadowserver.
It added that it does not have the appropriate cash reserves available to cover the situation, and will therefore require financial support from its community if it is to continue.
What is needed
To continuing operating, Shadowserver needs $400,000 in commitments by 31 March, while these commitments will need to be paid by 15 May.
In total, however, Shadowserver will have $2.1 million in total 2020 costs.
“We know that this unexpected news and the externally enforced timeline for finding a solution will be a shock to everyone,” said Shadowserver.
“At this time of global uncertainty and the worsening COVID-19 pandemic, the traditional security perimeters of many organizations are being unexpectedly and rapidly expanded – increasing the potential attack surfaces for cyber criminals to exploit.”
“The enforced need for home working and access to accurate healthcare information means that we are all now, more than ever, dependent on a secure, reliable Internet.”
What happens if Shadowserver shuts down
Shadowserver also outlined what would happen if it was unable to meet its financial obligations.
“Without immediate assistance from our friends and supporters in the global community, who we have served to the best of our ability for the past 15 years, The Shadowserver Foundation will no longer be able to continue to operate most of our core public benefit services, including free daily network reports for all constituents,” said Shadowserver.
“This will remove our ability to notify National CERTs/CSIRTs and network owners of infected victims inside their networks, and prevent timely remediation of abusable, misconfigured, or compromised devices globally.”
Shadowserver added that its services are particularly important in the midst of the COVID-19 coronavirus outbreak, as many people from around the world are heavily reliant on the Internet to receive information about the virus.
Additionally, Shadowserver is currently protecting millions of malware-infected victims across the world from being used by cybercriminals – protection that would end if Shadowserver could not continue to operate.
“We call on all impacted constituents, partners, and members of the community to urgently rally to support Shadowserver’s continuing public benefit operation,” said Shadowserver.
Shadowserver in South Africa
Shadowserver told MyBroadband that South Africa is one of the countries with a National CERT-level organisation that does not receive reports from Shadowserver.
However, it has many other constituents in South Africa – including ISPs, banks, and universities.
“There are victims and affected organizations in every country in the world,” said Shadowserver.
“The more scary part is that Shadowserver has been quietly keeping the world safer even if they were never aware of it.”
Shadowserver added that if its service were to go away, the “hidden shield” it provides will vanish.
“All the current fenced-off victims will be released and raise the possibility of being re-victimized for the malware they are already infected with, but held safely by us right now,” Shadowserver explained.
Shadowserver said that while it would appreciate support from national entities, its product remains free-of-charge.
“Of course we would prefer to see all the National CERT’s push the remediation harder, but our data comes without any strings,” said Shadowserver.
“It is free to use as each organisation wishes, and at the same price, free.”
Shadowserver said it welcomes any and all assistance in funding its new resources.
“It has been all hands on deck to raise the funding to first move our data centre, and second to pay for sustaining Shadowserver. Any organisation out there that would want to help, we are interested in hearing from them.”