International Partners – ShadowServer

Posted by & filed under National CSIRT-CY Activities, Security News.

 

The operations of the National Computer Security Incident Response Team of Cyprus (National CSIRT-CY) are vital for the secure functioning of the state and its economy. As a governmental entity and as the technical branch of the Digital Security Authority of the Republic of Cyprus, National CSIRT-CY is responsible for ensuring a robust cybersecurity posture for the Republic. Among the most important services offered by National CSIRT-CY is incident management handling while addressing cyber threats effectively, preventing in this way interference with the normal functioning of its constituents.

National CSIRT-CY has within its purview a range of critical facilities, for instance, Critical Information Infrastructure (CII), Banks, Digital Service Providers (DSPs) and Internet service providers (ISPs). For this reason, acting proactively is imperative for the security of the critical infrastructure. To carry out its mission effectively, National CSIRT-CY bases its operations on several services.

One of the most valuable operations of National CSIRT-CY which contributes greatly to proactive security is the processing of threat intelligence, daily reports and feeds received by external sources concerning current threats and malicious internet activity. One such external source is Shadowserver, a platform which provides valuable information and insights relating to emerging security threats.

The Shadowserver Foundation is a nonprofit organization founded in 2004 by a team of volunteers. Today its team maintains a global infrastructure spanning eighty countries. Shadowserver seeks to enhance the security posture of governments and major organizations by providing a platform for sharing knowledge on malicious activity online. The main goal of the Shadowserver Foundation is to foster collaboration and to contribute to a culture in which the cybersecurity industry delivers ever greater service and capability.

Shadowserver serves an extensive network of entities that belong both in the governmental and private sectors. Apart from the large CSIRT network which provisions, and in which National CSIRT-CY participates, Shadowserver collaborates with major organizations such as Europol’s European Cybercrime Centre (EC3), Trend Micro, and the European Organization for Nuclear Research (CERN).

Its close collaboration with CSIRTs is evident by the support it receives from the national CSIRTs of Cyprus, Germany, Spain, Poland, Austria, Netherlands, Latvia, and Japan. Other entities and organizations contributing to Shadowserver’s operations include regional, national, and international law enforcement agencies, enterprises, banks, ISPs, hosting companies, colleges, universities, nonprofits and others.

The basic functions that Shadowserver fulfils are data collection and analysis, network reporting, and investigation support. As part of its data analysis function, Shadowserver maintains one of the largest repositories of security information in the world. Approximately four billion IPv4 addresses are analyzed, while more than half a million unique malware samples are ingested and analyzed by sandboxes every day. There are also more than 1.25 billion malware samples in Shadowserver’s malware repository. The specific types of data that Shadowserver analyses, include ASN, bots, botnets, DDoS, geolocations, malware, scans, and URLs.

Moreover, Shadowserver sends custom remediation reports to more than four thousand vetted subscribers, including about a hundred national governments and many Fortune 500 companies.

When it comes to investigation support, Shadowserver provides CSIRTs and law enforcement agencies around the world with the insights and capabilities required to conduct effective local, regional, or international security investigations.

National CSIRT-CY proudly partakes in the extensive network of entities and organizations that cherish the services offered by the Shadowserver Foundation. Shadowserver is one of National CSIRT-CY’s primary threat intelligence sources. For this purpose, National CSIRT-CY maintains a dedicated server as part of Shadowserver’s infrastructure for exchanging information. Receiving threat intelligence feeds on current malicious activity online, significantly increases National CSIRT-CY’s ability to perform proactive services and to inform its constitutes on security issues arising in their networks. Those feeds are also useful in the development of in house-applications, further contributing towards making the Internet a safer place.

Close collaboration with the Shadowserver Foundation offers valuable operational intelligence enhancement. This puts National CSIRT-CY on the map of organizations and other entities which share the privilege of using Shadowserver’s services to improve their ability to respond to incidents and act proactively on security threats that could potentially have a significant impact on the normal operations of the state and its supporting services.