The non-profit Shadowserver Foundation (https://shadowserver.org) has been active for over 15 years, delivering free daily cyber threat intelligence feeds to National CSIRTs (over 201 National CSIRTs covering 175 countries and territories) and many other organizations that have an Internet presence (over 8000 organizations worldwide, including Sectoral CSIRTs, ISP/CSPs, hosting providers, enterprises, banks, academia, hospitals, SMEs, etc).
The talk will provide an overview of how Shadowserver performs large-scale information collection and sharing of cyber security incidents it observes as well as the challenges faced. From scanning to honeypots and malware sinkholing, we will describe the techniques used for the above process, setting the stage for a deeper dive into the attack surface and threat landscape of the Netherlands (and how it compares to other EU Member States and the World). We will then analyze key large-scale Internet cyber security incidents related to exposed Internet-facing assets in the past year in the Netherlands (as seen through Shadowserver datasets). We will conclude with the latest trends in attacks we see and lessons learned at handling them on a global level.
