Example: Exchange servers

الإحصائيات العامة · سلسلة زمنية

A stacked graph showing the number of IPv4 & IPv6 addresses detected responding each day over the past week, globally, tagged as CVE-2023-36439.

الإحصائيات العامة · تصور · جدول

A table showing the number of IPv4 & IPv6 addresses detected responding each day over the past DAY, globally, tagged as CVE-2023-36439.

الإحصائيات العامة · خريطة الشجرة

A tree map showing the number of IPv4 & IPv6 addresses detected on a set date, tagged as CVE-2023-36439, with the number per country represented proportionally.

Clicking on a country segment gives a breakdown of sources plus general statistics sourced from the CIA world factbook.

Example: Exposed CWMP devices

الإحصائيات العامة · سلسلة زمنية

A timeline showing 2 years’ worth of historic data (the maximum span in public dashboard) - in this case for Saudi Arabia demonstrating the number of exposed CWMP device IP addresses detected each day.

Note: This graph shows a vast improvement in terms of CWMP exposure at the end of January 2023

Example: MISP instances

إحصائيات جهاز إنترنت الأشياء · تصور · رسم بياني شريطي

A number of devices and software solutions can be fingerprinted during scanning. This graph shows (on a logarithmic scale) the number of IP addresses detected each day on average, over the past month, with MISP instances running.

Example: الثغرات الأمنية المستغلة

Attack statistics: Vulnerabilities · Monitoring

The top 100 detected attempted exploitable vulnerabilities (out of those Shadowserver monitors in our honeypots), initially sorted by number of unique attacking IP’s over the past day.

Clicking the Map option allows the user to swap between “Source” and “Destination” Host Types (i.e. attacking IP geolocation Vs honeypot IP geolocation).

Note: An attacking geolocation may or may not accurately represent the location of the attacker themselves.

Example: Interpreting events

Using the dashboard to help interpret events: Anomalous increase in exposed CWMP devices (believed Huawei home routers) in Egypt, followed by Mirai attacks originating from the same country.

Note: Shadowserver worked with Egyptian nCSIRT to notify & remediate.

إحصائيات جهاز إنترنت الأشياء · سلسلة زمنية

Observation of increase in volume of exposed IoT devices announced on Egyptian infrastructure on/around 2023-01-05.

Query

إحصائيات جهاز إنترنت الأشياء · خريطة الشجرة حسب الشركة المصّنعة

Stepping backwards and forwards through dates shows devices likely to be newly visible Huawei devices from 2023-01-05.

Query

الإحصائيات العامة · سلسلة زمنية

Associated spike in exposed CWMP detections from scanning matching the 2023-01-05 spike.

Query

Shadowserver honeypot sensors identified suspected Egyptian compromised devices launching Mirai and brute force attacks.

Query

And corresponding Telnet Brute Force attacks emanating from Egyptian compromised devices.

Query

Using multiple sources and selecting Tag and Overlapping options allows for the observations to be rendered on the same graph.

Query

Example: Special reports

Occasionally Shadowserver releases one-off special reports. We announce the data on X/Twitter and on our website - but after the event you might want to know the relevant dates. A way to find the dates is to use the Time Series chart looking for Special Report dates - and then you can transfer those dates into other representations better suited to single day statistics (such as maps or tree maps). Special reports have source set to special on the dashboard.

Searching for Special Reports on a Time Series chart:

Query

Tree map for an example Special Report found on 2024-01-29:

For a list of Special reports please review the list of reports on our main website. Special reports will have “Special” in their name.

Example: Time-series charts

Toggling high contrast

Output Time Series charts by default come with a light grey colour for the axis lines. By choosing “Toggle High Contrast” it is possible to make the axis lines black - which may be easier for reproduction in reports.

Toggling visibility

When multiple data series are presented in a Time Series chart - each data series will be named underneath. By selecting “Toggle Visibility”, it is possible to unselect all data series from the view.
Then you can click on just the items you wish to display by name beneath the chart. The scale will automatically adjust to accommodate the data series/combinations you choose.

Toggling stacking

When multiple data series are presented in a Time Series chart there are TWO ways to view overlapping data (as opposed to stacked datasets). The first is to use the “overlapping” toggle button on the left hand side of the screen. This will produce charts with clean lines for each dataset.
Alternatively, use the hamburger selector’s “Toggle Stacking” option to produce charts with each dataset having its own colour fill. Depending on your data, different approaches may produce clearer results.

تم تمويل تطوير لوحة بيانات Shadowserver بواسطة UK FCDO إحصائيات بصمات أجهزة إنترنت الأشياء وإحصائيات هجوم المصائد تم تمويلها بشكل مشترك من قبل برنامج Connecting Europe Facility التابع للاتحاد الأوروبي (EU CEF VARIoT project).

نود أن نتقدم بالشكر لجميع شركائنا الذين تكرموا بالمساهمة في البيانات المستخدمة في لوحة بيانات Shadowserver، بما في ذلك (حسب الترتيب الأبجدي) APNIC Community Feeds, CISPA, if-is.net, Kryptos Logic, SecurityScorecard, Yokohama National University وكل من اختار عدم الكشف عن هويته.

تستخدم Shadowserver ملفات تعريف الارتباط لجمع التحليلات. يتيح لنا ذلك قياس كيفية استخدام الموقع وتحسين تجربة مستخدمينا. لمزيد من المعلومات حول ملفات تعريف الارتباط وكيفية استخدام Shadowserver لها، يرجى الاطلاع على سياسة الخصوصية الخاصة بنا على privacy policy. نحن نحتاج إلى موافقتك على استخدام ملفات تعريف الارتباط بهذه الطريقة على جهازك.