Latest Tumbleweed Dark Traffic Report Shows 300% Rise In Denial of Service Attacks; Over 40% of Enterprises Surveyed Use Email Address as Single-Sign-On Credentials.REDWOOD CITY Redwood City, city (1990 pop. 66,072), seat of San Mateo co., W Calif., on San Francisco Bay; inc. 1868. Manufactures include commmunications, electrical, electronic, and medical equipment. , Calif. -- Headline of release should read: Latest Tumbleweed tumbleweed, any of several plants, particularly abundant in prairie and steppe regions, that commonly break from their roots at maturity and, drying into a rounded tangle of light, stiff branches, roll before the wind, covering long distances and scattering seed as Dark Traffic Report Shows 300% Rise In Denial in denial Psychiatry To be in a state of denying the existence or effects of an ego defense mechanism. See Denial. of Service Attacks (sted Latest Tumbleweed Dark Traffic Report Shows 300% Rise in Directory Harvest Attacks). The corrected release reads: LATEST TUMBLEWEED DARK TRAFFIC REPORT SHOWS 300% RISE IN DENIAL OF SERVICE ATTACKS; OVER 40% OF ENTERPRISES SURVEYED USE EMAIL ADDRESS See Internet address. AS SINGLE-SIGN-ON CREDENTIALS Tumbleweed(R) Communications Corp. (Nasdaq:TMWD), a leading provider of email See e-mail. security, file transfer security, and identity validation solutions, today announced the release of the second Dark Traffic(TM) Report covering Q3 of 2005. The Dark Traffic Report includes data on the prevalence of network-level threats to email infrastructures and the impact to organizations, and can be downloaded at: http://www.tumbleweed.com/pdfs/TMWD_Dark_Traffic_Email_ Report_Q3_2005.pdf (Due to its length, this URL URL in full Uniform Resource Locator Address of a resource on the Internet. The resource can be any type of file stored on a server, such as a Web page, a text file, a graphics file, or an application program. may need to be copied/ pasted into your Internet browser's address field. Remove the extra space if one exists.) Dark Traffic, now accounting for 83 percent of all inbound email network traffic, is made up of Directory Harvest Attacks (DHA DHA docosahexaenoic acid. DHA, n.pr See acid, docosahexaenoic. ), email Denial of Service A condition in which a system can no longer respond to normal requests. See denial of service attack. (DoS) attacks, malformed malĀ·formed adj. Abnormally or faultily formed. SMTP (Simple Mail Transfer Protocol) The standard e-mail protocol on the Internet and part of the TCP/IP protocol suite, as defined by IETF RFC 2821. SMTP defines the message format and the message transfer agent (MTA), which stores and forwards the mail. packets, invalid recipient addresses, and other requests and communications unrelated to the delivery of valid email messages. The Dark Traffic Report defines and analyzes email security information gathered through a combination of research interviews with enterprise IT and email administrators, and taps of raw email network data aggregated from traffic monitors positioned in top enterprises throughout the U.S. For the period running from July through September 2005, invalid Dark Traffic accounted for 83 percent of the inbound email network traffic being processed by enterprises based on a sampling of over 100 million messages. Represented another way, valid messages accounted for 17 percent of inbound enterprise traffic. It is important to note that, of these valid messages, a significant percentage are later determined by content filters to be unwanted spam. In addition to direct measurement of email network traffic in the U.S. and overseas, this report also includes the results of a survey of over 100 top enterprise IT and email administrators in the U.S. which shows that there is still a large gap between the perceived amount of Dark Traffic and the actual amount organizations receive. Other findings available in this report include: --Growth in Denial of Service Attacks: 300% --Growth in Directory Harvest Attacks: 170% --Percentage of inbound SMTP traffic that is addressed to invalid recipients: 43% --Over 40% of enterprises surveyed use an employee's email address as the network login username. Successful DHA's can put network security at risk. Most email administrators lack visibility into the composition of inbound port 25 traffic, and therefore have no ability to shape it. They only see the impacts of Dark Traffic indirectly, for example when comparing the volume of accepted messages to the volume of delivered messages, or via large outbound queues of non-delivery notices. As a result of the huge volumes of Dark Traffic email that organizations receive, they continue to add additional email servers and email security appliances to process the excessive invalid email traffic they receive. "In our first Dark Traffic Report in Q1 of 2005, we were genuinely surprised at the amount of hidden traffic flowing into the enterprise under the radar This article is about the magazine. For other uses, see Under the Radar (disambiguation). Under the Radar is an American magazine that bills itself as "The solution to music pollution." It features interviews with accompanying photo-shoots. . In compiling this latest Dark Traffic report, we were again surprised to see such large jumps in Directory Harvest Attacks and Denial of Service Attacks," said John Thielens, CTO (Chief Technical Officer) The executive responsible for the technical direction of an organization. See CIO and salary survey. of Tumbleweed Communications. "Enterprises are spending far too much on email infrastructure to handle the 80-plus percent of useless traffic that could be stopped at the network perimeter." About Email Denial of Service Attacks Email Denial of Service attacks (also called "DoS attacks," "mail bombing" or "flooding") attempt to overwhelm an email relay or server with a huge volume of messages, causing the server to drop connections or refuse legitimate email. Distributed DoS attacks (DDoS) are often launched from armies of zombie computers that have been infected with email viruses, worms, or spyware. These zombies Zombies Companies that continue to operate even though they are insolvent. Also known as living dead. Notes: It's advisable to avoid investing in zombies at all costs their life expectancies are highly unpredictable. can be controlled remotely by the hacker who sent them, and can be targeted to attack one or more specific victims. DoS attacks are generally malicious in nature, with the goal of disabling a targeted organization's network. Note that in the Dark Traffic Report, we are only focusing on DoS attacks in email -- DoS attacks exist across many other Internet protocols outside of our purview The part of a statute or a law that delineates its purpose and scope. Purview refers to the enacting part of a statute. It generally begins with the words be it enacted and continues as far as the repealing clause. here, including HTTP, IM, FTP FTP in full file transfer protocol Internet protocol that allows a computer to send files to or receive files from another computer. Like many Internet resources, FTP works by means of a client-server architecture; the user runs client software to connect to , RPC (Remote Procedure Call) A programming interface that allows one program to use the services of another program in a remote machine. The calling program sends a message and data to the remote program, which is executed, and results are passed back to the calling , etc. About Directory Harvest Attacks The goal of a Directory Harvest Attack (DHA) is to identify valid email addresses within a given domain. The traditional purpose has been to gather lists of valid email addresses for resale or for targeting future spam attacks. But with the rise of Active Directory and single sign-on technologies in the enterprise, the threat extends to network and information security. Network login credentials and email address are often configured to be the same. As a result, email application security is critical to prevent directory loss, which can deliver thousands of usernames to outsiders, allowing them to focus cracking efforts on the exact username list with the goal of breaching the network itself. This puts confidential operational and customer data at risk of compromise. About Tumbleweed Communications Corp. Tumbleweed provides security solutions for email protection, file transfers, and identity validation that allow organizations to safely conduct business over the Internet. Tumbleweed offers these solutions in three comprehensive product suites: MailGate(R), SecureTransport(TM), and Validation Authority(TM). MailGate provides protection against spam, viruses, and attacks, and enables policy-based message filtering, encryption, and routing. SecureTransport enables business to safely exchange large files and transactions without proprietary software. Validation Authority is the world-leading solution for determining the validity of digital certificates. Tumbleweed's enterprise and government customers include ABN Amro, Bank of America
Bank of America (NYSE: BAC TYO: 8648 ) is the largest commercial bank in the United States in terms of deposits, and the largest company of its kind in the world. Securities, Catholic Healthcare West Catholic Healthcare West (CHW) is a California not-for-profit public benefit corporation that operates hospitals in California, Arizona, and Nevada[1]. As such, it is exempt from federal and state income taxes. , JP Morgan Chase & Co., The Regence Group (Blue Cross/Blue Shield), St. Luke's Episcopal Healthcare System, the U.S. Food and Drug Administration, the U.S. Department of Defense, and all four branches of the U.S. Armed Forces. Tumbleweed was founded in 1993 and is headquartered in Redwood City, Calif. For additional information about Tumbleweed go to www.tumbleweed.com or call 650-216-2000. Tumbleweed, MailGate, SecureTransport, Validation Authority and Dark Traffic are either registered trademarks or trademarks of Tumbleweed Communications Corp. in the United States and/or other countries. All other trademarks are the property of their respective owners. SAFE HARBOR Safe Harbor 1. A legal provision to reduce or eliminate liability as long as good faith is demonstrated. 2. A form of shark repellent implemented by a target company acquiring a business that is so poorly regulated that the target itself is less attractive. STATEMENT Tumbleweed cautions that forward-looking statements contained in this press release are based on current plans and expectations, and that a number of factors could cause the actual results to differ materially from the guidance given at this time. These factors are described in the Safe Harbor statement below. Except for the historical information contained herein, the matters discussed in this press release may constitute forward-looking statements that involve risks and uncertainties that could cause actual results to differ materially from those projected, particularly with respect to Tumbleweed's ability to identify and quantify Denial of Service attacks, Directory Harvest Attacks and other Dark Traffic, as well as the performance and functionality of Tumbleweed's products. In some cases, forward-looking statements can be identified by terminology such as "may," "will," "should," "potential," "continue," "expects," "anticipates," "intends," "plans," "believes," "estimates," and similar expressions. For further cautions about the risks of investing in Tumbleweed, we refer you to the documents Tumbleweed files from time to time with the Securities and Exchange Commission, particularly Tumbleweed's Form 10-K Form 10-K A report required by the SEC from exchange-listed companies that provides for annual disclosure of certain financial information. Form 10-K See 10-K. filed March 16, 2005 and Form 10-Q Form 10-Q See 10-Q. filed November 2, 2005. Tumbleweed assumes no obligation to update information contained in this press release, including for example its guidance regarding its future performance, which represents Tumbleweed's expectations only as of the date of this release and should not be viewed as a statement about Tumbleweed's expectations after such date. Although this release may remain available on Tumbleweed's website or elsewhere, its continued availability does not indicate that Tumbleweed is reaffirming or confirming any of the information contained herein. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion