Latest Tumbleweed Dark Traffic Report Shows 300% Rise In Denial of Service Attacks; Over 40% of Enterprises Surveyed Use Email Address as Single-Sign-On Credentials

Business Wire, Dec 13, 2005

REDWOOD CITY, Calif. -- Headline of release should read: Latest Tumbleweed Dark Traffic Report Shows 300% Rise In Denial of Service Attacks (sted Latest Tumbleweed Dark Traffic Report Shows 300% Rise in Directory Harvest Attacks).

The corrected release reads:

LATEST TUMBLEWEED DARK TRAFFIC REPORT SHOWS 300% RISE IN DENIAL OF SERVICE ATTACKS; OVER 40% OF ENTERPRISES SURVEYED USE EMAIL ADDRESS AS SINGLE-SIGN-ON CREDENTIALS

Tumbleweed(R) Communications Corp. (Nasdaq:TMWD), a leading provider of email security, file transfer security, and identity validation solutions, today announced the release of the second Dark Traffic(TM) Report covering Q3 of 2005. The Dark Traffic Report includes data on the prevalence of network-level threats to email infrastructures and the impact to organizations, and can be downloaded at: http://www.tumbleweed.com/pdfs/TMWD_Dark_Traffic_Email_ Report_Q3_2005.pdf (Due to its length, this URL may need to be copied/ pasted into your Internet browser's address field. Remove the extra space if one exists.)

Dark Traffic, now accounting for 83 percent of all inbound email network traffic, is made up of Directory Harvest Attacks (DHA), email Denial of Service (DoS) attacks, malformed SMTP packets, invalid recipient addresses, and other requests and communications unrelated to the delivery of valid email messages. The Dark Traffic Report defines and analyzes email security information gathered through a combination of research interviews with enterprise IT and email administrators, and taps of raw email network data aggregated from traffic monitors positioned in top enterprises throughout the U.S.

For the period running from July through September 2005, invalid Dark Traffic accounted for 83 percent of the inbound email network traffic being processed by enterprises based on a sampling of over 100 million messages. Represented another way, valid messages accounted for 17 percent of inbound enterprise traffic. It is important to note that, of these valid messages, a significant percentage are later determined by content filters to be unwanted spam.

In addition to direct measurement of email network traffic in the U.S. and overseas, this report also includes the results of a survey of over 100 top enterprise IT and email administrators in the U.S. which shows that there is still a large gap between the perceived amount of Dark Traffic and the actual amount organizations receive.

Other findings available in this report include:

--Growth in Denial of Service Attacks: 300%

--Growth in Directory Harvest Attacks: 170%

--Percentage of inbound SMTP traffic that is addressed to invalid recipients: 43%

--Over 40% of enterprises surveyed use an employee's email address as the network login username. Successful DHA's can put network security at risk.

Most email administrators lack visibility into the composition of inbound port 25 traffic, and therefore have no ability to shape it. They only see the impacts of Dark Traffic indirectly, for example when comparing the volume of accepted messages to the volume of delivered messages, or via large outbound queues of non-delivery notices. As a result of the huge volumes of Dark Traffic email that organizations receive, they continue to add additional email servers and email security appliances to process the excessive invalid email traffic they receive.

"In our first Dark Traffic Report in Q1 of 2005, we were genuinely surprised at the amount of hidden traffic flowing into the enterprise under the radar. In compiling this latest Dark Traffic report, we were again surprised to see such large jumps in Directory Harvest Attacks and Denial of Service Attacks," said John Thielens, CTO of Tumbleweed Communications. "Enterprises are spending far too much on email infrastructure to handle the 80-plus percent of useless traffic that could be stopped at the network perimeter."

About Email Denial of Service Attacks

Email Denial of Service attacks (also called "DoS attacks," "mail bombing" or "flooding") attempt to overwhelm an email relay or server with a huge volume of messages, causing the server to drop connections or refuse legitimate email. Distributed DoS attacks (DDoS) are often launched from armies of zombie computers that have been infected with email viruses, worms, or spyware. These zombies can be controlled remotely by the hacker who sent them, and can be targeted to attack one or more specific victims. DoS attacks are generally malicious in nature, with the goal of disabling a targeted organization's network. Note that in the Dark Traffic Report, we are only focusing on DoS attacks in email -- DoS attacks exist across many other Internet protocols outside of our purview here, including HTTP, IM, FTP, RPC, etc.

About Directory Harvest Attacks

The goal of a Directory Harvest Attack (DHA) is to identify valid email addresses within a given domain. The traditional purpose has been to gather lists of valid email addresses for resale or for targeting future spam attacks. But with the rise of Active Directory and single sign-on technologies in the enterprise, the threat extends to network and information security. Network login credentials and email address are often configured to be the same. As a result, email application security is critical to prevent directory loss, which can deliver thousands of usernames to outsiders, allowing them to focus cracking efforts on the exact username list with the goal of breaching the network itself. This puts confidential operational and customer data at risk of compromise.