M3AAWG Recommends Adding New Email Header to Mitigate List Bomb Attacks from Subscription Sign-Up Forms
SAN FRANCISCO, Nov. 29, 2017 (GLOBE NEWSWIRE) -- Noticing an increase in "list bomb" activity, the Messaging, Malware and Mobile Anti-Abuse Working Group is recommending all blogs and websites with a newsletter or sign-up form add a new header to their verification emails that will help identify and disrupt these attacks. The assault tactic is often used to hide security alerts of illicit activities or to prevent someone, such as a journalist, from receiving vital information.
In the assaults, also called a web-form sign-up attack, criminals use bots to subscribe their targeted victims to thousands of newsletters or other services that automatically send verification emails. The resulting surge of confirmation emails, in effect, creates a DDoS (Distributed Denial of Service) attack against the users' inboxes. Very often, buried within the unmanageable mountain of verification messages is a notice from a credit card company or other financial institution outlining a forged transaction or an account password reset alert that the victim will never see.
"A few years ago, a torrent of useless verification messages bombarding a user's inbox was an isolated event and was probably the result of a grudge against someone. But today criminals have started using these attacks to subvert the security notifications that many banks, services and e-tailers are now sending. Their aim is to submerge the specific alert email with details of their fraudulent activities under a sea of meaningless messages or to deny a journalist or activist access to their email altogether," said Severin Walker, M3AAWG Chairman of the Board.
Industry Collaboration Leads to IETF Internet Draft Header Specification
The new message header specification has been submitted to the IETF (Internet Engineering Task Force) at https://datatracker.ietf.org/doc/draft-levine-mailbomb-header/ and is explained in a short paper, M3AAWG Recommendation on Web Form Signup Attacks (www.m3aawg.org/WebFormAttacks), available in the Best Practices section of the M3AAWG website. The new header specifically identifies messages that originate as verification emails from a web-form, such as a subscription confirmation email, so that ISPs and email providers can take action to protect a user's inbox when an extraordinarily high volume of these messages come across their networks.
M3AAWG also recommends that all public subscription and web forms install one of the various types of CAPTCHA image or text challenges used to tell humans from automated sign-ups that are readily available. This will help protect against bots misusing the site's verification emails in an attack.
The header concept came out of discussions at the M3AAWG meeting in June among members who noted a significant increase in these attacks. An ad hoc technical session at the meeting with members from different segments of the messaging industry resulted in M3AAWG Senior Technical Advisor John Levine drafting the specification. At the following meeting in October, the first members to implement the new specification shared their experiences and reported the process was sustainable.
Levine said, "Criminals routinely use bots to crawl the global web looking for the millions of blogs and newsletter sign-up forms that don't have CAPTCHA then use these sites, with their weaker security, to sign-up victims as part of an attack. The new header is another level of protection that can have a significant impact on preventing list bombing and we are encouraging email service providers to implement it as soon as possible."
Web form attacks will continue to be monitored at the next M3AAWG meeting to be held February 19-22, 2018 in San Francisco. The multiple-track event is expected to attract more than 500 participants with sessions addressing diverse topics such as bot mitigation practices, social networking abuse, mobile abuse and pending legislation worldwide.
About the Messaging, Malware and Mobile Anti-Abuse Working Group (M 3 AAWG)
The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) is where the industry comes together to work against bots, malware, spam, viruses, denial-of-service attacks and other online exploitation. M3AAWG (www.m3aawg.org) members represent more than one billion mailboxes from some of the largest network operators worldwide. It leverages the depth and experience of its global membership to tackle abuse on existing networks and new emerging services through technology, collaboration and public policy. It also works to educate global policy makers on the technical and operational issues related to online abuse and messaging. Headquartered in San Francisco, Calif., M3AAWG is driven by market needs and supported by major network operators and messaging providers.
Media Contact: Linda Marcus, APR, +1-714-974-6356 (U.S. Pacific), LMarcus@astra.cc, Astra Communications
M3AAWG Board of Directors: AT&T; Cloudmark, Inc.; Comcast; dotmailer; Endurance International Group; Facebook; Google; LinkedIn; Mailchimp; Microsoft Corp.; Oath (Yahoo and AOL); Orange; Rackspace; Return Path; SendGrid, Inc.; Vade Secure.
M3AAWG Full Members: 1&1 Internet AG; Adobe Systems Inc.; Agora, Inc.; AOL; Campaign Monitor Pty.; Cisco Systems, Inc.; CloudFlare; Exact Target, Inc.; IBM; iContact; Inteliquent; Internet Initiative Japan (IIJ); Liberty Global; Listrak; Litmus; McAfee; Mimecast; Nominum, Inc.; Oracle Marketing Cloud; OVH; PayPal; Proofpoint; Spamhaus; Sparkpost; Splio; Sprint; Symantec; and USAA.
A complete member list is available at http://www.m3aawg.org/about/roster.
The issuer of this announcement warrants that they are solely responsible for the content, accuracy and originality of the information contained therein.
Source: Messaging Anti-Abuse Working Group (M3AAWG) via Globenewswire
Om Nasdaq GlobeNewswire
One Liberty Plaza - 165 Broadway
NY 10006 New York
+1 212 401 8700http://www.nasdaqomx.com
NASDAQ (NASDAQ: NDAQ) is a leading provider of trading, exchange technology, information and public company services across six continents.
Følg saker fra Nasdaq GlobeNewswire
Registrer deg med din epostadresse under for å få de nyeste sakene fra Nasdaq GlobeNewswire på epost fortløpende. Du kan melde deg av når som helst.
Siste saker fra Nasdaq GlobeNewswire
GridGain® Continues In-Memory Computing Industry Leadership in 201818.7.2018 09:00 | Pressemelding
GridGain Continues Rapid Growth, Delivers Product Innovations, Hosts Vital Industry Conferences and Earns Top Industry Accolades FOSTER CITY, Calif., July 18, 2018 (GLOBE NEWSWIRE) -- GridGain® Systems, provider of enterprise-grade in-memory computing solutions based on Apache® Ignite(TM), today announced continuing strong momentum for the first half of 2018. Key achievements during the first half of the year included more new customer wins in the first half of 2018 than in all of 2017, launching major new products including GridGain Professional Edition 2.4 and GridGain Cloud, winning several top industry accolades, and driving continued growth of the popular In-Memory Computing Summit® in Europe. Growth New customer acquisition surged during the first half of 2018 with the company acquiring 40 percent more new customers than were signed in all of 2017. New customers acquired in 2018 include leading companies in financial services, transportation, telecommunications, retail, healthcar
Cryptomining Replaces Ransomware as Most Popular Cybercrime Malware18.7.2018 09:00 | Pressemelding
Analysis of vulnerability and threat trends shows cryptomining malware dominates threat landscape in the first half of 2018 SAN JOSE, Calif., July 18, 2018 (GLOBE NEWSWIRE) -- Skybox® Security, a global leader in cybersecurity management, announced today the release of its mid-year update to the Vulnerability and Threat Trends Report which analyzes vulnerabilities, exploits and threats in play. The report, compiled by the team of security analysts at the Skybox® Research Lab, aims to help organizations align their security strategy with the reality of the current threat landscape. The mid-year update explores trends observed from January to June of 2018. One of the most significant findings is the replacement of ransomware as the cybercriminal tool of choice with cryptomining malware. In the last six months of 2017, ransomware accounted for 32 percent of attacks, while malicious cryptominers accounted for seven percent. By the first half of 2018, the figures had switched almost exactly
ERYTECH Pharma Reports Voting Results from Annual General Meeting Held on June 28, 201817.7.2018 22:30 | Pressemelding
LYON, France and CAMBRIDGE, Mass., July 17, 2018 (GLOBE NEWSWIRE) -- ERYTECH Pharma (Euronext:ERYP) (Nasdaq:ERYP) announced that its 2018 Annual General Meeting was held in Lyon on Thursday, June 28, 2018. At the meeting, all resolutions for which management recommended a vote in favor, were adopted, including: - Approval of the annual financial statements and consolidated financial statements for the year ended December 31, 2017 and quietus of directors; - Allocation of the financial year's results; - Approval of regulatory agreements and commitments referred to in Article L.225-38 of the French Commercial Code; - Approval of the regulations of the share subscription and/or purchase options plan adopted by the Board of Directors on June 27, 2017; - Authorization for the Board of Directors to grant share subscription and/or share purchase options and/or to issue detachable share subscription warrants to corporate officers and employees of the Company or companies in the ERYTECH Pharma
Williams Scotsman Receives Competition Bureau Clearance for ModSpace Acquisition17.7.2018 22:15 | Pressemelding
BALTIMORE, July 17, 2018 (GLOBE NEWSWIRE) -- WillScot Corporation (NASDAQ:WSC) ("Williams Scotsman"), a specialty rental services market leader providing innovative modular space and portable storage solutions across North America, today announced that, on July 16, 2018, the Canadian Competition Bureau issued a No Action Letter relating to Williams Scotsman's proposed acquisition of Modular Space Corporation ("ModSpace"). WillScot has now obtained the regulatory approvals required to complete the acquisition and continues to progress towards closing in the third quarter of 2018. About Williams Scotsman Headquartered in Baltimore, Maryland, WillScot Corporation is the public holding company for the Williams Scotsman family of companies in the United States, Canada and Mexico. WillScot Corporation trades on the NASDAQ stock exchange under the ticker symbol "WSC." Williams Scotsman is a specialty rental services market leader providing innovative modular space and portable storage solutio
Minerva Neurosciences Elects Jeryl Hilleman to Board of Directors17.7.2018 22:05 | Pressemelding
WALTHAM, Mass., July 17, 2018 (GLOBE NEWSWIRE) -- Minerva Neurosciences, Inc. (NASDAQ:NERV), a clinical-stage biopharmaceutical company focused on the development of therapies to treat central nervous system (CNS) disorders, today announced the election of Jeryl Hilleman to the Board of Directors of the Company. "Jeri brings a broad life sciences background to Minerva that includes high growth commercial biopharma, med-tech and data science companies," said William F. Doyle, Lead Independent Director of Minerva. "Her track record of delivering strategic and financial growth through execution, strategic partnering and multiple acquisitions will serve Minerva well as the Company completes five ongoing late-stage clinical trials with roluperidone, seltorexant and MIN-117." Ms. Hilleman is presently Chief Financial Officer of Intersect ENT (NASDAQ:XENT), a medical device company with commercial products for the treatment of chronic sinusitis. Previously, she served as CFO of several public
Orion Biotechnology Awarded a $2M Grant from National Center for Research and Development to Fund Further Development of its HIV Microbicide17.7.2018 21:00 | Pressemelding
OTTAWA, July 17, 2018 (GLOBE NEWSWIRE) -- Orion Biotechnology Canada Ltd., a developer of novel medical treatments, today announced that its European subsidiary, Orion Biotechnology Polska Sp. z o.o., was awarded a grant of $2M US dollars by the National Center for Research and Development . The grant will fund a project to advance development of the company's innovative microbicide candidate (OB-002H). Designed to prevent the transmission of HIV, OB-002H has the potential to address an urgent and growing need for an HIV prevention product that is affordable, appealing to use, and easily integrates into the lifestyles of people at risk for HIV infection regardless of age, sex or gender. The project is co-financed by the National Center for Research and Development under the InnoNeuroPharm program - Measure 1.2: Sectoral R & D programs of the Intelligent Development Operational Program 2014-2020. Orion Biotechnology will use the grant to complete IND enabling studies, advance OB-002H to
I vårt presserom finner du alle våre siste saker, kontaktpersoner, bilder, dokumenter og annen relevant informasjon om oss.Besøk vårt presserom