Report Incident

News > Cross-Site Scripting Attacks Up 160% in Final Quarter of 2012, Reveals FireHost

30 Jan 2013

64 million cyberattacks blocked by secure cloud hosting company in 2012.London, UK – January 29, 2013 — Secure cloud hosting company, FireHost, has today announced its Q4 2012 web application attack statistics, detailing the type and number of cyberattacks blocked by its servers in the US and Europe between October and December 2012. Throughout 2012, FireHost has blocked over 64 million malicious cyberattacks of all types, with Cross-Site Scripting being the most prolific ʻSuperfectaʼ attack type overall.Each quarter, FireHost reports on the Superfecta – a group of four cyberattacks that are the most dangerous – and warns that both Cross-Site Scripting and SQL Injection attacks have become even more prevalent since the third quarter of 2012. The four attack types which make up the Superfecta, and which pose the most serious threat to the private information hosted in your database are Cross-site Scripting (XSS), Directory Traversal, SQL Injection, and Cross-site Request Forgery (CSRF).Three out of the four Superfecta attack types rose in total count between Q3 and Q4 2012 – only Cross-site Request Forgery attacks saw a drop in volume. However, the large increase in Cross-Site Scripting attacks, which rose from just over one million in Q3 2012 to 2.6 million in Q4 – an increase of more than 160 percent, seemingly dwarfs the other three attack types with 57% of the Superfecta. Cross-site scripting involves the insertion of malicious code into webpages in order to manipulate website visitors. It is used by attackers for a range of reasons, from simply interfering with websites to launching phishing attacks against web users.Trends among the Superfecta attack techniques are demonstrated between Q4 and Q3 2012


“The change in frequency of the types of attack between quarters gives you an idea of how cybercriminals are constantly working to identify the path of least resistance,” said Chris Hinkley, CISSP – a Senior Security Engineer at FireHost. “During Q4, ecommerce sites in particular would have been very busy with Christmas sales. Hackers will rapidly go after these high value targets with attacks that are highly automated and, if they are not yielding useful payloads, the attackers are equipped to quickly try a different type of attack. This is why it is important to have an understanding of the kind of traffic that is accessing your hosted infrastructure, so that you can make sure that malicious traffic is diverted and that there is less risk to sensitive data.”Throughout the whole year, FireHost has blocked over 64 million malicious cyberattacks of all types, with Cross-Site Scripting being the most prolific Superfecta attack type overall, clocking in at 5.4 million blocked attacks.


As in Q3 2012, Europe is still the second most likely origin point for malicious traffic blocked by FireHost after North America, being the source of 13 percent of attacks. However, other regions have seen marked increases in the amount of attacks that are emanating from them, including Africa, Australia, and the Middle East. South and Central America were both the source of less malicious traffic between the most recent quarters.Kevin Mitnick, a world renowned public speaker, author, and consultant on computer security issues has relied on FireHost to protect his own website since 2009. In the last year alone, FireHost has mitigated 108,000 malicious attempts against the hosting environment, a significant number of which fall into the Superfecta categories.“Itʼs good to know that FireHost is staying on top of these security threats and itʼs clear that their team is working very hard to protect customers against these attack vectors which are threatening them every minute,” said Mitnick. “The escalating increase of XSS attacks in Q4 does not surprise me – any teenager with a web application scanner can initiate these attacks in their free time. This increase does show, however, that when your servers are plugged in they are going to be probed – likely within several minutes or so – and that itʼs really important to work with a hosting provider like FireHost who can exercise due diligence on your behalf and keep you from being compromised.”The risks to businesses from the Superfecta varies and depends upon the kind of data that could be stolen in the event of a successful attack, according to Todd Gleason, Director of Technology at FireHost, “Itʼs fairly obvious that, if you are retailer or service provider dealing with private customer data or payment card details, your business will present an attractive target for hackers. That being said, we also see attacks that have the potential to simply deface or interfere with and disrupt websites and applications. Even though no data is lost, the reputation of a company can still be seriously damaged.”

Source: fireHost News