Cloud hosting company FireHost has released its Q2 quarterly web application attack statistics. These statistics track the prevalence of four distinct types of cyberattacks that pose the most serious threat to businesses, comprising CSRF, XSS, SQL Injection and Directory Traversal. The report claims to see an increase in blended, automated cyber attacks.
Detailing almost 24 million cyber attacks, FireHost has seen a large percentage increase in the number of common web attacks such as SQL Injection and Cross-Site Request Forgery. This increase can be attributed to ease of automation, enabling hackers to combine these techniques to quickly and surreptitiously steal data, install malware on servers, assimilate new botnet zombies or simply take down a site.
Cross-site Scripting (XSS)
Compared with Q1 2013, the volume of Cross-Site Request Forgery (CSRF) attacks rose 16 percent while SQL Injection attacks, which have increased in each of the last five quarters, rose another 28 percent in Q2 2013.
Although Cross-site Scripting (XSS) is still the most prevalent attack type, with more than 1.2 million attacks being blocked this quarter, the small percentage increase (just 0.7 percent) in this type of attack suggests that XSS, when used in concert with other exploits, enables cybercriminals to gain access to more complex, higher reward attack vectors. What’s even more alarming is that these blended, automated attacks are being used increasingly from within cloud service provider networks.
“Cybercriminals can easily deploy and administer powerful botnets that run on cloud infrastructure,” said FireHost founder and CEO Chris Drake. “Unfortunately, many cloud providers don’t adequately validate new customer sign-ups so opening accounts with fake information is quite easy. Once the account is created, application programming interfaces can be leveraged to deploy a lot of computing power on fast networks, giving a person the ability to create substantial havoc with minimal effort.”
FireHost has secure cloud servers available in data centers in Dallas, Phoenix, London and Amsterdam, with geographically redundant business continuity options across all sites. Headquartered in Dallas, with offices in Phoenix and London FireHost claims to be the chosen secure cloud service provider for brands that won’t compromise on the security of their payment card, healthcare and other highly sensitive data.