Volume of Dangerous Cross-Site Request Forgery Attacks up 132 Percent Since Q1 2012, FireHost Reports

FireHost's New IP Reputation Management Filters Block Hack Attempts From More Than One Million Known Attackers

Marketwired
Volume of Dangerous Cross-Site Request Forgery Attacks up 132 Percent Since Q1 2012, FireHost Reports
.

View photo

New: FireHost IP Reputation Management (IPRM) statistics Click here for high-resolution version

LONDON--(Marketwired - Apr 23, 2013) - Infosecurity Europe 2013 -- Secure cloud hosting company, FireHost, has announced today its Q1 2013 web application attack statistics, detailing the type and number of the most dangerous cyberattacks blocked by the firewalls that protect its servers in the U.S. and Europe between January and March 2013.

Compared with Q1 2012, the volume of Cross-Site Request Forgery (CSRF) attacks is up 132 percent at the end of Q1 2013. The CSRF attack measurement is part of FireHost's quarterly 'Superfecta' report. The Superfecta is a group of four cyberattacks* that pose the most serious threat to businesses and comprises of CSRF, Cross-site Scripting (XSS), SQL Injection and Directory Traversal. After CSRF, SQL Injection has seen the second most significant increase in frequency, rising 87 percent when comparing Q1 2012 to Q1 2013. 

Other key statistics for the Q1 2013 Superfecta include:

  • Total number of all attack types blocked by FireHost in Q1 2013: 29,713,520 (This includes attacks blocked by FireHost's new IP Reputation Management "IPRM" filters)
  • Total number of Superfecta attacks blocked in Q1 2013: 3,410,212 (up from 2,861,085 in Q1 2012)
  • Overall, Cross-Site scripting (XSS) was the most prevalent Superfecta attack type in Q1 2013 -- with more than 1.2M attacks being blocked

"The Superfecta represents the most dangerous type of cyberattack traffic, but these are by no means advanced or difficult attacks for cybercriminals to launch," said Chris Hinkley, CISSP -- a Senior Security Engineer at FireHost. "For example, cross-site request forgery attacks and cross site scripting attacks are extremely automated and require very little knowledge to implement. 

It only makes sense that CSRF attacks would increase due to more automated attacks in the arsenals of cybercriminals. SQL Injection attacks represent a smaller portion of the attack traffic we block for our customers, as these attacks require more expertise, but when they're successful, they are very effective. Many will remember or have even been affected by successful SQL Injection attacks on a number of global brands over the past few years. What these numbers really say is malicious web traffic is very diverse and businesses should ensure that they are doing as much as possible to mitigate it." 

For the first time, FireHost has also reported on its IP Reputation Management (IPRM) statistics. This involves preventing traffic from known un-trusted sources (such as the Russian Business Network or Chinese activist group) from even attempting to access FireHost web servers. 

IPRM was put into service by FireHost in Q4 2012 and sits in front of server firewalls. 

"IPRM does not have a significant impact on reducing Superfecta attacks overall, as they come from trusted sources and that is why they pose such a serious threat to security," continues Hinkley. "Our layered Intelligent Security Model™ will still block any attacks that get through IPRM, but it is designed primarily to reduce the impact on server resources. What's interesting is that where it made the most significant improvements was in reducing the number of other types of bad traffic, like denial of service attacks, command and control bots and other malware based attacks."

Liam Eagle, analyst, Internet infrastructure at 451 Research, agreed.

"Malicious website traffic has several harmful results -- along with the obvious security concerns, there is a performance impact," says Eagle. "An increase in the volume of traffic to a site demands an increase in resources like memory, processing and bandwidth. Preventing unwanted traffic from reaching a website or hosted environment has a direct and positive impact on infrastructure performance. It's not a coincidence that security and performance are two key criteria by which customers evaluate hosting services."

*Superfecta Definitions:

  • Cross-site Scripting (XSS) - Cross-site scripting involves the insertion of malicious code into webpages in order to manipulate website visitors. It is used by attackers for a range of reasons, from simply interfering with websites to launching phishing attacks against web users.

  • Directory Traversal - A Path Traversal attack aims to access files and directories that are stored outside the web root folder.

  • Cross-Site Request Forgery (CSRF) - CSRF is an attack that forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated.

  • SQL Injection - SQL Injection involves the entering of malicious commands into URLs and text fields on websites that happen to be vulnerable, usually in an attempt to steal the contents of databases storing valuable data such as credit card details or usernames and passwords. The attack vector has been associated with many high profile data breaches.

For more information about secure cloud hosting, please visit: http://www.firehost.com

About FireHost
FireHost offers the most secure cloud hosting available, protecting sensitive data and brand reputations of some of the largest companies in the world. With infrastructure built for security, compliance, performance and managed services, responsible businesses choose FireHost to reduce risk and improve the collection, storage and transmission of their most confidential data. Secure cloud servers, available in Dallas, Phoenix, London and Amsterdam, offer robust, geographically redundant business continuity options across all sites. Based in Dallas and funded by The Stephens Group, FireHost is the chosen secure cloud service provider for brands that won't compromise on the security of their payment card and healthcare data. http://www.firehost.com.

Follow FireHost on:
http://www.twitter.com/firehost
http://www.linkedin.com/company/firehost-inc.
http://www.facebook.com/FireHost

Contact:
Company Contact
Cathi Lane
FireHost
T +1.800.500.3167 x. 8133
E Email Contact

Editorial Contact
Jonathan Mathias and Mike Marquiss
Johnson King PR
T +44 (0) 20 7401 7968
E Email Contact
View Comments (0)