Cybercriminals Using Cloud Infrastructure to Launch Attacks: Annual FireHost Report

Add Your Comments

Cloud infrastructure company FireHost blocked over 100 million malicious hack attempts in 2013, many of them coming from cloud service provider networks, according to a new report.

FireHost’s 2013 year in review “Superfecta” Attack Report supports claims made last month in a report from security service provider Solutionary that Amazon and GoDaddy hosted 30 percent of malware attacks.

“Cybercriminals can easily deploy and administer powerful botnets that run on cloud infrastructure,” said FireHost founder and CEO Chris Drake. “Unfortunately, many cloud providers don’t adequately validate new customer sign-ups so opening accounts with fake information is quite easy.”

The FireHost report identifies cross-site scripting and SQL injection as the most popular types of attack. It also suggests a “blackholing” effect is helping to protect customers, and that major security incidents reduce the quantity of attacks on corporate web applications in the short term.

While cross-site scripting was the most common form of attack throughout the year, SQL injection attacks increased “substantially” in each of the first three quarters.

The “blackholing” affect is caused by FireHost’s IP reputation management filter, which was implemented in Q4 2012. The company says that over time the filter has made customer IPs resemble darknet/honeypot space. FireHost attributes a 28 percent drop in number of attacks (from 32 to 23 million) from Q3 to Q4 2013 partially to this side effect.

FireHost believes another factor in the sudden drop in attacks is the well-publicized theft of customer credit card data from Target. During that attack and its aftermath, hackers were too busy trying to steal consumer data exposed during the busiest online retail season, or running up charges on successfully swiped card numbers. FireHost also cites an IRS data breach which seems to have led to a drop in attacks between spring and summer.

If FireHost’s major incident theory it true, than it would follow that if hackers can turn profit from the recent theft of Yahoo mail passwords, there is currently or soon will be a dip in attacks on corporate data.

The report is largely an amalgamation of reports FireHost puts together quarterly, and is available from its website.

Add Your Comments

  • (will not be published)