FireHost says it protected customers from 19 million attacks in the first quarter

FireHost Report Finds 80 Percent of Web Application Attacks Originate in the US

Add Your Comments

Cloud hosting provider FireHost blocked a total of 19 million attacks for its clients in Q1 2012, according to a report released on Tuesday.

According to a press release, FireHost collected data about the type and origin of web attacks that it successfully blocked from harming clients’ web applications and databases hosted at its US and European data centers last quarter.

The attacks originated from more than 25 countries, with 15 million attacks coming from the US. South Asia and Europe accounted for 7 1.4 million and 1.3 million attacks respectively.

This report comes a month after FireHost began offering services out of a data center in Phoenix to give customers the choice of hosting their data between Phoenix, London and Dallas.

Recently, more security providers have been bolstering their offerings to include web application firewall services. In February 2012, Trustwave launched managed security services, including a new managed web application firewall. Also in February, Alert Logic acquired Armorlogic to increase the effectiveness of deploying WAF solutions.

Web application attacks are among the most common threats facing infrastructure in hosted and cloud environments, and a recent report by Verizon finds that web applications were directly correlated with 39 percent of all data loss last year.

In the report, FireHost identified one subset of the attack types it helps prevent as particularly dense. Dubbed the Superfecta, the group includes cross-site scripting, directory traversals, cross-site request forgery, and SQL injections. This attack group comprises 20 percent of all attacks tracked in the last 15 months.

“The Superfecta is made up of four specific hack types, and year over year trends reveal that this group continues to get more prevalent with the use of sophisticated and automated tools to remain some of the leading attack vectors for the cybercriminal communities,” Chris Hinkley, FireHost senior security engineer said in a statement. “The tools continue to become more sophisticated, making it much easier to carry out these types of attacks with little or no knowledge keeping IT managers and SOC engineers on guard.”

Cross-site scripting accounted for 40 percent of attacks in Q1 2012, up from 29 percent in Q1 2011. Directory traversal attacks increased by three percent from first quarter last year, cross-site request forgery doubled in that same time period, and SQL injections increased 20 percent.

“Organized cybercrime groups carry out most high profile attacks on large companies, sometimes after months or years of planning and waiting. These operations are targeted and rare,” Todd Gleason, director of technology at FireHost said in a statement. “Arguably, more substantial risk lies in organizations whose systems are more susceptible to the abundance of automated malicious attacks that can be deployed by one malicious individual and an internet connection. Big organizations will always represent trophies for hackers, but most cybercriminals are just out to make money as quickly and with as little hassle as possible. SMBs are ripe for the taking and last quarter alone we prevented 19 million unique attacks from letting that happen.”

Talk back: Are these statistics similar to what you have noticed in preventing your customers from being attacked? What are the consistencies or inconsistencies in the numbers from what you are experiencing? Let us know in the comment section.

About the Author

Nicole Henderson is the Editor in Chief of the WHIR, where she covers daily news and features online. She has a bachelor of journalism from Ryerson University in Toronto. You can find her on Twitter @NicoleHenderson.

Add Your Comments

  • (will not be published)