Cross-site attacks are part of FireHost's 'Superfecta' group, which represents the most threatening attacks

FireHost Report Finds Cross-Site Attacks Trump SQL Injections in Q3 2012

Add Your Comments

Cross-site attacks have increased significantly between Q2 and Q3 2012, a report released on Monday by FireHost finds. Cross-site attacks are part of FireHost’s ‘Superfecta’ group, which represents the most threatening attacks.

Specifically, cross-site scripting (XSS) and cross-site request forgery attacks (CSRF) rose to represent 64 percent of the ‘Superfecta’ attack group in Q3, an increase of 28 percent. Last quarter, SQL injections, also part of the Superfecta attack group, were in the lead. Now, XSS is the most common attack type in the Superfecta, with CSRF now in second.

According to FireHost, its servers blocked more than one million XSS attacks during this period alone, up 69 percent from Q2.

The quarterly web application attack report provides statistical analysis of the 15 million attacks blocked by FireHost servers in the US and Europe during Q3 2012. FireHost has based its business around providing secure hosting services, most recently attaining the HITRUST CSF certification.

XSS attacks involve a web application gathering malicious data from a user via a trusted site, while CSRF attacks exploit the trust that a site has for a particular user instead, FireHost says.

FireHost says the severity of these attacks depends on the sensitivity of the data handled by the vulnerable site – which can range from personal details on social networks to sensitive financial information.

“Cross-site attacks are a severe threat to business operations, especially if servers aren’t properly prepared,” Chris Hinkley, CISSP, senior security engineer at FireHost said in a statement. “It’s vital that any site dealing with confidential or private user data takes the necessary precautions to ensure applications remain protected. Locating and fixing any website vulnerabilities and flaws is a key step in ensuring your business and your customers, don’t fall victim to an attack of this nature. The consequences of which can be significant, in terms of both financial and reputational damage.”

Almost three-quarters of the attacks FireHost blocked during Q3 originated in the US. Europe is the second most likely origin of malicious traffic, accounting for 17 percent of the total.

Talk back: Do any of these trends ring true with your customers? Let us know in a comment.

Add Your Comments

  • (will not be published)