FireHost Report Shows Cybercriminals Are Using the Cloud to Deploy Attacks

Add Your Comments

Cloud hosting provider FireHost announced on Tuesday it has published its Q2 2013 Web application attack statistics, which form part of FireHost’s quarterly Superfecta report.

These statistics track the prevalence of four different kinds of cyberattacks that are believed to cause the most serious threats to businesses, comprising CSRF, XSS, SQL Injection and Directory Traversal.

The report comes the same week of a report by the NASA Office of Inspector General which shows that NASA has overlooked critical security measures and procedures in its implementation of public cloud.

Detailing almost 24 million cyberattacks, FireHost has seen a large percentage rise in the number of common web attacks such as SQL Injection and Cross-Site Request Forgery.

FireHost attributes the increase to ease of automation, which lets hackers combine these techniques to quickly steal data, install malware on servers, assimilate new botnet zombies or take down a site.

Compared with Q1 2013, the volume of Cross-Site Request Forgery attacks increased by 16 percent while SQL Injection attacks, which have increased in each of the last five quarters, saw another 28 percent hike in Q2 2013.

Cross-site Scripting continues to be the most prevalent attack type with more than 1.2 million attacks being blocked this quarter.

The small percentage increase in this type of attack suggests that XSS, when used in combination with other exploits, enables cybercriminals to gain access to more complex, higher reward attack vectors.

Perhaps more disconcerting is that these blended, automated attacks are being used increasingly from within cloud service provider networks.

“Cybercriminals can easily deploy and administer powerful botnets that run on cloud infrastructure,” said FireHost founder and CEO Chris Drake. “Unfortunately, many cloud providers don’t adequately validate new customer sign-ups so opening accounts with fake information is quite easy. Once the account is created, application programming interfaces can be leveraged to deploy a lot of computing power on fast networks, giving a person the ability to create substantial havoc with minimal effort.”

Since the start of 2013, FireHost customers have been protected by an IP Reputation Management system, and in the second quarter of 2013, the IPRM system filtered about 10 million instances of illegitimate traffic.

About 1.3 million unique attackers have been blocked to date in 2013, which averages out to 138,000 attacks per day.

FireHost blocked a total number of 23,926,025 attack types in Q2 2013, which includes low level attacks that are automatically blocked by FireHost’s IP Reputation Management “IPRM” filters.

Meanwhile, Superfecta attacks increased by six percent during the quarter with a total number of 3,643,620 blocked in Q2 2013 — an increase from 3,410,212 in Q1 2013.

SQL Injections represent 18 percent of all Superfecta attacks, and CSRF attacks represent 26 percent of the Superfecta total. Both of these attacks have grown in volume since Q1 2013.

Last month, FireHost raised a $12 million Series D funding round led by investment partner The Stephens Group to extend FireHost’s secure cloud solutions.

A FireHost report published earlier this year reported that over 64 million malicious cyberattacks were blocked by its servers in the US and Europe in 2012, and that cross-site scripting attacks were the most prevalent attack type in 2012.

Add Your Comments

  • (will not be published)