Steady rise in complex web attacks in 2013

News by Steve Gold

The actions of just a few gangs can signal a big shift in the industry as a whole - and strangely - the Target breach may have reduced activity by some players.

Cloud infrastructure firm FireHost says it blocked more than 100 million malicious hacking attempts in 2013 - many of them featuring complex SQL injection attacks and originating from cloud service provider resources. 

The firm has just published the 2013 year in review `Superfecta' attack report and it cites cross-site scripting (CSS) and SQL injection as the most popular types of attack. It also suggests that major security incidents actually are reducing the volume of attacks on corporate web applications in the short term. 

While the CSS attack vector was the most common form of attack in 2013, the report says that SQL injection attacks increased substantially in the first three quarters of the year.

Chris Drake, FireHost's CEO and founder, says that the cloud has become a popular launch-pad for attacks, as cyber-criminals can easily deploy and administer powerful botnets that run on cloud infrastructure.

"Unfortunately, many cloud providers don't adequately validate new customer sign-ups so opening accounts with fake information is quite easy," he said.

FireHost says that it has seen a positive ‘blackholing' side effect, whereby its filters have over time helped to hide its customers' IP addresses from would-be hackers, by making them resemble darknet/honeypot space. No attacker, adds the firm, wants to be detected by connecting to darknets and will take extra care to avoid them. 

Interestingly, Tom Byrnes, CEO of ThreatSTOP – the technology that the FireHost platform is built on - believes that a decreased number of attacks blocked by FireHost during Q4 of 2013 could be down due to the widely publicised Target data breach. 

“The Target data breach was monumental and it's no surprise that it had an impact on FireHost's attack data. There are only a few hundred criminal gangs worldwide running this kind of cybercrime operation so the actions of just a few can signal a big shift in the industry as a whole," he said,

 "We certainly saw this in the build-up to the Christmas period and the Target attack. During this time, smart hackers may have ignored FireHost's servers completely and focussed all their efforts on obtaining consumer data during the busy online retail season. Others would simply have been too busy running up charges on Target customers' credit cards to bother with doing anything else," he added.

Commenting on FireHost's latest report, Rob Bamforth, a security analyst with Quocirca, said that the SQL injection vector increase seems to have been happened whilst other vectors of attack have decreased. 

"To me, this indicates that cyber-criminals are becoming more professional," he said, adding that it is clear that corporates must patch against CSS and SQL injection attacks, even though many IT departments view such activities as quite lowly when compared to the glitz of protecting against APT and other more popular attack vectors. 

"The problem with this most mundane type of patching is that it needs to be completed correctly," he noted. 

Sarb Sembhi, analyst and director of client services with Incoming Thought, another business and research analysis house, said the increase in attack volumes begs the question as to whether there are more people involved with cyber-crime, or have existing cyber-criminals - as Bamforth suggests - become more sophisticated. 

"The question I would ask is whether it is the tools or the cyber-criminals that are getting better. My observations suggest that the bar for cyber-crime is clearly going down, as the technologies involved become a lot simpler," he said.

"What we – as an industry - have not learned, however, is to meet the need to make the security defences to protect against these attacks just as simple to use," he added.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews