Use of cross-site scripting attacks massively increased at end of 2012

News by SC Staff

Cross-site scripting (XSS) and SQL injection attacks remain the most prominent cyber attack method.

Cross-site scripting (XSS) and SQL injection attacks remain the most prominent cyber attack method.

Blocking over 64 million cyber attacks, FireHost's Q4 2012 web application threat statistics show that between October and December 2012 in the US and Europe, three of the main four attack types rose in volume.

The company said that XSS attacks rose from just over one million in Q3 2012 to 2.6 million in Q4 – an increase of more than 160 per cent. The number of SQL injection attacks remained the same, with 12 per cent of attacks using this technique, while there was a remarkable drop in the amount of cross-site request forgery (down from 29 per cent to 16 per cent) and directory traversal (down from 24 per cent to 15 per cent).

Chris Hinkley, senior security engineer at FireHost, said: “The change in frequency of the types of attack between quarters gives you an idea of how cyber criminals are constantly working to identify the path of least resistance.

“During Q4, ecommerce sites in particular would have been very busy with Christmas sales. Hackers will rapidly go after these high value targets with attacks that are highly automated and, if they are not yielding useful payloads, the attackers are equipped to quickly try a different type of attack. This is why it is important to have an understanding of the kind of traffic that is accessing your hosted infrastructure, so that you can make sure that malicious traffic is diverted and that there is less risk to sensitive data.”

Author and security consultant Kevin Mitnick said: “The escalating increase of XSS attacks in Q4 does not surprise me, any teenager with a web application scanner can initiate these attacks in their free time. This increase does show, however, that when your servers are plugged in they are going to be probed – likely within several minutes or so – and that it's really important to work with a hosting provider (such as FireHost) who can exercise due diligence on your behalf and keep you from being compromised.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews