XSS remains the most frequently attacked flaw

News by SC Staff

The third quarter of 2012 showed another increase in attacks against cross-site scripting (XSS) flaws.

The third quarter of 2012 showed another increase in attacks against cross-site scripting (XSS) flaws.

Analysis of 15 million cyber attacks by FireHost users found XSS, directory traversals, SQL injections, and cross-site request forgery (CSRF) attacks to be the most serious and frequent and are part of FireHost's 'Superfecta' group. In Q3 of 2012, XSS and CSRF represented 64 per cent of attacks in this group.

The report claimed that XSS is now the most common attack type, with more than one million XSS attacks blocked during this period alone, a rise from 603,016 separate attacks in Q2 to 1,018,817 in Q3. There were 843,517 CSRF attacks reported.

Chris Hinkley, senior security engineer at FireHost, said: “XSS attacks are a severe threat to business operations, especially if servers aren't properly prepared. It's vital that any site dealing with confidential or private user data takes the necessary precautions to ensure applications remain protected.

“Locating and fixing any website vulnerabilities and flaws is a key step in ensuring your business and your customers, don't fall victim to an attack of this nature. The consequences of which can be significant, in terms of both financial and reputational damage.”

As with the second quarter of 2012, the majority of attacks that FireHost blocked during Q3 2012 originated in the United States. However, this quarter saw a shift in the number of attacks originating from Europe, with 17 per cent of all malicious attack traffic seen by FireHost coming from this region. Europe overtook Southern Asia (which was responsible for six per cent), to become the second most likely origin of malicious traffic. The US was responsible for 74 per cent, or 11 million attacks.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming event 

Webcast: Understanding this year's biggest adversaries - and how to combat them 

Nation-state activity, versatile, slippery strategies and Big Game Hunting - the threats are real, dangerous and ever changing. 
Brought to you in partnership with Crowdstrike