Web application attack report from FireHost

Secure cloud hosting company, FireHost, has revealed details about type and origin of web attacks that it has blocked from causing harm to clients’ web applications and databases hosted at its secure US and European data centers during Q1 2012.

A total of 19 million attacks were blocked for its clients who stretch across more than 25 countries during this three month period. The majority of attacks originated in the United States (15 million / 80 percent), followed by Southern Asia and all of Europe battling for second rank with 1.4 million (7 percent) and 1.3 million (7 percent) respectively.

One subset of all the attack types is particularly nasty and dense. This includes Cross-site Scripting (XSS), Directory Traversals, Cross-site Request Forgery (CSRF), and SQL Injections and has been dubbed by FireHost as the “Superfecta”. This group comprises approximately 20 percent of all attacks tracked in the last 15 months.

“The Superfecta is made up of four specific hack types, and year over year trends reveal that this group continues to get more prevalent with the use of sophisticated and automated tools to remain some of the leading attack vectors for the cybercriminal communities,” said Chris Hinkley, CISSP – a Senior Security Engineer at FireHost. “The tools continue to become more sophisticated, making it much easier to carry out these types of attacks with little or no knowledge keeping IT managers and SOC engineers on guard.”

Trends for these techniques varies significantly from first quarter 2011 and even the overall trend from last year:

Verizon’s 2012 Data Breach Investigations Report confirms that 94 percent of successful threat actions were carried out against servers (point of sale, web application and databases) last year, and web applications were directly correlated with 39 percent of all data loss for the period.

“The inherent need for many web applications to be Internet-visible makes them a logical target; the potential to use them as an entry point into a corporate database makes them an attractive one,” the company points out.

Interestingly, most successful breaches take place against data hosted internally, owned by the victim (organization) and managed by internal IT staff, according to Verizon.

“Organized cybercrime groups carry out most high profile attacks on large companies, sometimes after months or years of planning and waiting. These operations are targeted and rare. Arguably, more substantial risk lies in organisations whose systems are more susceptible to the abundance of automated malicious attacks that can be deployed by one malicious individual and an internet connection,” said Todd Gleason, Director of Technology at FireHost. “Big organizations will always represent trophies for hackers, but most cybercriminals are just out to make money as quickly and with as little hassle as possible.”