Security Experts:

Cross-Site Attacks Rise to The Top In Q3, Says FireHost

Report Shows Notable Increase in Cross-Site Attacks In Q3 2012

FireHost, a Dallas, Texas-based secure cloud hosting company, today revealed the findings of its latest web application attack report for the third quarter of 2012.

XSS Vulnerabilities in Hotmail

FireHost’s report was compiled after analyzing 15 million attacks against its servers in both the US and Europe during Q3 2012. The report focuses on attacks against the web applications, databases and Websites of FireHost's customers, and classifies the attacks into four major types: Cross-site Scripting (XSS), Directory Traversals, SQL Injections, and Cross-site Request Forgery (CSRF).

According to FireHost, one of the most notable changes in attack traffic during the quarter was a significant rise in the number of cross-site attacks, in particular XSS and CSRF attacks. By FireHost’s numbers, XSS and CSRF attacks rose to represent 64 percent of the group in the third quarter (a 28 percent increased penetration).

FireHost now says that XSS is the most common attack type, with CSRF now in second. FireHost's servers blocked more than one million XSS attacks during this period alone, a figure that rose 69 percent from attacks it saw in Q2. The XSS and CSRF attacks took the top attack spot away from SQLi attackes, which FireHost saw as the number one attack during Q2 2012.

“Cross-site attacks are dependent upon the trust developed between site and user,” FireHost explains. “XSS attacks involve a web application gathering data from a user via a trusted site (often coming in the form of a hyperlink containing malicious content), whereas CSRF attacks exploit the trust that a site has for a particular user instead. These malicious security exploits can also be used to steal sensitive information such as user names, passwords and credit card details -- without the site or user's knowledge.”

Web site security aside, XSS and CSRF also have privacy implications.

Jeremiah Grossman, Founder and CTO at WhiteHat Security, and a noted expert in XSS and other Web-based attacks, has provided some interesting examples on how these types of attacks can be used to learn what other websites a visiting Web browser may be logged in to, or even ascertain a Web visitor’s full name, where they work, and even their work email address.

The severity of these attacks is dependent on the sensitivity of the data handled by the vulnerable site and this ranges from personal data found on social networking sites, to the financial and confidential details entered on ecommerce sites amongst others, FireHost said.

Last month, Microsoft and Google Chrome both ran extensive patches targeted at securing XSS flaws.

"Cross-site attacks are a severe threat to business operations, especially if servers aren't properly prepared," said Chris Hinkley, a Senior Security Engineer at FireHost and a SecurityWeek columnist. "It's vital that any site dealing with confidential or private user data takes the necessary precautions to ensure applications remain protected. Locating and fixing any website vulnerabilities and flaws is a key step in ensuring your business and your customers, don't fall victim to an attack of this nature. The consequences of which can be significant, in terms of both financial and reputational damage."

Geographically, FireHost noted that the majority (74 percent) of attacks it blocked during the quarter originated in the United States. “There has however, been a great shift in the number of attacks originating from Europe this quarter, as 17 percent of all malicious attack traffic seen by FireHost came from this region. Europe overtook Southern Asia (which was responsible for 6 percent), to become the second most likely origin of malicious traffic,” FireHost said in statement.

In addition to cross-site attacks, other popular attack types including, SQL Injection and Directory Transversal, still remain a significant threat despite a slight reduction in frequency this quarter, the company said.

FireHost warns that Ecommerce businesses should take note and be aware of these Web security risks, especially as the holiday shopping season kicks off. "You'd better believe that hackers will try and take advantage of any surges in holiday shopping,” said Todd Gleason, Director of Technology at FireHost. “They will be devising a number of ways they can take advantage of any web application vulnerabilities and will use an assortment of different attack types and techniques to do so.”

In his most recent SecurityWeek column, Chris Hinkley also warned of the security issues surrounding mobile payment technology as the holiday shopping season ramps up. “In order to fully protect the personal information your customers enter for mobile payments, their data needs to get as far away from their phones as possible the instant it’s entered,” Hinkley wrote.

FireHost, which just raised another $10 Million last month, has a diverse group of customers, ranging from start-ups to Fortune 50 companies. The company’s customer list includes companies such as 3M, Farmers Insurance, Johns Hopkins University, ArcSight by HP, and Hamilton Beach. 

Related: Recently-Patched HTML Sanitization Flaw Linked to Hotmail XSS Vulnerability