Connect with us

Hi, what are you looking for?



Cross-Site Attacks Rise to The Top In Q3, Says FireHost

Report Shows Notable Increase in Cross-Site Attacks In Q3 2012

FireHost, a Dallas, Texas-based secure cloud hosting company, today revealed the findings of its latest web application attack report for the third quarter of 2012.

Report Shows Notable Increase in Cross-Site Attacks In Q3 2012

FireHost, a Dallas, Texas-based secure cloud hosting company, today revealed the findings of its latest web application attack report for the third quarter of 2012.

XSS Vulnerabilities in Hotmail

FireHost’s report was compiled after analyzing 15 million attacks against its servers in both the US and Europe during Q3 2012. The report focuses on attacks against the web applications, databases and Websites of FireHost’s customers, and classifies the attacks into four major types: Cross-site Scripting (XSS), Directory Traversals, SQL Injections, and Cross-site Request Forgery (CSRF).

According to FireHost, one of the most notable changes in attack traffic during the quarter was a significant rise in the number of cross-site attacks, in particular XSS and CSRF attacks. By FireHost’s numbers, XSS and CSRF attacks rose to represent 64 percent of the group in the third quarter (a 28 percent increased penetration).

FireHost now says that XSS is the most common attack type, with CSRF now in second. FireHost’s servers blocked more than one million XSS attacks during this period alone, a figure that rose 69 percent from attacks it saw in Q2. The XSS and CSRF attacks took the top attack spot away from SQLi attackes, which FireHost saw as the number one attack during Q2 2012.

“Cross-site attacks are dependent upon the trust developed between site and user,” FireHost explains. “XSS attacks involve a web application gathering data from a user via a trusted site (often coming in the form of a hyperlink containing malicious content), whereas CSRF attacks exploit the trust that a site has for a particular user instead. These malicious security exploits can also be used to steal sensitive information such as user names, passwords and credit card details — without the site or user’s knowledge.”

Web site security aside, XSS and CSRF also have privacy implications.

Jeremiah Grossman, Founder and CTO at WhiteHat Security, and a noted expert in XSS and other Web-based attacks, has provided some interesting examples on how these types of attacks can be used to learn what other websites a visiting Web browser may be logged in to, or even ascertain a Web visitor’s full name, where they work, and even their work email address.

Advertisement. Scroll to continue reading.

The severity of these attacks is dependent on the sensitivity of the data handled by the vulnerable site and this ranges from personal data found on social networking sites, to the financial and confidential details entered on ecommerce sites amongst others, FireHost said.

Last month, Microsoft and Google Chrome both ran extensive patches targeted at securing XSS flaws.

“Cross-site attacks are a severe threat to business operations, especially if servers aren’t properly prepared,” said Chris Hinkley, a Senior Security Engineer at FireHost and a SecurityWeek columnist. “It’s vital that any site dealing with confidential or private user data takes the necessary precautions to ensure applications remain protected. Locating and fixing any website vulnerabilities and flaws is a key step in ensuring your business and your customers, don’t fall victim to an attack of this nature. The consequences of which can be significant, in terms of both financial and reputational damage.”

Geographically, FireHost noted that the majority (74 percent) of attacks it blocked during the quarter originated in the United States. “There has however, been a great shift in the number of attacks originating from Europe this quarter, as 17 percent of all malicious attack traffic seen by FireHost came from this region. Europe overtook Southern Asia (which was responsible for 6 percent), to become the second most likely origin of malicious traffic,” FireHost said in statement.

In addition to cross-site attacks, other popular attack types including, SQL Injection and Directory Transversal, still remain a significant threat despite a slight reduction in frequency this quarter, the company said.

FireHost warns that Ecommerce businesses should take note and be aware of these Web security risks, especially as the holiday shopping season kicks off. “You’d better believe that hackers will try and take advantage of any surges in holiday shopping,” said Todd Gleason, Director of Technology at FireHost. “They will be devising a number of ways they can take advantage of any web application vulnerabilities and will use an assortment of different attack types and techniques to do so.”

In his most recent SecurityWeek column, Chris Hinkley also warned of the security issues surrounding mobile payment technology as the holiday shopping season ramps up. “In order to fully protect the personal information your customers enter for mobile payments, their data needs to get as far away from their phones as possible the instant it’s entered,” Hinkley wrote.

FireHost, which just raised another $10 Million last month, has a diverse group of customers, ranging from start-ups to Fortune 50 companies. The company’s customer list includes companies such as 3M, Farmers Insurance, Johns Hopkins University, ArcSight by HP, and Hamilton Beach. 

Related: Recently-Patched HTML Sanitization Flaw Linked to Hotmail XSS Vulnerability

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.