Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

XSS Attacks Spike In Q4 2012: FireHost

Hosting Provider Says Cross-Site Scripting Attacks Jumped 160 Percent in Q4 2012

Hosting Provider Says Cross-Site Scripting Attacks Jumped 160 Percent in Q4 2012

Secure cloud hosting company, FireHost, released its Q4 2012 Web application attack statistics on Tuesday, detailing the type and number of attacks hitting its servers in the U.S. and Europe between October and December 2012.

Throughout 2012, FireHost said that it blocked over 64 million malicious cyberattacks, with Cross-Site Scripting (XSS) leading the way in terms of attack types.

Each quarter FireHost reports on what the hosting company calls “The Superfecta”, four of the most dangerous cyberattacks including Cross-site Scripting, Directory Traversal, SQL Injection (SQLi), and Cross-site Request Forgery (CSRF).

Cross-Site Scripting and SQL Injection attacks have become even more prevalent since the third quarter of 2012, FireHost said.

“Three out of the four Superfecta attack types rose in total count between Q3 and Q4 2012 – only Cross-site Request Forgery attacks saw a drop in volume,” FireHost explained. “However, the large increase in Cross-Site Scripting attacks, which rose from just over one million in Q3 2012 to 2.6 million in Q4, – an increase of more than 160 percent – seemingly dwarfs the other three attack types with 57 percent of the Superfecta.”

“The change in frequency of the types of attack between quarters gives you an idea of how cybercriminals are constantly working to identify the path of least resistance,” said Chris Hinkley, CISSP – a senior security engineer at FireHost. “During Q4, ecommerce sites in particular would have been very busy with Christmas sales. Hackers will rapidly go after these high value targets with attacks that are highly automated and, if they are not yielding useful payloads, the attackers are equipped to quickly try a different type of attack.”

“Cross-site attacks are dangerous because of what they do, but also because the three distinct types of each strike from different angles,” Hinkley noted in a recent SecurityWeek column. “Cross-site scripting (CSS) can either be persistent or reflected, and cross-site request forgery rounds out this set of evil triplets that’s wreaking havoc in escalating numbers.”

“Cross-site scripting is harmful in either of its two forms, but persistent cross-site scripting packs slightly more poison due to its widespread reach,” Hinkley explained. “An example of persistent cross-site scripting would be when an attacker posts a comment to a blog that would include a malicious JavaScript payload – essentially embedding it in that page.”

Continuing the trend of Q3 2012, Europe appeared to be the second most likely origin point for malicious traffic blocked by FireHost after North America, which appeared to be the source of 13 percent of attacks. Other regions, FireHost said, saw notable increases in the amount of attacks that are emanating from them, including Africa, Australia, and the Middle East. Malicious traffic from South and Central America were dropped between Q3 and Q4 2012, the company said.

“The escalating increase of XSS attacks in Q4 does not surprise me – any teenager with a web application scanner can initiate these attacks in their free time,” security consultant and famous former hacker Kevin Mitnick said in a statement.

The risks to businesses from the Superfecta varies and depends upon the kind of data that could be stolen in the event of a successful attack, according to Todd Gleason, director of technology at FireHost.

“Itʼs fairly obvious that, if you are a retailer or service provider dealing with private customer data or payment card details, your business will present an attractive target for hackers,” Gleason warned. “That being said, we also see attacks that have the potential to simply deface or interfere with and disrupt websites and applications. Even though no data is lost, the reputation of a company can still be seriously damaged.”

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

A new report finds that barely 1% of all SBOMs being generated today meets the “minimum elements” defined by the U.S. government.

Application Security

A security vulnerability identified on AliExpress, the wholesale marketplace owned by the Chinese e-commerce giant Alibaba, could have been exploited by hackers to hijack...

Application Security

Application security startup ArmorCode today announced that it has received $8 million in additional seed funding, which brings the total raised by the company...