Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

FireHost Reveals Web Application Attack Report For The First Quarter of 2012

April 2012 by FireHost

FireHost has today revealed details about type and origin of web attacks that it has successfully blocked from causing harm to clients’ web applications and databases hosted at its secure US and European data centres during Q1 2012.

A total of 19 million attacks were blocked for its clients who stretch across more than 25 countries during this three month period. The majority of attacks FireHost blocked in the first calendar quarter of 2012 originated in the United States (15 million / 80%), followed by Southern Asia and all of Europe battling for second rank with 1.4 million (7%) and 1.3 million (7%) respectively.

One subset of all the attack types FireHost helps prevent is particularly nasty and dense. This includes Cross-site Scripting (XSS), Directory Traversals, Cross-site Request Forgery (CSRF), and SQL Injections and has been dubbed by FireHost as the “Superfecta”. This group comprises approximately 20% of all attacks tracked in the last 15 months. “The Superfecta is made up of four specific hack types, and year over year trends reveal that this group continues to get more prevalent with the use of sophisticated and automated tools to remain some of the leading attack vectors for the cybercriminal communities,” said Chris Hinkley, CISSP – a Senior Security Engineer at FireHost. “The tools continue to become more sophisticated, making it much easier to carry out these types of attacks with little or no knowledge, keeping IT managers and SOC engineers on guard.”

Q1 2012
 1 XSS 40% of ‘Superfecta’, primary origin N America 72%, Southern Asia 26%
 2 Directory Traversal 38% of ‘Superfecta’, primary origin N America 87%, Europe/ME 11%
 3 CSRF 12% of ‘Superfecta’, primary origin N America 80%, Europe/ME 8%, South America at 8%
 4 SQL Injection 10% of ‘Superfecta’, primary origin N America 86%, Europe/ME 6%

Trends for the Superfecta of techniques varies significantly from first quarter 2011 and even the overall trend from last year:

Q1 2011 and Total 2011
 XSS 29% of total Q1 11 (#3) and 30% all 2011 (#2)
 Directory Traversal 35% of total Q1 11 (#1) and 24% of all 2011 (#3)
 CSRF 6% of total Q1 11 (#4) and 32% of all 2011 (#1)
 SQL Injection 30% of total Q1 11 (#2) and 14% of all 2011 (#4)

Verizon’s 2012 Data Breach Investigations Report (March 2012)* confirms that 94% of successful threat actions were carried out against servers (point of sale, web application and databases) last year, and web applications were directly correlated with 39% of all data loss for the period. Verizon confirms, “The inherent need for many web applications to be Internet-visible makes them a logical target; the potential to use them as an entry point into a corporate database makes them an attractive one”.

Interestingly, most successful breaches take place against data hosted internally, owned by the victim (organisation) and managed by internal IT staff, according to Verizon. “Organised cybercrime groups carry out most high profile attacks on large companies, sometimes after months or years of planning and waiting. These operations are targeted and rare. Arguably, more substantial risk lies in organisations whose systems are more susceptible to the abundance of automated malicious attacks that can be deployed by one malicious individual and an internet connection,” said Todd Gleason, Director of Technology at FireHost. “Big organisations will always represent trophies for hackers, but most cybercriminals are just out to make money as quickly and with as little hassle as possible. SMBs are ripe for the taking and last quarter alone we [FireHost] prevented 19 million unique attacks from letting that happen.”


* Verizon 2012 Data Breach Investigations Report: http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts