Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

7/24/2012
01:24 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Q2 2012 FireHost Web Application Attack Report Shows Sharp Rise In SQL Injections

From April to June 2012, the Web applications, databases, and websites of FireHost’s customers were protected from a total of 17 million cyberattacks

London, UK – July 24, 2012 – Secure cloud hosting company, FireHost, has today revealed the latest statistical analysis of attacks successfully blocked by its servers located at data centers in the US and Europe. During the period of April to June 2012, the web applications, databases and websites of FireHost’s customers – spread across 33 countries worldwide – were protected from a total of 17 million cyber attacks, of which more than two million were categorized as the most serious kind of attack, and among FireHost’s ‘Superfecta’.

The Superfecta is a group of four attack types considered by FireHost as being the most malicious and dangerous – they are Cross-site Scripting (XSS), Directory Traversals, SQL Injections, and Cross-site Request Forgery (CSRF). One of the most significant changes in attack traffic seen by FireHost between Q1 and Q2 2012 was a 69% increase in SQL Injection attacks. Rising from 277,770 blocked attacks in the first quarter, to 469,983 between April and June, this type of attack is frequently cited as an attack vector of choice for data thieves.

In simple terms, SQL Injection involves the entering of malicious commands into URLs and text fields on websites that happen to be vulnerable, usually in an attempt to steal the contents of databases storing valuable data such as credit card details or usernames and passwords. The attack vector has been associated with many high profile data breaches, most famously Sony in 2011 and, more recently, it is suspected to be the method used by hackers to steal passwords from LinkedIn, eHarmony and Yahoo!.

“Many, many sites have lost customer data in this way,” said Chris Hinkley, CISSP – a Senior Security Engineer at FireHost. “SQL Injection attacks are often automated and many website owners may be blissfully unaware that their data could actively be at risk. These attacks can be detected and businesses should be taking basic and blanket steps to block attempted SQL Injection, as well as the other types of attacks we frequently see.”

Similarly to Q1 2012, the majority of attacks FireHost blocked during the second calendar quarter of 2012 originated in the United States (14 million / 83%). Southern Asia came in second with 8%, while Europe was in third, as the origin of 6% of malicious attack traffic seen by FireHost.

As a result of the recent and high profile data breach incidents, more businesses are now familiar with the malice of cyber-attacks. FireHost warns them not to underestimate the scale at which automated attacks are launched by hackers on the poorly protected web pages of businesses of all sizes.

“One thing we can always expect is for the security threat landscape to change quickly and be very fluid. With so many moving parts, hosters and service providers need to ensure that transparency is a core element of their security strategy," said Philbert Shih, managing director of Structure Research. "Companies that are able to provide real time customer data that can speak to market threats not only do right by their customers but contribute to the research community's knowledge and understanding. Spotting a rise in SQL Injection hack attempts, for instance, is not something to overlook and should be seen as a warning to all who monitor this space."

“Some of the data theft incidents that are reported in the media are precisely targeted, but a more substantial risk to most comes from an abundance of automated, malicious bots that attack websites in a more random fashion,” said Todd Gleason, Director of Technology at FireHost. “Businesses should take readily available and basic steps to block any kind of unwanted traffic from accessing their sites. Mitigating Denial of Service attacks and ensuring web applications are secure can go a long way toward fighting off these random attacks.”

For more information, please visit: http://www.firehost.co.uk

About FireHost FireHost is a secure cloud hosting company focused on protecting sensitive data and companies’ brand reputations with infrastructure built for security, scalability and performance. Customers with specific compliance or performance needs subscribe to FireHost’s PCI, HIPAA or high traffic solutions, including some of the largest companies in the world, as well as many fast growing eCommerce, SaaS and healthcare IT providers. FireHost provides services from Dallas, Phoenix, London and Amsterdam.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
The Data-Centric Path to Zero Trust
Altaz Valani, Director of Insights Research, Security Compass,  1/13/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7343
PUBLISHED: 2021-01-18
Missing Authorization vulnerability in McAfee Agent (MA) for Windows prior to 5.7.1 allows local users to block McAfee product updates by manipulating a directory used by MA for temporary files. The product would continue to function with out-of-date detection files.
CVE-2020-28476
PUBLISHED: 2021-01-18
All versions of package tornado are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configura...
CVE-2020-28473
PUBLISHED: 2021-01-18
The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with defa...
CVE-2021-25173
PUBLISHED: 2021-01-18
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation with excessive size vulnerability exists when reading malformed DGN files, which allows attackers to cause a crash, potentially enabling denial of service (crash, exit, or restart).
CVE-2021-25174
PUBLISHED: 2021-01-18
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vulnerability exists when reading malformed DGN files. It can allow attackers to cause a crash, potentially enabling denial of service (Crash, Exit, or Restart).