This article was published on October 22, 2012

Hackers have a new favorite attack vector: Cross-site scripting up 69%


Hackers have a new favorite attack vector: Cross-site scripting up 69%

Cross-site Scripting (XSS) attacks are becoming more and more popular amongst hackers. Between Q2 2012 and Q3 2012, the attack type has increased by an estimated 69 percent, according to secure cloud hosting company FireHost.

The UK firm blocks various types of attacks that are attempting to harm its clients’ databases, Web applications, and Web sites hosted at its US and European data centres. Last quarter, the company blocked 15 million cyberattacks, and that’s exactly what its statistical analysis is based on. The report looks at attacks between July and September, paying particular attention to four attack types which it considers as being the most malicious and dangerous: Cross-site Scripting (XSS), cross-site Request Forgery (CSRF), Directory Traversals, and SQL Injections.

Here’s how FireHost categorises the two types of attacks:

XSS attacks involve a web application gathering malicious data from a user via a trusted site (often coming in the form of a hyperlink containing malicious content), whereas CSRF attacks exploit the trust that a site has for a particular user instead. These malicious security exploits can also be used to steal sensitive information such as user names, passwords and credit card details – without the site or user’s knowledge. The severity of these attacks is dependent on the sensitivity of the data handled by the vulnerable site and this ranges from personal data found on social networking sites, to the financial and confidential details entered on ecommerce sites amongst others.

The company says that between the two quarters, there was a considerable rise in XSS and CSRF attacks: they grew to represent 64 percent out of the four in the third quarter (a 28 percent increased penetration). XSS is now the most common attack type in the group; FireHost’s servers blocked 603,016 separate attacks in Q2 and a whopping 1,018,817 in Q3. CSRF attacks reached second place at 843,517.

74 percent of attacks FireHost blocked originated from the US. There was also a great shift in the number of attacks originating from Europe (17 percent) this past quarter, as the continent overtook Southern Asia (6 percent) to become the second most likely origin of malicious traffic.

Where the attack comes from doesn’t matter, however, if you’re the one targeted. Your business needs to protect against XSS attacks, especially if it deals with confidential or private user data that hackers would want to get their hands on. They key is to stay on top of both app and site vulnerabilities to avoid financial losses as well as damage to your brand’s reputation. With the holiday season coming up, ecommerce activity ramps up dramatically, and Firehost expects cyberattacks that target user’s confidential data on such websites will likely also increase as a result.

Image credit: Flavio Takemoto

Get the TNW newsletter

Get the most important tech news in your inbox each week.