FireHost announced the Q2 2013 Superfecta report, an interesting set of statistic related to attacks against web applications. The Superfecta is a group of four attack types considered by the FireHost Secure cloud hosting company as being the most dangerous for company businesses, to be precise they are Cross-site Scripting (XSS), Directory Traversals, SQL Injections, and Cross-site Request Forgery (CSRF).
Following the definition provided for Superfecta:
FireHost examined more than 24 million cyber attacks observing a meaningful increase for Cross-Site Request Forgery and SQL Injection, the concerning trend is attributable to the large diffusion of automates attack tools. Automated attacks allow attackers conduct various types of offensives on a large scale and in short time, data stealing, malware spreading, DDoS attacks and vulnerability exploiting are activities really easy to conduct also without any particular expertise.
Another concerning data proposed by Q2 2013 Superfecta report is that blended and automated attacks are conducted by criminals that are exploiting cloud service provider networks.
FireHost experts state in the Q2 2013 Superfecta report to have blocked more than 1.2 million attacks in Q2, they highlighted that the smallest percentage increase (0.7 %) in XSS attacks suggests that this type of attack is commonly used in conjunction with other exploits, probably to allow an attacker to gain access to more complex attack vectors.
“Cybercriminals can easily deploy and administer powerful botnets that run on cloud infrastructure,” “Many cloud providers unfortunately don’t adequately validate new customer sign-ups so opening accounts with fake information is quite easy. Once the account is created, APIs can be leveraged to deploy a lot of computing power on fast networks giving a person the ability to create a lot of havoc with minimal effort.” said FireHost founder and CEO Chris Drake.
According many security experts cyber criminals are targeting hosting services to gather information to use in successive attacks. Recently the APWG Global Phishing Survey revealed that hackers are targeting shared virtual servers for various purposes such as bot recruiting and malware distribution, following an excerpt from the study:
“In late 2012 into 2013, we have seen increasing use of tools targeting shared hosting environments, and particularly WordPress, cPanel, and Joomla installations. For example, beginning in late 2012 criminals hacked into server farms to perpetrate extended DDoS attacks against American banks. And in April 2013, a perpetrator launched wide-scale brute force attacks against WordPress installations at hosting providers in order to build a large botnet. Tens of thousands to hundreds of thousands of these shared servers have been cracked by such techniques. Access and use of these boxes is then metered out in the criminal underground for all sorts of activities, including DDoS, malware distribution, and of course, phishing. These attacks highlight the vulnerability of hosting providers and software, exploit weak password management, and provide plenty of reason to worry.”
Cybercriminals are also enumerating target workstation clients to identify software VPN connections to shared services platforms and accordingly, taking over workstations to gain access into cloud environments.
Following the Key statistics for the Q2 2013 Superfecta report include:
(Security Affairs – Firehost Q2 2013 Superfecta report, cybercrime)