Huge rise in cross-site scripting attacks

By Graeme Burton
29 Jan 2013 View Comments
bouncer-security

Cloud hosting company FireHost has claimed that cross-site scripting attacks increased by an estimated 160 per cent in the final quarter of 2012.

The company claims that it has detected a spike in what it calls a "superfecta" of attempted attacks - cross-site scripting, directory traversal, SQL injection, and cross-site request forgery - in recent months.

Further reading

Three out of four of these attacks increased in number in the fourth quarter, with only cross-site request forgery attacks exhibiting a drop in volume. However, the large increase in cross-site scripting attacks, which rose from just over one million in the third quarter to 2.6 million in the fourth now accounts for 57 per cent of the "superfecta".

Cross-site scripting attacks involve the insertion of malicious code into webpages in order to manipulate website visitors. It is used by attackers for a range of purposes, from simply interfering with websites to launching full-scale phishing attacks against web users.

"The change in frequency of the types of attack between quarters gives you an idea of how cybercriminals are constantly working to identify the path of least resistance," said Chris Hinkley, a senior security engineer at FireHost.

He continued: "During the fourth quarter, e-commerce sites in particular would have been very busy with Christmas sales. Hackers will rapidly go after these high-value targets with attacks that are highly automated and, if they are not yielding useful payloads, the attackers are equipped to quickly try a different type of attack.

"This is why it is important to have an understanding of the kind of traffic that is accessing your hosted infrastructure, so that you can make sure that malicious traffic is diverted and that there is less risk to sensitive data," he concluded.

Other research, meanwhile, carried out by software vendor Varonis, claimed that 48 per cent of organisations either reported or suspected unauthorised access to files on virtualised servers. The study, conducted at VMworld conferences, suggested that while 60 per cent of companies were careful to set permissions governing access to files, 70 per cent had little or no auditing in place to ensure that their security policies were working.

Indeed, one-fifth of big organisations admitted to having no file logging capabilities in place at all.

"We have found that, after a workload is virtualised, the actual details of managing file permissions and monitoring access is considered to be automatically ‘taken care of'. It is also quite possible that the teams managing virtualisation projects see file security and governance as outside their discipline. The security team may have no visibility of what is happening," said David Gibson, vice-president of strategy at Varonis.

Reader comments
blog comments powered by Disqus
Newsletters
Is it time to open Windows?

Computing believes that Microsoft will start offering Windows free of charge by 2017. Is this a good thing for the enterprise?

55 %
16 %
7 %
19 %
3 %