SQL Injection and Cross-site Scripting Attacks Surge in Q3

FireHost postulates that the rise in SQL injection attack traffic means the technique is becoming commoditized and therefore poses a greater risk to any businesses with hosted resources
FireHost postulates that the rise in SQL injection attack traffic means the technique is becoming commoditized and therefore poses a greater risk to any businesses with hosted resources

Worryingly, integrated attacks on these applications are becoming more prevalent and automated as well, meaning that businesses should brace for a surge of new activity.

Over the third quarter of 2013, FireHost blocked nearly 32 million attacks. More than half, 54%, were filtered by FireHost’s IPRM system, which dynamically identifies, catalogs and intercepts IP addresses that originate attacks against web applications. The third quarter represented a 77% increase in the number of filtered attacks over the second quarter of the year, the company said.

In its latest Superfecta report on attempted cyber-attacks that target enterprise web applications, FireHost found that hackers, cybercriminals and malware developers are shifting away from a traditional focus on enterprise infrastructure attacks. Instead, they are identifying and exploiting vulnerable application layer assets. This is only exacerbated as the ongoing enterprise IT shift to cloud architectures exposes more applications to the web.

“The adoption of cloud computing, mobile applications and virtualized enterprise architectures have led to an expansion of applications that are connected to Internet resources,” explained FireHost founder and CEO, Chris Drake, in announcing the results.

Web-based applications are being used aggressively by public, private and non-profit enterprises of all sizes to support the entire spectrum of intra- and inter-organizational activities, he noted, including critical functions that contain plenty of sensitive information, like customer relationship management, supply chain management and human capital management.

“What our latest Superfecta report clearly indicates is that this shift has not gone unnoticed by the hacker community and a whole range of bad actors who are always seeking new attack vectors,” Drake continued. “The immense volume of attempted incursions documented in this latest set of statistics show that web applications are exposed to clear-and-present danger. It is imperative that business leaders react and respond to these threats by bringing a new focus and attention to securing web application resources.”

The rise in SQL injection in particular is a cause for concern as, typically, this attack method has been highly targeted; directed toward a few select high-net targets, being the preserve of only the most skilled hackers. FireHost postulates that the rise in this attack traffic suggests the technique is becoming commoditized and therefore poses a greater risk to any businesses with hosted resources.

According to Jeremiah Grossman, founder and CTO of WhiteHat Security, the hacker community is becoming particularly creative in combining and integrating CRSF, XSS and Directory Traversal attacks to inject code that is designed to penetrate databases that underpin many mission-critical, web-based applications.

“Also troubling is the trend we are seeing to automate these integrated SQL Injection attacks. This particular category of attack has been picking up steam for a while,” he said in the report. “But SQL Injection has traditionally required a significant amount of skill and talent from a programming perspective. This talent-based barrier to entry has helped to keep this form of attack in check. The emergence of automated tools will make this type of attack much more accessible to a broader segment of cybercriminals. This is prompting us to advise our clients to anticipate – and prepare for – a deluge of integrated attacks targeting web-based SQL resources.”

As a consequence, enterprises need to rebalance their security portfolios to address deepening web application vulnerabilities, particularly for organizations that house regulated data such as credit cards, personally identifiable information and healthcare records.

“Traditionally, we see the lion’s share of technology budget being spent on creating or obtaining applications,” said Drake. “After that, infrastructure and hosting solutions receive the most financial attention. Investments in security and preventative measures come in last in most cases.”

As organizations review their budgets and strategic plans for 2014, understanding the risks to which web applications are exposed will be important in order to make effective and responsible security funding decisions.

“Today, in many organizations, as much $1 out of every $10 invested in enterprise infrastructure technology is allocated to protect network resources,” said Drake. “Only $1 out of $100 is invested in web application security. This is unbalanced approach does not reflect the newly emerging threat landscape.”

What’s Hot on Infosecurity Magazine?