Dangerous CSRF attacks up 132%

FireHost has announced today its Q1 2013 web application attack statistics, detailing the type and number of the most dangerous cyberattacks blocked by the firewalls that protect its servers in the U.S. and Europe between January and March 2013.

Compared with Q1 2012, the volume of Cross-Site Request Forgery (CSRF) attacks is up 132 percent at the end of Q1 2013. The CSRF attack measurement is part of FireHost’s quarterly ‘Superfecta’ report.

The Superfecta is a group of four cyberattacks that pose the most serious threat to businesses and comprises of CSRF, Cross-site Scripting (XSS), SQL Injection and Directory Traversal. After CSRF, SQL Injection has seen the second most significant increase in frequency, rising 87 percent when comparing Q1 2012 to Q1 2013.

Other key statistics for the Q1 2013 Superfecta include:

• Total number of all attack types blocked by FireHost in Q1 2013: 29,713,520 (This includes attacks blocked by FireHost’s new IP Reputation Management “IPRM” filters)
• Total number of Superfecta attacks blocked in Q1 2013: 3,410,212 (up from 2,861,085 in Q1 2012)
• Overall, Cross-Site scripting (XSS) was the most prevalent Superfecta attack type in Q1 2013 – with more than 1.2M attacks being blocked.

“The Superfecta represents the most dangerous type of cyberattack traffic, but these are by no means advanced or difficult attacks for cybercriminals to launch,” said Chris Hinkley, CISSP – a Senior Security Engineer at FireHost. “For example, cross-site request forgery attacks and cross site scripting attacks are extremely automated and require very little knowledge to implement.

It only makes sense that CSRF attacks would increase due to more automated attacks in the arsenals of cybercriminals. SQL Injection attacks represent a smaller portion of the attack traffic we block for our customers, as these attacks require more expertise, but when they’re successful, they are very effective.

Many will remember or have even been affected by successful SQL Injection attacks on a number of global brands over the past few years. What these numbers really say is malicious web traffic is very diverse and businesses should ensure that they are doing as much as possible to mitigate it.”

Liam Eagle, analyst, Internet infrastructure at 451 Research, comments: “Malicious website traffic has several harmful results – along with the obvious security concerns, there is a performance impact,” says Eagle. “An increase in the volume of traffic to a site demands an increase in resources like memory, processing and bandwidth. Preventing unwanted traffic from reaching a website or hosted environment has a direct and positive impact on infrastructure performance. It’s not a coincidence that security and performance are two key criteria by which customers evaluate hosting services.”