The Lighter Side Of The Cloud – Big Broadband
The Lighter Side Of The Cloud – Adopted
The Lighter Side Of The Cloud  – Self Education

Press Release: Q2 2012 FireHost Web Application Attack Report Shows Sharp Rise In SQL Injections

17 million cyber-attacks blocked between April and June by secure cloud hosting provider

London, UK – July 24, 2012 – Secure cloud hosting company, FireHost, has today revealed the latest statistical analysis of attacks successfully blocked by its servers located at data centers in the US and Europe.  During the period of April to June 2012, the web applications, databases and websites of FireHost’s customers – spread across 33 countries worldwide – were protected from a total of 17 million cyber attacks, of which more than two million were categorized as the most serious kind of attack, and among FireHost’s ‘Superfecta’.

The Superfecta is a group of four attack types considered by FireHost as being the most malicious and dangerous – they are Cross-site Scripting (XSS), Directory Traversals, SQL Injections, and Cross-site Request Forgery (CSRF).  One of the most significant changes in attack traffic seen by FireHost between Q1 and Q2 2012 was a 69% increase in SQL Injection attacks.  Rising from 277,770 blocked attacks in the first quarter, to 469,983 between April and June, this type of attack is frequently cited as an attack vector of choice for data thieves.

In simple terms, SQL Injection involves the entering of malicious commands into URLs and text fields on websites that happen to be vulnerable, usually in an attempt to steal the contents of databases storing valuable data such as credit card details or usernames and passwords.  The attack vector has been associated with many high profile data breaches, most famously Sony in 2011 and, more recently, it is suspected to be the method used by hackers to steal passwords from LinkedIn, eHarmony and Yahoo!.

“Many, many sites have lost customer data in this way,” said Chris Hinkley, CISSP – a Senior Security Engineer at FireHost.  “SQL Injection attacks are often automated and many website owners may be blissfully unaware that their data could actively be at risk.  These attacks can be detected and businesses should be taking basic and blanket steps to block attempted SQL Injection, as well as the other types of attacks we frequently see.”

The Superfecta attack traffic for Q2 2012 can be broken down as follows:

Similarly to Q1 2012, the majority of attacks FireHost blocked during the second calendar quarter of 2012 originated in the United States (14 million / 83%).  Southern Asia came in second with 8%, while Europe was in third, as the origin of 6% of malicious attack traffic seen by FireHost.

Varied trends among the Superfecta attack techniques from quarter to quarter are demonstrated between Q1 2012 and Q2:

As a result of the recent and high profile data breach incidents, more businesses are now familiar with the malice of cyber-attacks. FireHost warns them not to underestimate the scale at which automated attacks are launched by hackers on the poorly protected web pages of businesses of all sizes.

“One thing we can always expect is for the security threat landscape to change quickly and be very fluid. With so many moving parts, hosters and service providers need to ensure that transparency is a core element of their security strategy,” said Philbert Shih, managing director of Structure Research. “Companies that are able to provide real time customer data that can speak to market threats not only do right by their customers but contribute to the research community’s knowledge and understanding. Spotting a rise in SQL Injection hack attempts, for instance, is not something to overlook and should be seen as a warning to all who monitor this space.”

“Some of the data theft incidents that are reported in the media are precisely targeted, but a more substantial risk to most comes from an abundance of automated, malicious bots that attack websites in a more random fashion,” said Todd Gleason, Director of Technology at FireHost.  “Businesses should take readily available and basic steps to block any kind of unwanted traffic from accessing their sites.  Mitigating Denial of Service attacks and ensuring web applications are secure can go a long way toward fighting off these random attacks.”

For more information, please visit: http://www.firehost.co.uk

About FireHost

FireHost is a secure cloud hosting company focused on protecting sensitive data and companies’ brand reputations with infrastructure built for security, scalability and performance. Customers with specific compliance or performance needs subscribe to FireHost’s PCI, HIPAA or high traffic solutions, including some of the largest companies in the world, as well as many fast growing eCommerce, SaaS and healthcare IT providers. FireHost provides services from Dallas, Phoenix, London and Amsterdam.

Follow Us!

CloudTweaks

Established in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information. Most of the excellent CloudTweaks articles are provided by our own paid writers, with a small percentage provided by guest authors from around the globe, including CEOs, CIOs, Technology bloggers and Cloud enthusiasts. Our goal is to continue to build a growing community offering the best in-depth articles, interviews, event listings, whitepapers, infographics and much more...
Follow Us!

Sorry, comments are closed for this post.

Recent

The E-Learning Market – Cloud Computing Adoption

The E-Learning Market – Cloud Computing Adoption

The E-Learning Market  We’ve talked a fair bit about e-Learning and MOOCs (Massive Open Online Courses) technologies here on CloudTweaks over the past number of years. The industry is expected to continue to grow at a brisk pace as more and more firms and educational institutions start to adopt cloud based services.  Docebo has an excellent…

Big Data, Business Intelligence And The Programming Language “R”

Big Data, Business Intelligence And The Programming Language “R”

Why Your Next Business Intelligence Hire Will Use R As anyone working in the field knows, business intelligence is an evolving landscape. New technologies, combined with a rapidly expanding marketplace, are disrupting legacy solutions and established platforms. Despite such growth, however, there have been a few constants, such as the R programming language. As other…

Beyond Gaming: Three Practical Applications For Oculus Rift

Beyond Gaming: Three Practical Applications For Oculus Rift

Three Practical Applications For Oculus Rift  Since the announcement of the Oculus Rift in 2012 gamers and game developers alike have been frenzied trying to both get their hands on the unit or build their own proprietary VR machine. The VR gold rush has since lead to the announcement of Project Morpheus from Sony and…

Popular

Cloud Infographic – Interesting Big Data Facts

Cloud Infographic – Interesting Big Data Facts

Big Data Facts You Didn’t Know The term Big Data has been buzzing around tech circles for a few years now. So much, in fact, that you’re probably getting sick of hearing about it. Here are some interesting facts you might not know about big data via The Visual Capitalist: Big Data got its start in the…

The Cloud In 2015: Eight Trends To Look For

The Cloud In 2015: Eight Trends To Look For

The Cloud In 2015 For organizations of all sizes, in 2014 the cloud emerged as a critical part of the default consideration set when implementing any new application – in large part due to the cloud’s proven ability to handle data storage and processing demands in an elastic manner, improved verifiable standards around data security and…

Five Cloud Questions Every CIO Needs To Know How To Answer

Five Cloud Questions Every CIO Needs To Know How To Answer

The Hot Seat Five cloud questions every CIO needs to know how to answer The cloud is a powerful thing, but here in the CloudTweaks community, we already know that. The challenge we have is validating the value it brings to today’s enterprise. Below, let’s review five questions we need to be ready to address…

2014 Future Of Cloud Computing Survey Results

2014 Future Of Cloud Computing Survey Results

Engine Yard Joins North Bridge Venture Partners, Gigaom Research and Industry Collaborators to Unveil 2014 Future of Cloud Computing Survey Results SAN FRANCISCO, CA–(Marketwired – Jun 25, 2014) – Engine Yard, the leading cloud application management platform, today announced its role as a collaborator in releasing the results of the fourth annual Future of Cloud Computing Survey,…

5 Ways CIOs Can Tackle Cloud Fears

5 Ways CIOs Can Tackle Cloud Fears

5 Ways CIOs Can Tackle Cloud Fears  CIOs are tired of hearing about cloud computing concerns. They’ve spent years reading about how cloud resources are subject to risks, and wonder – what can they do to help people trust the cloud?  The truth is that despite being a hot issue for years, the topic of…

Sponsored Posts

Moving From Email Into The Cloud

Moving From Email Into The Cloud

Mobile Collaboration In The Cloud Imagine that you, as a manager, are told by the powers that be that you have to find “efficiencies” within your department that will result in one million dollars of savings annually. You struggle with this. You send an email to everyone on your senior team. “Where can we save…

Cloud Logo Sponsors

hp Logo CityCloud-PoweredByOpenstack-Bluesquare_logo_100x100-01
cisco_logo_100x100 vmware citrix100
Site 24x7


Contributor Spotlight

Established in 2009, CloudTweaks is recognized as one of the leading influencers in cloud computing, big data and internet of things (IoT) information. Our goal is to continue to build our growing information portal, by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

Branded Content Programs

Advertising