Hosters say about a significant increase in the number of XSS-attacks.
According to statistics from hosting company Firehost, the number of XSS-attacks on websites in the last quarter of 2012 soared by 160% from the same period of 2011. According to the company, out of 64 million detected and blocked attacks, some 2.6 million was attributable to attacks such as cross-site scripting. Quarter before it was discovered just over a million XSS-attacks.
Under these types of attacks Firerost understand three basic types of attack: directory traversal, SQL-injection and cross-site request fake (CSRF). The share of these three main types of attacks have 15.16 percent of the attacks, and 12, respectively.
Firehost notes that XSS-attack – is the base type of attacks used by hackers. It works by placing malicious code on insecure pages, and allows users to manipulate the actions of the attacked site. However, despite its base, this type of attack can have a wide range of applications: from deface the site to a phishing attack.
Chris Hinkley Senior Security Engineer Firehost, notes that the rapid growth of XSS-attacks indicate a lack of basic principles of Security’s website, and the vulnerability that is used to host the software. In addition, the end of the year – this is traditionally the season of high demand for online retailers and, consequently, increased attention to these sites from hackers and cheaters.
Hinckley said that the fourth quarter is particularly significant flow of attacks came just for ecommerce-sites that deal with custom financial data.
The full Firehost report can be found here .