Cyber-attack 'superfecta' statistics released

Updated happygeek 3 Tallied Votes 440 Views Share

You may be wondering what a superfecta actually is, and the answer is: the most dangerous and serious threat to business. To clarify, the superfecta as defined by secure cloud hosting outfit FireHost is a group of four attack vectors that comprises of Cross-Site Request Forgery (CSRF), Cross-Site Scripting (XSS), SQL Injection and Directory Traversal.

Cross-Site Request Forgery (CSRF) is an attack mode that forces the end user to execute an unwanted action on a web application in which they are currently authenticated. Cross-Site Scripting (XSS) involves the insertion of malicious code into webpages in order to manipulate website visitors. SQL Injection, as everyone surely knows by now, involves entering malicious commands into URLs and text fields on websites that happen to be vulnerable, usually in an attempt to steal the contents of databases storing valuable data such as credit card details or usernames and passwords. And finally, Directory Traversal (also known as a Path Traversal attack) aims to access files and directories that are stored outside the web root folder.

At the InfoSecurity Europe show yesterday, Firehost revealed its 2013 web application attack statistics for the first quarter of the year which detailed this superfecta as blocked by the firewalls protecting its servers in both Europe and the United States during the period covering January to March 2013.

1252697d8d1433fa21e60d64fe8e46de The volume of Cross-Site Request Forgery (CSRF) attacks was up by an astonishing 132% by the end of the quarter, compared to the same period during 2012. The second most significant increase in frequency was seen in SQL injections which rose by 87%. Overall, however, Cross-Site Scripting (XSS) was the most prevalent Superfecta attack type during the period monitored, with more than 1,200,000 attacks being blocked in total.

"The Superfecta represents the most dangerous type of cyberattack traffic, but these are by no means advanced or difficult attacks for cybercriminals to launch" says Chris Hinkley, Senior Security Engineer at FireHost who continues "for example, cross-site request forgery attacks and cross site scripting attacks are extremely automated and require very little knowledge to implement. It only makes sense that CSRF attacks would increase due to more automated attacks in the arsenals of cybercriminals. SQL Injection attacks represent a smaller portion of the attack traffic we block for our customers, as these attacks require more expertise, but when they're successful, they are very effective. Many will remember or have even been affected by successful SQL Injection attacks on a number of global brands over the past few years. What these numbers really say is malicious web traffic is very diverse and businesses should ensure that they are doing as much as possible to mitigate it."

Member Avatar for LastMitch
LastMitch

You may be wondering what a superfecta actually is, and the answer is: the most dangerous and serious threat to business. To clarify, the superfecta as defined by secure cloud hosting outfit FireHost is a group of four attack vectors that comprises of Cross-Site Request Forgery (CSRF), Cross-Site Scripting (XSS), SQL Injection and Directory Traversal.

Actually to me whoever created these virus invested a lot of time doing. It's hard to catch these programmers.

Even if the government catch these programmers most likely they go to jail for a a year or few years less than 5 years.

Once they get out they can't find any work because they have a record and most likely these programmers will go back doing what they are meant to do create virus and get pay for it.

Norbert_1 0 Newbie Poster

Hi to all,

Kindly guide me how to solve this XSRF or CSRF attack? or How to prevent my ASP.Net WebPages website from this type of CSRF Attack.

Share any Documents or case studies regarding this CSRF.

Thank You,

Regards,
Norbert.

RobertHDD 15 Posting Whiz in Training

You got to know that HEARTBLEED AND FLAME and superfecta's have really made cyberspace look this bad.

sanimirza 0 Newbie Poster

boot into safe mode (f8 on startup) run msconfig from START - RUN Select Diagnostic startup Reboot Hows the performance now? If this is acceptable, then you can start turning on services little by little..... this is a lot of trial and error tying to hunt down an errand process, but it should help. Or... some simple things to look for.... 1) are there multiple AV or malware apps running? 2) are you loading multiple

sanimirza 0 Newbie Poster

boot into safe mode (f8 on startup) run msconfig from START - RUN Select Diagnostic startup Reboot Hows the performance now? If this is acceptable, then you can start turning on services little by little..... this is a lot of trial and error tying to hunt down an errand process, but it should help. Or... some simple things to look for.... 1) are there multiple AV or malware apps running? 2) are you loading multip

_____

sani

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.