Jump to content

Interview: What can you learn from blocking 100m cyber attacks?

sincity

By sincity
in Technology

 Share

Recommended Posts

sincity Rookie

sincity

Posted
Posted

Interview: What can you learn from blocking 100m cyber attacks?

FireHost is a secure cloud company that protects the applications and data of organisations with the most stringent compliance needs in a bid to keep them safe from the latest threats and hacks being deployed by online criminals.

Protecting this data and the reputation of its customers is of paramount importance to FireHost and, to this end, the company claims to have blocked more than 100 million attacks in 2013 alone.

FireHost's IT security teams and partners have compiled a new attack report using real-life data from each and every one of the 100 million+ malicious hack attempts that FireHost blocked over the past year.

The results formed FireHost's Superfecta: Year in review report, a detailed analysis of hacker behaviour and the biggest IT security trends of 2013. We spoke to FireHost founder Chris Drake to find out more.

TechRadar Pro: What's the purpose of this report and why does FireHost publicise the data of its blocked attacks?

CD: FireHost is in a unique position to deliver both an accurate and comprehensive overview of cybercrime trends and we are working very closely with other leaders and innovative practitioners in the cybersecurity community to track, document and block attacks as soon as we encounter them.

It is one of the major reasons for producing the quarterly Superfecta report. By communicating all known instances of attacks to web applications, we are all able to better understand and respond to threats.

Cyber attacks may seem like random incidents at the time, but when you have the kind of malicious attack data that we have collected over the last year, you can begin to correlate these attack trends with 2013's biggest data breach stories – of which there were many.

TRP: What are the four 'Superfecta' attack types and what makes them so special?

CD: Although our report takes many different types of attack into account, the Superfecta consists of four distinct web-application attack types that we think pose the most serious threat to businesses.

Cross-Site Request Forgery (CSRF), an attack that forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated.

Cross-site Scripting (XSS), the insertion of malicious code into webpages in order to manipulate website visitors. It is used by attackers for a range of reasons, from simply interfering with websites to launching phishing attacks against web users.

SQL Injection, the entering of malicious commands into URLs and text fields on websites that happen to be vulnerable, usually in an attempt to steal the contents of databases storing valuable data such as credit card details or usernames and passwords. This attack vector has been associated with many high profile data breaches.

Directory Traversal – A Path Traversal attack aims to access files and directories that are stored outside the web root folder.

TRP: According to your stats, what were the most popular or fastest growing attack types in 2013?

CD: 2013 was the year of Cross-Site Scripting and SQL Injection, with the first quarter of 2013 setting the tone for what was to come in the next 12 months.

Cross-Site Scripting was the most prevalent Superfecta attack type and it would continue to be so throughout the year, growing in popularity very slightly each quarter. SQL Injection attacks would follow a similar trend, increasing in volume substantially over quarters one, two and three.

TRP: Did you notice any new trends within the hacking community last year that the IT industry should be aware of?

CD: This year we saw a large percentage increase in the number of common web attacks and, in an attempt to uncover the root cause behind this trend, our security experts discovered that blended, automated attacks were being used increasingly from within cloud service provider networks.

The reason behind this worrying trend could be due to the fact that cybercriminals can easily deploy and administer powerful botnets that run on cloud infrastructure. Unfortunately, many cloud providers donʼt adequately validate new customer sign-ups, so opening accounts with fake information is quite easy.

TRP: These stats may seem a bit abstract on their own, has FireHost been able to match its figures against specific security incidents in 2013 such as the Target data breach?

CD: Absolutely, there was a significant decrease in the number of attacks blocked by FireHost following this incident and we believe this could be down to the Target data breach alone.

Tom Byrnes, CEO of FireHost partner, ThreatSTOP, summed up the situation incredibly well as part of our full report so I'll defer to him here:

"The Target data breach was monumental and it's no surprise that it had an impact on FireHost's attack data. There are only a few hundred criminal gangs worldwide running this kind of cybercrime operation so the actions of just a few can signal a big shift in the industry as a whole.

"We certainly saw this in the build up to the Christmas period and the Target attack. During this time, smart hackers may have ignored FireHost's servers completely and focussed all their efforts on obtaining consumer data during the busy online retail season. Others would simply have been too busy running up charges on Target customers' credit cards to bother with doing anything else.

"It was a similar case in spring/summer 2013. The number of attacks filtered by FireHost's IPRM service fell dramatically and I wouldn't be surprised if this was, in part, due to the big IRS data breach. Organized criminals were too busy snatching identities and stealing billions of dollars in tax refunds to worry about targeting corporate data, such as the applications hosted on FireHost's infrastructure."

TRP: With so many cyber attacks, there are bound to be a few anomalies – are there any that stand out and how would FireHost go about explaining them?

CD: Interestingly, FireHost's IT security teams discovered evidence of a positive 'blackholing' side effect this year, whereby FireHost's IP Reputation Management (IPRM) filters have, over time, helped to hide FireHost's customers' IPs from would-be hackers, by making them resemble darknet/honeypot space.

No attacker wants to be detected by connecting to darknets and will take extra care to avoid them. Indeed, the blackholing effect has contributed to the total number of attacks blocked by FireHost dropping from 32m in Q3 2013 to 23m in Q4 2013.

TRP: Do you have any final words of advice for companies looking to secure their online data?

CD: Even though you may not think your business will draw direct attention from hackers, you can be certain there is a high chance that your servers are being probed by opportunistic cybercriminals who are constantly looking for that easy 'open window' in.

mf.gif
twitter.png facebook.png linkedin.png googleplus.png email.png


rc.img
rc.img
rc.img

a2.imga2t.imgTZ7QQejMnDU
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

About Us

We are glad you decided to stop by our website and servers. At Fearless Assassins Gaming Community (=F|A=) we strive to bring you the best gaming experience possible. With helpful admins, custom maps and good server regulars your gaming experience should be grand! We love to have fun by playing online games especially W:ET, Call of Duty Series, Counter Strike: Series, Minecraft, Insurgency, DOI, Sandstorm, RUST, Team Fortress Series & Battlefield Series and if you like to do same then join us! Here, you can make worldwide friends while enjoying the game. Anyone from any race and country speaking any language can join our Discord and gaming servers. We have clan members from US, Canada, Europe, Sri Lanka, India, Japan, Australia, Brazil, UK, Austria, Poland, Finland, Turkey, Russia, Germany and many other countries. It doesn't matter how much good you are in the game or how much good English you speak. We believe in making new friends from all over the world. If you want to have fun and want to make new friends join up our gaming servers and our VoIP servers any day and at any time. At =F|A= we are all players first and then admins when someone needs our help or support on server.

Player Gaming Stats for =F|A= Servers.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept