Cross-site scripting threats surged in Q4 2012
Cybercriminals have become more able to quickly change their attack strategies due to the proliferation of malicious automation tools. However, hackers are most likely to cast wide nets until they find a weak point in a company's digital safeguards. According to research by cloud hosting company FireHost, this meant a surge of cross-site scripting attacks at the end of 2012.
The company blocked a total of 64 million attacks between October and December 2012. Researchers noted that XSS threats accounted for 54 percent of incidents, up from 35 percent in the third quarter of the year. Although XSS remained the most common type of website security attack, the spike in its prevalence shows the versatility of cybercriminal attack strategies.
"The change in frequency of the types of attack between quarters gives you an idea of how cybercriminals are constantly working to identify the path of least resistance," said Chris Hinkley, senior security engineer at FireHost. "During Q4, ecommerce sites in particular would have been very busy with Christmas sales. Hackers will rapidly go after these high value targets with attacks that are highly automated and, if they are not yielding useful payloads, the attackers are equipped to quickly try a different type of attack."
As Hinkley's comments suggest, website owners are facing a larger volume and variety of threats, making it critical to utilize best practices and evaluate every area of their online properties. Site owners can benefit from evaluating and limiting the allowed input on each area of their site to reduce the risk of a successful XSS attack. However, it is also important to implement solutions such as SSL certificates to guard data transmissions.
Protect your site visitors' information by getting an SSL certificate today.