You may be wondering what a superfecta actually is, and the answer is: the most dangerous and serious threat to business. To clarify, the superfecta as defined by secure cloud hosting outfit FireHost is a group of four attack vectors that comprises of Cross-Site Request Forgery (CSRF), Cross-Site Scripting (XSS), SQL Injection and Directory Traversal.
Cross-Site Request Forgery (CSRF) is an attack mode that forces the end user to execute an unwanted action on a web application in which they are currently authenticated. Cross-Site Scripting (XSS) involves the insertion of malicious code into webpages in order to manipulate website visitors. SQL Injection, as everyone surely knows by now, involves entering malicious commands into URLs and text fields on websites that happen to be vulnerable, usually in an attempt to steal the contents of databases storing valuable data such as credit card details or usernames and passwords. And finally, Directory Traversal (also known as a Path Traversal attack) aims to access files and directories that are stored outside the web root folder.
At the InfoSecurity Europe show yesterday, Firehost revealed its 2013 web application attack statistics for the first quarter of the year which detailed this superfecta as blocked by the firewalls protecting its servers in both Europe and the United States during the period covering January to March 2013.
The volume of Cross-Site Request Forgery (CSRF) attacks was up by an astonishing 132% by the end of the quarter, compared to the same period during 2012. The second most significant increase in frequency was seen in SQL injections which rose by 87%. Overall, however, Cross-Site Scripting (XSS) was the most prevalent Superfecta attack type during the period monitored, with more than 1,200,000 attacks being blocked in total.
"The Superfecta represents the most dangerous type of cyberattack traffic, but these are by no means advanced or difficult attacks for cybercriminals to launch" says Chris Hinkley, Senior Security Engineer at FireHost who continues "for example, cross-site request forgery attacks and cross site scripting attacks are extremely automated and require very little knowledge to implement. It only makes sense that CSRF attacks would increase due to more automated attacks in the arsenals of cybercriminals. SQL Injection attacks represent a smaller portion of the attack traffic we block for our customers, as these attacks require more expertise, but when they're successful, they are very effective. Many will remember or have even been affected by successful SQL Injection attacks on a number of global brands over the past few years. What these numbers really say is malicious web traffic is very diverse and businesses should ensure that they are doing as much as possible to mitigate it."