What can you learn from blocking 100m cyber attacks?

FireHost is a secure cloud company that protects the applications and data of organisations with the most stringent compliance needs in a bid to keep them safe from the latest threats and hacks being deployed by online criminals.

Protecting this data and the reputation of its customers is of paramount importance to FireHost and, to this end, the company claims to have blocked more than 100 million attacks in 2013 alone.

FireHost's IT security teams and partners have compiled a new attack report using real-life data from each and every one of the 100 million+ malicious hack attempts that FireHost blocked over the past year.

The results formed FireHost's Superfecta: Year in review report, a detailed analysis of hacker behaviour and the biggest IT security trends of 2013. We spoke to FireHost founder Chris Drake to find out more.

TechRadar Pro: What's the purpose of this report and why does FireHost publicise the data of its blocked attacks?

Chris Drake: FireHost is in a unique position to deliver both an accurate and comprehensive overview of cybercrime trends and we are working very closely with other leaders and innovative practitioners in the cybersecurity community to track, document and block attacks as soon as we encounter them.

It is one of the major reasons for producing the quarterly Superfecta report. By communicating all known instances of attacks to web applications, we are all able to better understand and respond to threats.

Cyber attacks may seem like random incidents at the time, but when you have the kind of malicious attack data that we have collected over the last year, you can begin to correlate these attack trends with 2013's biggest data breach stories – of which there were many.

TRP: What are the four 'Superfecta' attack types and what makes them so special?

CD: Although our report takes many different types of attack into account, the Superfecta consists of four distinct web-application attack types that we think pose the most serious threat to businesses.
Cross-Site Request Forgery (CSRF), an attack that forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated.

Cross-site Scripting (XSS), the insertion of malicious code into webpages in order to manipulate website visitors. It is used by attackers for a range of reasons, from simply interfering with websites to launching phishing attacks against web users.

SQL Injection, the entering of malicious commands into URLs and text fields on websites that happen to be vulnerable, usually in an attempt to steal the contents of databases storing valuable data such as credit card details or usernames and passwords. This attack vector has been associated with many high profile data breaches.

Directory Traversal – A Path Traversal attack aims to access files and directories that are stored outside the web root folder.

TRP: According to your stats, what were the most popular or fastest growing attack types in 2013?

CD: 2013 was the year of Cross-Site Scripting and SQL Injection, with the first quarter of 2013 setting the tone for what was to come in the next 12 months.

Cross-Site Scripting was the most prevalent Superfecta attack type and it would continue to be so throughout the year, growing in popularity very slightly each quarter. SQL Injection attacks would follow a similar trend, increasing in volume substantially over quarters one, two and three.

TRP: Did you notice any new trends within the hacking community last year that the IT industry should be aware of?

CD: This year we saw a large percentage increase in the number of common web attacks and, in an attempt to uncover the root cause behind this trend, our security experts discovered that blended, automated attacks were being used increasingly from within cloud service provider networks.