The reason behind this worrying trend could be due to the fact that cybercriminals can easily deploy and administer powerful botnets that run on cloud infrastructure. Unfortunately, many cloud providers donʼt adequately validate new customer sign-ups, so opening accounts with fake information is quite easy.
TRP: These stats may seem a bit abstract on their own, has FireHost been able to match its figures against specific security incidents in 2013 such as the Target data breach?
CD: Absolutely, there was a significant decrease in the number of attacks blocked by FireHost following this incident and we believe this could be down to the Target data breach alone.
Tom Byrnes, CEO of FireHost partner, ThreatSTOP, summed up the situation incredibly well as part of our full report so I'll defer to him here:
"The Target data breach was monumental and it's no surprise that it had an impact on FireHost's attack data. There are only a few hundred criminal gangs worldwide running this kind of cybercrime operation so the actions of just a few can signal a big shift in the industry as a whole.
"We certainly saw this in the build up to the Christmas period and the Target attack. During this time, smart hackers may have ignored FireHost's servers completely and focussed all their efforts on obtaining consumer data during the busy online retail season. Others would simply have been too busy running up charges on Target customers' credit cards to bother with doing anything else.
"It was a similar case in spring/summer 2013. The number of attacks filtered by FireHost's IPRM service fell dramatically and I wouldn't be surprised if this was, in part, due to the big IRS data breach. Organized criminals were too busy snatching identities and stealing billions of dollars in tax refunds to worry about targeting corporate data, such as the applications hosted on FireHost's infrastructure."
TRP: With so many cyber attacks, there are bound to be a few anomalies – are there any that stand out and how would FireHost go about explaining them?
CD: Interestingly, FireHost's IT security teams discovered evidence of a positive 'blackholing' side effect this year, whereby FireHost's IP Reputation Management (IPRM) filters have, over time, helped to hide FireHost's customers' IPs from would-be hackers, by making them resemble darknet/honeypot space.
No attacker wants to be detected by connecting to darknets and will take extra care to avoid them. Indeed, the blackholing effect has contributed to the total number of attacks blocked by FireHost dropping from 32m in Q3 2013 to 23m in Q4 2013.
TRP: Do you have any final words of advice for companies looking to secure their online data?
CD: Even though you may not think your business will draw direct attention from hackers, you can be certain there is a high chance that your servers are being probed by opportunistic cybercriminals who are constantly looking for that easy 'open window' in.
