Report also suggests that cybercriminals are less incentivized to try
new attack methods
Indeed, the blackholing effect has contributed to the total number of attacks filtered by FireHost’s IPRM dropping from over 17m in Q3 2013 to less than 9m in Q4 2013.
“For anyone new to cybersecurity and threat detection, the blackholing phenomenon must sound incredibly abstract,” admits FireHost founder and CEO
How the blackholing effect works
In a virtualized infrastructure with comprehensive security layers (such as the service provided by FireHost), most of the malicious traffic seen and blocked comes from malevolent networks and botnets. An IP reputation filter intercepts web traffic at the perimeter layer and recognizes when a would-be intruder has been black listed. This means that, when cybercriminals launch web-based attacks or perform reconnaissance on large chunks of the internet from known ‘bad’ IP addresses, the IP reputation filter can prevent them from connecting to a protected network space without reason or response.
Over time, the black hole makes the protected IPs invisible to attackers. As a result, these web applications are exposed to less and less attack traffic, improving memory and processor efficiency as well as reducing network traffic load, to name a few benefits. By the same token, the volume of spam and everything else associated with illegitimate sources also decreases.
“In a conflict zone, hostiles don’t shoot at trees on the off-chance there’s an incredibly well camouflaged infantry unit nearby,” explained FireHost CEO,
Hackers favor the tried and tested
The black hole filtering effect was not the only trend flagged by FireHost’s IT security teams, however. According to
“Attackers are still using relatively old attack methods and it’s easy to see why: there’s very little pushback from potential victims and the security industry is struggling to keep up. While new tools and delivery methods are created periodically, recent data breaches such as those suffered by the likes of SnapChat and Target bear proof that old-hat is still good enough. Security measures and countermeasures are not advancing at a quick enough pace to force attackers to be incredibly innovative. There are still many potential victims vulnerable to attack using the same old exploits and tools. Until the information attackers seek is properly protected, and we break out of the status quo, intruders will stick to their favored attacks and do well by them.”
The Superfecta consists of four distinct web-application attack types that pose the most serious threat to businesses, comprising Cross-site Request Forgery, (CSRF), Cross-site Scripting (XSS), SQL Injection and Directory Traversal.
For more information, please visit: www.firehost.com/superfecta
FireHost offers the most secure, managed, cloud IaaS available, protecting sensitive data and brand reputations of some of the largest companies in the world. With infrastructure built for security, compliance, performance and agility, responsible businesses choose FireHost to reduce risk and improve the collection, storage and transmission of their most confidential, regulated data. FireHost’s sophisticated business continuity solutions allow customers to make proactive choices about distributing application traffic between more than 20 points of presence dispersed across five continents, all while meeting international data protection requirements.
Follow FireHost on: