The number of cross-site scripting attacks targeting businesses and consumers skyrocketed 160 percent during the last quarter of 2012, according to secure cloud hosting company Firehost.
Firehost reported that of the 64 million attacks it detected and blocked during the period, 2.6 million were cross-site scripting attacks. In the previous quarter the company only detected one million cross-site scripting attacks.
The increase means 57 percent of the threats detected by Firehost during the quarter were cross-site scripting attacks.
Below these attacks, directory traversal, SQL injection, and cross-site request forgery (CSRF) were highlighted as the three other largest threats, accounting for 15 percent, 16 percent and 12 percent of the attacks detected respectively.
Cross-site scripting is a basic tactic used by hackers. It works by inserting malicious code into insecure webpages letting the attacker manipulate where website visitors are directed.
Despite being basic, the attack strategy has a variety of applications and can be used to do everything from defacing websites to launching phishing attacks.
FireHost senior security engineer Chris Hinkley attributed the rapid increase in attack levels to a combination of most businesses' lax website security and the tactic's increased profitability during the holiday period.
"The change in frequency of the types of attacks between quarters gives you an idea of how cyber criminals are constantly working to identify the path of least resistance," said Hinkley.
"During the fourth quarter, e-commerce sites in particular would have been very busy with Christmas sales. Hackers will rapidly go after these high value targets with attacks that are highly automated and, if they are not yielding useful payloads, the attackers are equipped to quickly try a different type of attack.
"This is why it is important to have an understanding of the kind of traffic that is accessing your hosted infrastructure, so that you can make sure that malicious traffic is diverted and that there is less risk to sensitive data."
Firehost director of technology, Todd Gleason, highlighted hacktivist groups' use of the tactic as a second key contributor to the increase.
"Itʼs fairly obvious that, if you are a retailer or service provider dealing with private customer data or payment card details, your business will present an attractive target for hackers," said Gleason.
"That being said, we also see attacks that have the potential to simply deface or interfere with and disrupt websites and applications. Even though no data is lost, the reputation of a company can still be seriously damaged."
The ongoing prominence and tenacity of hacktivist groups has become a hot topic within the security industry. Most recently the Anonymous hacktivist collective re-entered the headlines after defacing a US Justice Department website to protest the death of internet activist Aaron Swartz.
Mark Zuckerberg mercilessly trolled by Harvard student newspaper after return to university he dropped out of 12 years ago
'Unauthorised user' blamed by Harvard for insulting Mark Zoinkerberg
Android under attack from 'Judy', Google Play Store malware that has infected up to 36.5 million users
Yet more Android malware discovered on the Google Play Store
Airport believes new system will be more reliable than GPS or Google Maps
OnePlus 3T canned to make way for imminent OnePlus 5 with Snapdragon 835, 8GB memory and dual camera
OnePlus 3T to be prematurely retired on 1 June - perhaps indicating plans for an imminent OnePlus 5 launch