Third quarter cross-site scripting (XSS) and SQL Injection activity are up 32% on the second quarter of this year, as hackers specifically target web-facing and cloud applications that carry sensitive data about businesses and their consumers.

This is according to the latest Superfecta report from FireHost, which adds that integrated attacks on such applications are becoming more common and automated as well.

During the quarter, FireHost blocked about 32m attacks – more than half of the total attacks in the quarter, it said.

The total number of malware attacks represents a 77% rise in the number of filtered attacks compared to the second quarter, the firm added.

FireHost founder and CEO Chris Drake said the adoption of cloud computing, mobile applications and virtualised enterprise architectures have led to an expansion of applications that are connected to Internet resources.

"What our latest Superfecta report clearly indicates is that this shift has not gone unnoticed by the hacker community and a whole range of bad actors who are always seeking new attack vectors," Drake added.

"The immense volume of attempted incursions documented in this latest set of statistics show that web applications are exposed to clear-and-present danger.

"It is imperative that business leaders react and respond to these threats by bringing a new focus and attention to securing web application resources."

Between the second and third quarters of this year, the cloud hosting service provider detected a rise in attempted SQL Injection and cross-site scripting attacks on the client servers under its protection.

The rise in SQL Injection especially implies that the attack method is being commoditised, Drake claimed, which poses a bigger risk to any organisations with hosted resources.

"Traditionally, we see the lion’s share of technology budget being spent on creating or obtaining applications," Drake said.

"After that, infrastructure and hosting solutions receive the most financial attention. Investments in security and preventative measures come in last in most cases.

"Today, in many organisations, as much $1 out of every $10 invested in enterprise infrastructure technology is allocated to protect network resources."

"Only $1 out of $100 is invested in web application security. This is unbalanced approach does not reflect the newly emerging threat landscape."