Protecting Websites from Magecart and Other In-Browser Threats – Security Boulevard

The Rise of Third-Party Scripts

Modern web applications have become increasingly reliant on external code, services and vendors that execute JavaScript code in the browser often referred to as third-party scripts. As a close-to-home example shown below, Akamai executes dozens of scripts to populate our home page. Nearly 70% of these scripts come from outside sources.

Partial Request Map View of http://www.Akamai.com

Source: https://requestmap.herokuapp.com/render/200107_S4_75af286693538a095b33ac5e4740b0b8/

We, like almost all other internet-based businesses, use third-party scripts because they enhance the web experience, are easy to add and modify, promote a consistent web experience and are pre-integrated and maintained by the third parties. In fact, web sites today average 56% third-party scripts (Akamai has 68% third-party).

Source: Security and Frontend Performance, Challenge of Today: Rise of Third Parties, Akamai Technologies and OReilly Media, 2017

Magecart a class of credit card hacker groups using new & more sophisticated attack methods has become the poster child of third-party scripts attacks.

Because third-party scripts come from a myriad of trusted and untrusted sources in a businesss supply chain, the attack surface for web-facing applications has become significantly larger and harder to protect. Sites that use credit card processing are at constant risk in fact out of the tens of thousands of sites hit with Magecart in the last few years, 1 in 5 victims are re-infected, often within months of the last attack.

Source: Sangine Security, 2018. https://sansec.io/labs/2018/11/12/merchants-struggle-with-magecart-reinfections/

Unfortunately, most application protection solutions today have tried to retrofit existing techniques to prevent third-party script threats using firewall and policy controls. When rigorously applied, this approach can restrict open business practices and the advantage of third-party scripts. And, when applied to loosely, can miss a lot of attacks.

The primary way, security teams keep their scripts clean, is via constant script review and testing which is really hard.

Because of this constant, time consuming, invisible challenge for security teams to be able to detect and mitigate third-party script attacks, it often isnt done making injecting malicious code into web pages via third-party Javascripts one of the most popular attack methods for credit card and credential skimming today. In 2019, an average of 4800 websites were compromised from third-party injected code every month, a 78% increase over 2018.

Source: Symantec 2019 Internet Security Threat Report

Page Integrity Manager is designed to discover and assess the risk of new or modified JavaScript, control third-party access to sensitive forms, and enable automated mitigation. The solution fully monitoring the behavior of each JavaScript workload in the session, through a series of detection layer, using machine learning model, heuristics, signatures and risk score model. This advanced approach identifies suspicious and malicious behavior, enable automated mitigation using policy-based controls, and block bad actors using Akamai threat intelligence to improve accuracy.

Akamai will be launching Page Integrity Manager in 2020.

We are inviting customers to participate in a valuable beta project with a working product to help you be protected from malicious scripts.

To learn more, download our Beta Product Brief.

Join our beta program today by contacting your Akamai sales team.

*** This is a Security Bloggers Network syndicated blog from The Akamai Blog authored by Mike Kane. Read the original post at: http://feedproxy.google.com/~r/TheAkamaiBlog/~3/-QH1Nxqx7Mc/protecting-websites-from-magecart-and-other-in-browser-threats.html

View original post here:
Protecting Websites from Magecart and Other In-Browser Threats - Security Boulevard

Related Post

Comments are closed.