Email
Password
Remember meForgot password?
    Log in with Twitter

article imageQ&A: Looking into the rapid rate in the rise of threat actors Special

By Tim Sandle     Mar 21, 2020 in Technology
Third-party breaches are exponentially growing and threat actors are becoming more sophisticated, using new techniques to cause malicious attacks. This is the finding from a review undertaken by Source Defense, as the company's CEO explains.
Source Defense, who specialize in Magecart and Formjacking attack prevention, have announced the release of the first ever client-side web security report and a new lab that is dedicated to studying, analyzing, and publishing threat focused research.
To learn more, Digital Journal spoke with Dan Dinnar, CEO at Source Defense to discuss how businesses can best protect themselves against attacks among other cybersecurity issues.
Digital Journal: How fast are third-party breaches growing?
Dan Dinnar: Third-party breaches are exponentially growing at a rapid rate. When third-party breaches came to fruition 3 years ago, there were a few reported per month. Fast forward to present day, and third-party breaches, such as Magecart and Formjacking attacks, are being reported multiple times per week. Not only are the number of attacks growing, but the companies that attackers are targeting are getting larger as well – Pizza Hut (2017), Ticketmaster and British Airways (2018), Macy’s and Facebook (2019). The average person likely logs into one of these sites, or one very similar, on a weekly basis. These attacks have no barriers and companies many times do not know they are vulnerable until it is too late.
DJ: Are threat actors becoming more sophisticated?
Dinnar: Absolutely! We can see the code complexity grow all the time. Two years ago, the malicious code was simple, but then hackers started adding stealth mechanisms such as only triggering when they identify a payment page, and next, even more sophisticated when checking Chrome DevTools is not open before executing attacks. Now, there are JavaScript sniffers that will remove themselves from the page after they execute. We also see attackers using legitimate Content Delivery Networks (CDN) and third parties to deploy their code from in order to avoid less sophisticated protections like Content Security Policy (CSP), which is based on whitelisting domains.
DJ: What are the most vulnerable industries and nations affected and impacted by third-party breach attacks?
Dinnar:Any website is susceptible, however; hackers will get the most value from transactional websites holding personally identifiable information (PII) and payment card industry (PCI) data. These are the industries we see most affected by this vector. Healthcare and pharmaceutical companies with strict regulatory guidelines and HIPAA compliance restrictions are vulnerable to the same data loss risks that eCommerce fall victim to, causing similar concern surrounding third-party breaches.
DJ: What are Magecart and Formjacking attacks?
Dinnar:Magecart and Formjacking are new names for a very old attacking method – supply-chain attacks. The security perimeter of a website has a hard limit and once the page is generated on the browser, it no longer has any effect to it. Formjacking attacks use remotely loaded JavaScript to take the PII and PCI information directly from the page without having to access the server and without going through any security measures. They are also very attractive because when you infect a third-party script, you infect all of their customers, meaning one hack can collect information from multiple websites. For example, the hack that was made public for hitting Ticketmaster UK affected a total of 800 websites compromising personal information, including names, addresses, email addresses, telephone numbers, payment details, and login details.
DJ: How can businesses best protect themselves against attacks that sneak past traditional security measures to wreak havoc on corporate websites?
Dinnar:Hackers evolve, and therefore so must we. The browser can no longer be a no man’s land and the security perimeter must be extended to protect every web session for each website visitor. Take a look at recent breaches – Is your competitor or partner being hacked? Is someone in a similar industry being breached? These are all signs that you could be next, and customers are becoming less forgiving when these hacks occur, so brand loyalty and reputation are on the line.
Get familiar with details on past attacks in order to learn how to better protect your brand.
Learn about the terms, attack methods, and techniques used in the client-side security space.
Take control of your website to ensure it is securely protected with a proper prevention solution
.
DJ: What activities are the unauthorized third-party scripts performing on a website and what sensitive data is accessed?
Dinnar:According to data from research aggregated in the 2020 Client-side Web Security Report, almost 60% of third-parties are information gathering scripts meant to count analytic data or track users. This means that attackers need almost no information from the page beyond the address and cookie. Furthermore, the report shows that about 70% of scripts will access every form field on the page, listen to every click on a link or a button, and 30% will listen to form submissions and create input fields, causing the majority of PII and PCI data being constantly accessed when we input it by unauthorized vendors. Now, if they do this without being compromised, how will we know when they are?
More about Cybersecurity, thirdparty, threat actors
More news from
Latest News
Top News