News
RiskIQ launches JavaScript threats solution amidst surge in attacks on e-commerce web assets
August 2019 by Marc Jacob
RiskIQ announced the launch of RiskIQ JavaScript Threats Module to ensure customer trust in e-commerce by protecting organisations’ high-traffic payment pages from JavaScript attacks. The module is part of a comprehensive platform for reducing threats to organisations’ internet attack surfaces. JavaScript Threats is the only enterprise-scale product trusted by the largest financial and e-commerce companies and powered by the threat intelligence of industry-leading experts on Magecart JavaScript attacks.
JavaScript Threats leverages RiskIQ’s proprietary global discovery infrastructure to build complete, dynamic inventories of organisations’ websites, including critical e-commerce assets with their own and third-party JavaScript. It then monitors the web assets and JS resources, creating alerts for malicious and suspicious changes so organisations can quickly detect JavaScript attacks.
Magecart cybercriminals inject malicious JavaScript code into web pages once every five minutes, according to RiskIQ threat research group’s detection data. These attacks can be direct compromises or supply-chain compromises. Supply chain attacks target third-party JavaScript resources, such as analytics trackers, website optimisation tools, and chat plugins, and give threat actors massive reach by multiplying their attack across potentially thousands of websites. Businesses incur reputational and financial damages such as loss of customer trust and market share, lawsuits, and punitive regulatory fines.
The damages caused by JavaScript attacks came into sharp focus earlier this month when the UK Information Commissioner’s Office proposed a £183 million ($224 million) fine on British Airways. The JavaScript attack on its website resulted in the theft of credit card data for almost 500,000 customers. This proposed fine represents 1.5% of British Airways 2017 revenues and could have been as high as 4% of revenues, or £489 million ($598 million). The breach, analysed by RiskIQ threat research group in September 2018, was carried out by one of the most sophisticated Magecart cybercriminal groups.
The 2019 Verizon Data Breach Investigations Report: Executive Summary substantiates the prevalence of JavaScript attacks. The report highlights that malicious code designed to capture data entered into web forms is the primary attack pattern for breaches in the Retail, Professional Services, Finance, and Manufacturing industries. The Verizon report also states: "Payment card web application compromises are well on their way to exceeding physical terminal compromises in payment card-related breaches. Data from one of our contributors, the National Cyber-Forensics and Training Alliance (NCFTA), substantiates this shift appears to have already occurred, and our larger data set is also trending that way."
Magecart JavaScript attacks are likely to increase, as they have been highly successful. RiskIQ threat research group has pointed out previously that Magecart is an active threat that operates at a scale and breadth that rivals, or may even surpass, the compromises of retail giants such as Home Depot and Target. The Magecart actors have been active since 2015 and have never retreated from their chosen criminal activity. Instead, they have continually refined their tactics and targets to maximise the return on their efforts. Cybercriminal syndicates have created entire economies around JavaScript attacks with vibrant, lucrative markets emerging for stolen data, web skimmers, and compromised websites.
