Blog

Browser-based cyber attacks append malicious JavaScript to websites once every five minutes, according to RiskIQ detection data. These cyber attacks, such as web-skimming, cryptocurrency mining, fingerprinting, and waterholing encounters, are responsible for some of the most high-profile breaches in recent history. These breaches include the hack of British Airways, which led to cyber threat actors intercepting credit card data for thousands of customers.

The BA breach, surfaced by RiskIQ last fall, was carried out by the crime syndicate Magecart. Most recently, a sophisticated Magecart group compromised thousands of sites with a supply chain cyber attack targeting misconfigured Amazon S3 buckets.

In the months and years to come, new breeds of these web skimming cyber attacks will likely emerge, whether by new or existing Magecart groups. Payment data is currently the focus, but they will pivot to skim other information such as login credentials. These cyber attacks can take the form of direct compromises or supply chain compromises in which third-party JavaScript, such as analytics code, is compromised. Supply chain cyber attacks give perpetrators massive reach by granting them access to potentially thousands of sites at once.

Lucrative for perpetrators, cybercrime syndicates have created entire economies around JavaScript attacks with vibrant markets emerging for stolen data, web skimmers, and compromised websites. Meanwhile, businesses are left to weather the reputational and financial damage with loss of market share, lawsuits, and punitive regulatory fines.

The material damages to businesses from JavaScript attacks took sharp focus earlier this month when the first post-GDPR fine was imposed against British Airways for the breach of its website. The proposed amount of £183m represents 1.5% of BA’s 2017 revenues and dwarfs the largest pre-GDPR fine levied by the UK’s Information Commissioner’s Office (ICO) of £500,000.

Many organizations have almost no visibility into their web-facing assets and the way their users interact with them. Because of this, browser-based cyber threats have become the go-to method for cyber threat actors to target organizations, their employees, and, perhaps most publicly, their customers. Given the frequency by which RiskIQ researchers now encounter these cyber attacks, it’s clear Javascript threats are poised to carve out a significant portion of the cyber threat landscape for years to come.

This surge of JavaScript attacks makes it a critical time for RiskIQ to launch our JavaScript Threats Module. JavaScript threats uses RiskIQ’s proprietary global web-crawling infrastructure to build a complete, dynamic inventory of an organization’s websites, including their own and third-party JavaScript. It then monitors this inventory, creating alerts for suspicious changes so an organization can quickly detect JavaScript.

JavaScript Threats is part of a comprehensive platform for reducing cyber threats to an organization’s internet attack surface and is the only enterprise-scale product trusted by the largest financial and e-commerce companies and powered by the cyber threat intelligence of industry-leading experts on JavaScript attacks.

Businesses need a continued focus on visibility into their internet-facing attack surfaces, as well as increased scrutiny of the third-party services, constitute their web applications. Magecart’s recent ravages have shown that a lot of the investment in securing corporate infrastructure hasn’t worked. Companies will continue to be overwhelmed by the scale and tenacity of these kinds of groups, especially as cyber attacks launch from outside the firewall, and the data theft occurs in the user’s browser.

Contact us to learn more about RiskIQ JavaScript Threats and how we can help defend your organization from this new breed of cyber attack.

Share:

Connect with us
Featured Post

RiskIQ’s 2019 Evil Internet Minute: All the Cyber Threats Jammed Into 60 Seconds