The RiskIQ JavaScript Threats Module

The Internet is the great equalizer. Everyone plays on the same field—users, hackers, partners, and Employees.

The Internet is also adaptive. If you search for something, your experience changes. As you click, the website's behavior changes. RiskIQ knows the Internet and has been monitoring, mapping, and interacting with it for the last decade.

RiskIQ understands how each website interacts with and connected to every other website on the Internet. Our technology does this by acting like a real user in a browser and dynamically rendering your website. This helps security teams know how their organization's website might be pulling images, components, or code from one website or sending analytic data to another. It also tells them what web components are loaded or the JavaScript that is executed in the end user's browser.

This view allows RiskIQ customers to understand their external attack surface.

Hackers know that many organizations don't have visibility into the dynamic characteristics of their own websites. They take advantage of this by attacking these dynamic elements or the third-party components on which websites rely. These browser-based attacks are most often carried out via JavaScript or a web component.

In these JavaScript attacks, hackers will either directly modify an organization's website's JavaScript and add their own malicious code, such as Magecart, a payment card skimmer. They may also indirectly modify the JavaScript on a third-party website or web component your website uses, like an e-commerce or payment processing platform.

Attacking a third-party website and adding malicious code can breach thousands of websites at once. Hackers attacked British Airways and added the Magecart JavaScript stealing 380,000 payment cards from customers. The hack caused officials to find British Airways in breach of the GDPR, landing them an approximated $228 million fine.

RiskIQ can help protect and monitor against web and browser-based types of attacks like this with the RiskIQ JavaScript Threats Module. Our systems can monitor and alert you to your attack surface changes, including proprietary and third-party JavaScript. Differences in the versions of your JavaScript are shown side by side.

Alerts generated for JavaScript threats include additions of malicious code or links to blacklisted websites. The RiskIQ JavaScript Threats Module can potentially save your organization from becoming the next breach in the news. Don't leave your organization unprotected—learn about the RiskIQ JavaScript Threats Module today.

Go to riskiq.com/get-started to get started.