By Tim Sandle    

Third-party breaches are exponentially growing and threat actors are becoming more sophisticated, using new techniques to cause malicious attacks. This is the finding from a review undertaken by Source Defense, as the company’s CEO explains.

Source Defense, who specialize in Magecart and Formjacking attack prevention, have announced the release of the first ever client-side web security report and a new lab that is dedicated to studying, analyzing, and publishing threat focused research. To learn more, Digital Journal spoke with Dan Dinnar, CEO at Source Defense to discuss how businesses can best protect themselves against attacks among other cybersecurity issues. 

Digital Journal: How fast are third-party breaches growing?

Dan Dinnar: Third-party breaches are exponentially growing at a rapid rate. When third-party breaches came to fruition 3 years ago, there were a few reported per month. Fast forward to present day, and third-party breaches, such as Magecart and Formjacking attacks, are being reported multiple times per week. Not only are the number of attacks growing, but the companies that attackers are targeting are getting larger as well – Pizza Hut (2017), Ticketmaster and British Airways (2018), Macy’s and Facebook (2019). The average person likely logs into one of these sites, or one very similar, on a weekly basis. These attacks have no barriers and companies many times do not know they are vulnerable until it is too late.

DJ: Are threat actors becoming more sophisticated?

Dinnar: Absolutely! We can see the code complexity grow all the time. Two years ago, the malicious code was simple, but then hackers started adding stealth mechanisms such as only triggering when they identify a payment page, and next, even more sophisticated when checking Chrome DevTools is not open before executing attacks. Now, there are JavaScript sniffers that will remove themselves from the page after they execute. We also see attackers using legitimate Content Delivery Networks (CDN) and third parties to deploy their code from in order to avoid less sophisticated protections like Content Security Policy (CSP), which is based on whitelisting domains.

Continue Reading:

PCI DSS 4.0 makes client-side security a priority.

Source Defense delivers a solution for 6.4.3 and 11.6.1 without adding a burden to your security teams.