As seen on Enterprise Security Tech.

This is part of an ongoing 2021 predictions series. We’ve asked top cyber experts to contribute their insights and expertise to provide a look ahead at what the new year may bring to cybersecurity. 

Commentary from Hadar Blutrich, CTO and co-founder of Source Defense:

“Cybersecurity companies are doing a much better job protecting the cloud and the server-side so it’s becoming harder to attack it. Therefore, cybercriminals are moving from the server-side to the client-side and in the past year we’ve seen a huge increase in formjacking and Magecart attacks that are initiated in the browser client-side. Hackers attack a 3rd party JavaScript vendor used on multiple websites and can get access to all of that vendor’s customers at once (instead of attacking a specific site). In 2021 we are going to see hackers use tools like tag managers and analytics solutions to activate malicious code and capture data.

Hackers are deploying a malicious JavaScript code that will capture secure data directly from the HTML and JavaScript on the page before it’s sent to the website server. In the past we saw hackers trying to hide their tools in servers and domains that had names such as Gocgle.com (with C). Today, they are using legit tools to avoid detection. We are seeing them use CSP “whitelisted” solutions such as tag managers to deploy JavaScript code and then collect the information with other solutions and analytics tools. This way they don’t need to use a server or a domain that is detectable.

The only way to capture these types of attacks is by using a zero-trust solution that will give 3rd parties only the information the website is allowing them to get, while hiding and blocking access to private and payment information.”

PCI DSS 4.0 makes client-side security a priority.

Source Defense delivers a solution for 6.4.3 and 11.6.1 without adding a burden to your security teams.

Scroll