June 2018 – MageCart Threat Actor
It’s critical to note that this attack vector is completely new and entirely different than traditional data theft methods infecting the buyer’s computer, implanting malware in Point of Sale terminals, or infiltrating corporate defenses to access stored databases. This new attack vector is increasing in scope and capable of launching attacks at massive scale. This is particularly evident in the MageCart attack.
April 2018 – 3rd Party Chatbot Service 7.ai Compromised
October 2017 – Malicious Re-Directs from Major US-Based Credit Agencies
2017- Watering Hole Attack on EU parliament
This attack illustrates that compromising 3rd party vendors can be leveraged to launch hyper segmented, targeted attacks. An ad network operating on a news website frequented by parliament members was breached and used to redirect users to a webpage which distributed targeted malware directly to parliament users only.
Source Defense V.I.C.E.
Source Defense provides an entirely new and unique solution to prevent website supply chain attacks. Source Defense’s real-time, all-the-time prevention leverages a fully automated and machine-learning assisted set of policies that control the access and permissions of all 3rd party tools operating on a website. The Source Defense solution ensures those 3rd parties only deliver the intended user experience and may not be leveraged for malicious data extraction or website alteration.
By removing the security, risk, and compliance considerations from 3rd party integrations, Source Defense saves countless man-hours spent on tests and integrations. This allows website owners to focus on enhancing user experience and driving web commerce revenues while ensuring the security and privacy of customer and payment data.