RiskIQ launches JavaScript threats solution amidst surge in attacks on e-commerce web assets

August 2, 2019 – RiskIQ, the global leader in attack surface management, today announced the launch of RiskIQ JavaScript Threats Module to ensure customer trust in e-commerce by protecting organisations’ high-traffic payment pages from JavaScript attacks. The module is part of a comprehensive platform for reducing threats to organisations’ internet attack surfaces. JavaScript Threats is the only enterprise-scale product trusted by the largest financial and e-commerce companies and powered by the threat intelligence of industry-leading experts on Magecart JavaScript attacks.

JavaScript Threats leverages RiskIQ’s proprietary global discovery infrastructure to build complete, dynamic inventories of organisations’ websites, including critical e-commerce assets with their own and third-party JavaScript. It then monitors the web assets and JS resources, creating alerts for malicious and suspicious changes so organisations can quickly detect JavaScript attacks.

Magecart cybercriminals inject malicious JavaScript code into web pages once every five minutes, according to RiskIQ threat research group’s detection data. These attacks can be direct compromises or supply-chain compromises. Supply chain attacks target third-party JavaScript resources, such as analytics trackers, website optimisation tools, and chat plugins, and give threat actors massive reach by multiplying their attack across potentially thousands of websites. Businesses incur reputational and financial damages such as loss of customer trust and market share, lawsuits, and punitive regulatory fines.

The damages caused by JavaScript attacks came into sharp focus earlier this month when the UK Information Commissioner’s Office proposed a £183 million ($224 million) fine on British Airways. The JavaScript attack on its website resulted in the theft of credit card data for almost 500,000 customers. This proposed fine represents 1.5% of British Airways 2017 revenues and could have been as high as 4% of revenues, or £489 million ($598 million). The breach, analysed by RiskIQ threat research group in September 2018, was carried out by one of the most sophisticated Magecart cybercriminal groups.

“Many organisations have almost no visibility into their web assets, third-party web resources, and the way their customers and employees interact with them,” said Elias Manousos, RiskIQ CEO and co-founder. “Because of this, JavaScript attacks have become the go-to method for threat actors to target digital businesses, their customers, and their employees in a stealthy manner.”

The 2019 Verizon Data Breach Investigations Report: Executive Summary substantiates the prevalence of JavaScript attacks. The report highlights that malicious code designed to capture data entered into web forms is the primary attack pattern for breaches in the Retail, Professional Services, Finance, and Manufacturing industries. The Verizon report also states: “Payment card web application compromises are well on their way to exceeding physical terminal compromises in payment card-related breaches. Data from one of our contributors, the National Cyber-Forensics and Training Alliance (NCFTA), substantiates this shift appears to have already occurred, and our larger data set is also trending that way.”

Magecart JavaScript attacks are likely to increase, as they have been highly successful. RiskIQ threat research group has pointed out previously that Magecart is an active threat that operates at a scale and breadth that rivals, or may even surpass, the compromises of retail giants such as Home Depot and Target. The Magecart actors have been active since 2015 and have never retreated from their chosen criminal activity. Instead, they have continually refined their tactics and targets to maximise the return on their efforts. Cybercriminal syndicates have created entire economies around JavaScript attacks with vibrant, lucrative markets emerging for stolen data, web skimmers, and compromised websites.

“Actors like Magecart are responsible for some of the most high-profile breaches in recent history, and thousands of businesses have been targeted with stealthy attacks on their e-commerce web assets,” Manousos said. “With JavaScript attacks poised to carve out a significant portion of the threat landscape for years to come, businesses will be forced to evaluate their security strategy and investments to address them.”

Additional information

About RiskIQ
RiskIQ is the global leader in attack surface management, providing the most comprehensive discovery, intelligence, and mitigation of threats associated with an organisation’s digital presence. With more than 75 percent of attacks originating outside the firewall, RiskIQ allows enterprises to gain unified insight and control over web, social, and mobile exposures. Trusted by thousands of security analysts, security teams, and CISOs, RiskIQ’s platform combines advanced internet data reconnaissance and analytics to expedite investigations, understand digital attack surfaces, assess risk, and take action. Its software protects businesses, brands, and customers. Based in San Francisco, the company is backed by Summit Partners, Battery Ventures, Georgian Partners, and MassMutual Ventures.

Contact information
Richard Scarlett, Gemma White, Gabriel Hedengren
Finn Partners, on behalf of RiskIQ
E: riskiq@finnpartners.com
T: 020 7017 8421

Leave a Reply

Your email address will not be published. Required fields are marked *