It is the second concern—when malicious code hits the supply chain connecting code to front-end web applications—that has the potential to significantly damage numerous connected businesses and their users.
Digging Into the TTPs
The Basics: What Are TTPs?
Tactics, techniques, and procedures—otherwise known as TTPs—help security teams better understand threat actors and detect and mitigate attacks.
Techniques are the methods that cybercriminals use to achieve their objectives. In a client-side attack, the tactics might be cross-site scripting (XSS).
Procedures involve the steps threat actors take to move the attack through the attack lifecycle. For example, in an e-skimming attack, the threat actor may capture the data from a form on a compromised website, send the exfiltrated data to a command and control (C2) server, and then sell the stolen data on the dark web.
E-skimming, Formjacking, & Magecart Attacks
E-skimming, formjacking, and Magecart are all client-side attacks. The attack tactics are fairly straightforward: malicious code on a web application is used to exfiltrate information belonging to end users (e.g., credit card data inputted into check-out pages on shopping websites). The stolen data is then sold on the dark web.
- Manipulation of source code in open-source dependencies—Multiple recent studies have found that third-party and open-source libraries harbor vulnerable and sometimes intentionally malicious code.
- Differences between client side and server side and why businesses need to prioritize client-side security.
- Client-side attacks and the supply chain—which can’t be ignored.