October 21, 2020
As a trusted security advisor, you are constantly looking at new threat areas, new threat landscapes, and new risks, because you're not only concerned about your customers’ brand safety but you're concerned about your brand safety as a trusted security advisor.
”The client-side of web applications became complex and constantly changing surface area with multiple components controlled by outsiders.
The client-side or the front end of web applications, aka ‘digital user experience’, actively ingests customer/user information at data input points that can include some very sensitive information. As the web front-end code runs on unmonitored and untrusted devices, many application security flaws are being leveraged by malware and malicious actors to capture credentials, financial transactions, payment card data, and permit legitimate third-party vendor tools to facilitate unauthorized access to sensitive data. These attacks are called client-side web skimming attacks.
Magecart related client-side attacks were confirmed to have successfully breached tens of thousands of organizations including Macy’s, Ticketmaster, American Cancer Society, P&G's First Aid- Beauty, British
Airways, Newegg, and many other organizations have reported successful digital skimming attacks. However, the vast majority of web skimming victims are inflicted upon small to medium-sized organizations with 50 to 1000 employees. Costs of web skimming breaches range from tens of thousands to hundreds of millions of dollars along with a high probability of putting some victims out of business.
As a trusted security advisor, we are constantly looking at new threat areas, new threat landscapes, and new risks, because we're concerned about our clients’ brand safety. As your trusted advisor it’s our responsibility to tell you about these new emerging client-side risks, which include Magecart web skimming, PII/ePHI exhilaration, and unsanctioned canvas fingerprinting.
More than 19,000 organizations, including high-profile international organizations, were web breached on the client-side, in 2019. Any organization in financial services, banking, e-commerce, healthcare, government, technology, and SaaS industry that offers services on its website that does not have effective client-side security controls in place is potentially vulnerable.
We have added a client-side security solution to our portfolio that we've started to rollout. You'd be amazed at what it uncovers, especially on the client-side of websites.
As your trusted advisor, we would recommend that you include this in managing your threat landscape and this is why: these client-side web skimming attacks infect websites with malicious code, known as skimmers or JavaScript sniffers, and are invisible to traditional security testing.
The client-side security service specializes in the protection of web applications and enterprise websites against client-side threats helping organizations deal with web skimming attacks, data harvesting attacks, attempts to execute malicious code at the browser level, privileged access issues by legitimate and unsanctioned code and much more. It implements in hours, not months, and it doesn’t need a rocket scientist to operate it.
About author
Discover and Analyze Assets
Discover and Analyze Assets
Discover and Analyze Assets
Discover and Analyze Assets