RiskIQ JavaScript Threats Module protects orgs’ high-traffic payment pages from JavaScript attacks

RiskIQ, the global leader in attack surface management, announced the launch of RiskIQ JavaScript Threats Module to ensure customer trust in e-commerce by protecting organizations’ high-traffic payment pages from JavaScript attacks.

The module is part of a comprehensive platform for reducing threats to organizations’ internet attack surfaces. JavaScript Threats is the only enterprise-scale product trusted by the largest financial and e-commerce companies and powered by the threat intelligence of industry-leading experts on Magecart JavaScript attacks.

JavaScript Threats leverages RiskIQ’s proprietary global discovery infrastructure to build complete, dynamic inventories of organizations’ websites, including critical e-commerce assets with their own and third-party JavaScript.

It then monitors the web assets and JS resources, creating alerts for malicious and suspicious changes so organizations can quickly detect JavaScript attacks.

Magecart cybercriminals inject malicious JavaScript code into web pages once every five minutes, according to RiskIQ threat research group’s detection data. These attacks can be direct compromises or supply-chain compromises.

Supply chain attacks target third-party JavaScript resources, such as analytics trackers, website optimization tools, and chat plugins, and give threat actors massive reach by multiplying their attack across potentially thousands of websites.

Businesses incur reputational and financial damages such as loss of customer trust and market share, lawsuits, and punitive regulatory fines.

The damages caused by JavaScript attacks came into sharp focus earlier this month when the UK Information Commissioner’s Office proposed a £183 million ($224 million) fine on British Airways.

The JavaScript attack on its website resulted in the theft of credit card data for almost 500,000 customers. This proposed fine represents 1.5% of British Airways 2017 revenues and could have been as high as 4% of revenues, or £489 million ($598 million).

The breach, analyzed by RiskIQ threat research group in September 2018, was carried out by one of the most sophisticated Magecart cybercriminal groups.

“Many organizations have almost no visibility into their web assets, third-party web resources, and the way their customers and employees interact with them,” said Elias Manousos, RiskIQ CEO and co-founder.

“Because of this, JavaScript attacks have become the go-to method for threat actors to target digital businesses, their customers, and their employees in a stealthy manner.”

The 2019 Verizon Data Breach Investigations Report: Executive Summary substantiates the prevalence of JavaScript attacks. The report highlights that malicious code designed to capture data entered into web forms is the primary attack pattern for breaches in the Retail, Professional Services, Finance, and Manufacturing industries.

The Verizon report also states: “Payment card web application compromises are well on their way to exceeding physical terminal compromises in payment card-related breaches. Data from one of our contributors, the National Cyber-Forensics and Training Alliance (NCFTA), substantiates this shift appears to have already occurred, and our larger data set is also trending that way.”

Magecart JavaScript attacks are likely to increase, as they have been highly successful. RiskIQ threat research group has pointed out previously that Magecart is an active threat that operates at a scale and breadth that rivals, or may even surpass, the compromises of retail giants such as Home Depot and Target.

The Magecart actors have been active since 2015 and have never retreated from their chosen criminal activity. Instead, they have continually refined their tactics and targets to maximize the return on their efforts.

Cybercriminal syndicates have created entire economies around JavaScript attacks with vibrant, lucrative markets emerging for stolen data, web skimmers, and compromised websites.

“Actors like Magecart are responsible for some of the most high-profile breaches in recent history, and thousands of businesses have been targeted with stealthy attacks on their e-commerce web assets,” Manousos said.

“With JavaScript attacks poised to carve out a significant portion of the threat landscape for years to come, businesses will be forced to evaluate their security strategy and investments to address them.”