Akamai, the intelligent edge platform for securing and delivering digital experiences, announced the launch of Page Integrity Manager, an in-browser threat detection solution designed to uncover compromised scripts that could be used to steal user data or impact the user experience.
Initially popularized by Magecart groups, and now being leveraged by other threat actors, the attack vector of malicious web page scripts is growing and has become a frequent source of data breaches.
A typical website relies on dozens of third-party sources — many that result in scripts executing in user browsers. Third-party scripts are essential for the dynamic user experience expected in modern websites, inclusive of sensitive information pages used for payments, account management, and personal information forms.
However, security teams have little visibility into or control over these third-party supplied and maintained scripts.
By detecting suspicious script activity in real-time, Page Integrity Manager offers a more effective way to defeat well-hidden supply chain attacks such as Magecart when they happen.
“Web skimming attacks steadily remain at a high-volume across a variety of industries, especially retail, media, and hospitality,” said Akamai Security Researcher Steve Ragan.
The FBI recently reported that web skimming has been on its radar for nearly seven years, but the crime is growing because cybercriminals are sharing the malware online and becoming more sophisticated.
“By its nature, web page scripts are very dynamic. Third-party scripts are especially opaque, creating a new attack vector that is challenging to defend against,” said Raja Patel, Vice President of Products, Web Security at Akamai.
“Page Integrity Manager gives our customers the visibility they need to manage the risk from scripts, including first-, third-, nth-party scripts, with actionable intel needed to make business decisions unique to your organization.”