Akamai Eyes Malicious Script Behavior
May 28, 2020
launched Page Integrity Manager, an in-browser threat detection solution
designed to uncover compromised scripts that could be used to steal user
data or impact the user experience. Initially popularized by Magecart
groups, and now being leveraged by other threat actors, the attack
vector of malicious web page scripts is growing and has become a
frequent source of data breaches.
A typical website relies on dozens of third-party sources -- many that
result in scripts executing in user browsers. Third-party scripts are
essential for the dynamic user experience expected in modern websites,
inclusive of sensitive information pages used for payments, account
management, and personal information forms. However, security teams have
little visibility into or control over these third-party supplied and
Akamai designed Page Integrity Manager to protect websites from
attacks, by identifying vulnerable resources, detecting suspicious
behavior, and blocking malicious activity. By detecting suspicious
script activity in real-time, Page Integrity Manager offers a more
effective way to defeat well-hidden supply chain attacks such as
Magecart when they happen.
skimming attacks steadily remain at a high-volume across a variety of
industries, especially retail, media, and hospitality," said Akamai
Security Researcher Steve Ragan. "Over a recent seven day period, we
page views and saw about a thousand vulnerabilities, any one of which
could result in stolen sensitive user data."
The FBI recently reported that web skimming has been on its radar for
nearly seven years, but the crime is growing because cybercriminals are
sharing the malware online and becoming more sophisticated.
"By its nature, web page scripts are very dynamic. Third-party scripts
are especially opaque, creating a new attack vector that is challenging
to defend against," said Raja Patel, Vice President of Products, Web
Security at Akamai. "Page Integrity Manager gives our customers the
visibility they need to manage the risk from scripts, including first-,
third-, nth-party scripts, with actionable intel needed to make business
decisions unique to your organization."