Akamai has launched its Page Integrity Manager, a new in-browser cybersecurity product that uses artificial intelligence to spot attackers trying to steal data via first or third-party scripts used in websites.
The tech company, which delivers network security, web and mobile performance products, says the in-browser threat detection solution has been primarily designed to uncover compromised scripts. These are frequently used to steal user data, particularly credit card information, or impact the user experience.
Initially popularized by Magecart groups; networks of malicious hackers who target online shopping cart systems that use the Magento plugin, Akamai says that in-browser web skimming attacks using malicious web page scripts are growing.
- Check out the best money transfer apps and services
- The best tax software
- Have a look at the best accounting software
Security threats
A typical website relies on dozens of third-party sources with many that run scripts executed in user browsers. Third-party scripts are essential for the dynamic user experience found in websites, including sensitive information pages used for payments, account management and personal information forms.
However, security teams have little visibility into or control over these third-party supplied and maintained scripts.
Akamai has therefore designed Page Integrity Manager to protect websites from JavaScript threats, such as web skimming, form-jacking, and the aforementioned Magecart attacks, by identifying vulnerable resources, detecting suspicious behaviour and subsequently blocking malicious activity.
By detecting suspicious script activity in real-time, Akamai claims Page Integrity Manager will offer a more effective way to defeat well-hidden supply chain attacks such as Magecart when they happen.
“Web skimming attacks steadily remain at a high-volume across a variety of industries, especially retail, media, and hospitality,” said Akamai Security Researcher Steve Ragan. “Over a recent seven day period, we analyzed nearly five billion JavaScript executions, across 110 million page views and saw about a thousand vulnerabilities, any one of which could result in stolen sensitive user data.”
The FBI recently reported that web skimming has been on its radar for nearly seven years, but the crime is growing because cybercriminals are sharing the malware online and becoming more sophisticated.
“By its nature, web page scripts are very dynamic. Third-party scripts are especially opaque, creating a new attack vector that is challenging to defend against,” said Richard Meeus, Director of Security and Technology Strategy EMEA, at Akamai.
“Page Integrity Manager gives our customers the visibility they need to manage the risk from scripts, including first-, third-, nth-party scripts, with actionable intel needed to make business decisions unique to your organisation.”
- We've also highlighted the best e-commerce platforms
