Ted McKendall

Supply chain attacks are on the rise. According to Symantec’s 2019 Internet Security Threat Report (ISTR), the number of attacks targeting third-party providers of widgets, plug-ins and analytics tools increased by 78 percent during 2018. Such is the extent of this growth, a report by Carbon Black found that half of all attacks are now aimed at the supply chain.  

For example, Magecart groups, responsible for injecting malicious JavaScript code into the checkout pages on the websites of high-profile businesses such as British Airways and Ticketmaster, have begun expanding their efforts to target the supply chain of the service providers these businesses use.  

Only recently, malicious scripts were found on the servers of at least seven companies that provide online services to thousands of websites. After it was first spotted on the servers of Alpaca Forms and Picreel in mid-May, security analysts soon discovered that hackers had breached five other online services – AppLixir, RYVIU, OmniKickeGain and AdMaxim – and embedded similar code on their servers.  

This particular code was designed to log all content entered by users into form fields such as contact forms, login sections, and checkout and payment pages, before sending it to a remote server located in Panama. Fortunately, however, it appears that a combination of rapid intervention and clumsy coding meant the script was never actually embedded on any of the thousands of remote customer sites served by these companies.   

Had the hackers been successful in their efforts, the personal and payment details of potentially hundreds and thousands of consumers around the world could have made their way to Central America. From there they would then have been sold on via the black market for all manner of criminal purposes.  

 

Protecting valuable information  

There are many reasons behind the rise in supply chain attacks, not least the fact that these third-party companies tend to be smaller and less well-protected than the larger, high-profile sites they supply. And, of course, given the number of customers using their mostly white-labelled products, such an approach is likely to deliver a far greater return on their investment.  

This recent incident highlights a worrying new development. Largely generic in nature, the script was designed to target every form field on a website, no matter what it was designed to capture. Such an approach effectively bears out analyst predictions that, where once these types of attacks were designed to capture payment information, they will soon be used to steal much more. The criminal fraternity can make use of various types of personal information, making it an increasingly valuable commodity on the black market.  

However, short of avoiding websites where they’re required to enter their personal and payment card details, there’s little that consumers themselves can do to prevent their information being stolen. It therefore falls to the merchants whose websites they are using to ensure protective measures are put in place and that, even if an element of their supply chain should be breached, their customers’ information is protected.  

What is required is an “agentless” approach to securing the transaction page, where merchant and customer meet; improving security while requiring the customer to do nothing.  

Trusted Knight’s Protector Air offers just that. A cloud-based solution that is invisible to the end-user, protecting every form field and transaction request and thwarting any attempts to steal their information.  

Click to find out how, even in the event of a supply chain attack, Trusted Knight can protect your customers’ information.    

Explore Protector Air

blog-post-logo