Script Monitor aims to skate skimmers
Cloudflare has launched a tool designed to help prevent attacks on Magecart-style payment card processing.
Beginning in 2015, cybercrime groups stole payment card information from Magento apps by infecting third-party plugins with malicious code.
Victims of attacks on the Magecar-style software supply chain include Ticketmaster, Newegg, British Airways and others.
Script Monitor – available as a beta – is the first available component of Page Shield, a client-side security product from Cloudflare that was unveiled on Thursday (March 25th).
Script Monitor analyzes legitimate third-party code on the site and alerts the customer when any new code is added or existing code is changed.
Stay up to date with the latest Magecart safety news (skimmer)
“The goal is to provide insight into these startup dependencies and expand the report with signals from Cloudflare to identify malicious vs [versus] not malicious in the next iteration. “
According to Cloudflare, existing browser technologies, such as Content Security Policy (CSP) and Sub-Resource Integrity (SRI), provide some protection against client-side threats, but have some drawbacks that its Script Monitor is able to overcome.
Due to Cloudflare’s unique position between application origin servers and end users, we can change responses before they reach end users. In this case we add an additional one Content-Security-Policy-Report Only header to the pages as they pass through our edge.
The Shield can already be adjusted to some extent, but Cloudflare plans to further refine this aspect of the technology to avoid bombarding users with too many alerts.
Graham-Cumming said: “As we further develop the product, we plan to expand both the alert capabilities and data available in the reports to highlight malicious in relation to [versus] unintentional changes according to our detection mechanisms. “
Follow the latest browser security news
Client-side security is only one part of web application security, according to Graham-Cumming, who added that an in-depth defense approach is needed.
“Businesses should approach the problem holistically and consider compatibility with others must have solutions such as WAF, API protection, SSL management and so on,” Graham-Cumming concluded. “Cloudflare’s solutions are fully compatible with each other.”
Given Cloudflare’s online position, “we have a great opportunity to ‘solve’ Magecart-style attacks,” according to Graham-Cumming.
Shield, whose Script Shield is the first component available, is part of Cloudflare’s broader client-side security promotion. Earlier this week, Cloudflare launched Remote Browser Isolation as a means for customers to mitigate client-side attacks in worker browsers.
RELATED Magecart attacks in 2021: Cat and mouse game continues between cyber-thieves, researchers and law enforcement agencies