Akamai launched an in-browser threat-detection product that it says can detect and mitigate script vulnerabilities that attackers can use to steal user data.
“The evolution of web applications has not gone unnoticed by attackers, and maybe web defenders haven’t thought as much about it,” said Patrick Sullivan, Akamai CTO of security and strategy.
Modern web applications rely on numerous scripts — in addition to first-party scripts, this includes dozens of third-party scripts — to run services and access data. Third-party scripts may include sensitive information pages used for payments, account management, and personal information forms. However, security teams have little visibility into or control over these third-party supplied and maintained scripts.
This, or course, makes it easier for attackers to inject malicious code into the script that can run unnoticed for several days or even longer. These Magecart-style attacks are difficult to detect in complex websites, Sullivan said.
“Usually it’s a JavaScript,” he said. “Maybe that third party has JavaScript that they maintain in a cloud storage blob, and maybe they don't do a great job of securing that that particular JavaScript. All that an adversary needs to do is come by and modify that JavaScript that is running on your page, insert maybe a dozen lines of code, and now they’re able to monitor all of the transactions on that page. They’ve got a really powerful vantage point to do things like form-jacking, wherein they can read all of the content on sensitive form fields on that web application.”
Meanwhile, until the code is detected, attackers can monitor and steal sensitive data like credit card information, which they can then sell on the darknet or use themselves.
Last October the FBI warned that these types of web skimming attacks are on the rise. Akamai, over a recent seven-day period, analyzed about 5 billion JavaScript executions across 110 million pageviews and found about 1,000 vulnerabilities, which it said could result in stolen sensitive user data.
Akamai’s new Page Integrity Manager protect websites from JavaScript threats by identifying vulnerable resources, detecting suspicious behavior and blocking malicious activity. “So we’re actually monitoring the behavior of all the JavaScript,” Sullivan said. “If a JavaScript does all the things that we would normally expect, there’s low-risk behavior there and we stay silent.”
However, if the JavaScript suddenly starts reaching into a sensitive form field, or generating its own form field that exposes credit card data or user credentials, then Page Integrity Manager alerts the security team. “And then they would get a full inventory of cradle to grave all of the steps that that JavaScript is performing, from invocation all the way through to their network events where it’s writing, so somebody could very quickly understand this is what’s happening on my clients browser right as they interact with my website.”