Akamai launches a new in-browser threat detection solution that uncovers compromised scripts
Akamai, the intelligent edge platform for securing and delivering digital experiences, announced the launch of Page Integrity Manager, an in-browser threat detection solution designed to uncover compromised scripts that could be used to steal user data or impact the user experience.
Initially popularized by Magecart groups, and now being leveraged by other threat actors, the attack vector of malicious web page scripts is growing and has become a frequent source of data breaches.
A typical website relies on dozens of third-party sources — many that result in scripts executing in user browsers. Third-party scripts are essential for the dynamic user experience expected in modern websites, inclusive of sensitive information pages used for payments, account management, and personal information forms.
However, security teams have little visibility into or control over these third-party supplied and maintained scripts.
Akamai designed Page Integrity Manager to protect websites from JavaScript threats, such as web skimming, form-jacking, and Magecart attacks, by identifying vulnerable resources, detecting suspicious behavior, and blocking malicious activity.
By detecting suspicious script activity in real-time, Page Integrity Manager offers a more effective way to defeat well-hidden supply chain attacks such as Magecart when they happen.
“Web skimming attacks steadily remain at a high-volume across a variety of industries, especially retail, media, and hospitality,” said Akamai Security Researcher Steve Ragan.
“Over a recent seven day period, we analyzed nearly five billion javascript executions, across 110 million page views and saw about a thousand vulnerabilities, any one of which could result in stolen sensitive user data.”
The FBI recently reported that web skimming has been on its radar for nearly seven years, but the crime is growing because cybercriminals are sharing the malware online and becoming more sophisticated.
“By its nature, web page scripts are very dynamic. Third-party scripts are especially opaque, creating a new attack vector that is challenging to defend against,” said Raja Patel, Vice President of Products, Web Security at Akamai.
“Page Integrity Manager gives our customers the visibility they need to manage the risk from scripts, including first-, third-, nth-party scripts, with actionable intel needed to make business decisions unique to your organization.”