Akamai has released Page Integrity Manager, an in-browser threat detection solution designed to uncover compromised scripts that could be used to steal user data or impact the user experience. Initially popularised by Magecart groups, and now being leveraged by other threat actors, the attack vector of malicious web page scripts is growing and has become a frequent source of data breaches.
A typical website relies on dozens of third-party sources — many that result in scripts executing in user browsers. Third-party scripts are essential for the dynamic user experience expected in modern websites, inclusive of sensitive information pages used for payments, account management, and personal information forms. However, security teams have little visibility into or control over these third-party supplied and maintained scripts.
Akamai designed Page Integrity Manager to protect websites from JavaScript threats, such as web skimming, form-jacking, and Magecart attacks, by identifying vulnerable resources, detecting suspicious behavior, and blocking malicious activity. By detecting suspicious script activity in real-time, Page Integrity Manager offers a more effective way to defeat well-hidden supply chain attacks such as Magecart when they happen.
“Web skimming attacks steadily remain at a high-volume across a variety of industries, especially retail, media, and hospitality,” said Akamai Security Researcher Steve Ragan. “Over a recent seven day period, we analysed nearly five billion javascript executions, across 110 million page views and saw about a thousand vulnerabilities, any one of which could result in stolen sensitive user data.”
“By its nature, web page scripts are very dynamic. Third-party scripts are especially opaque, creating a new attack vector that is challenging to defend against,” said Raja Patel, Vice President of Products, Web Security at Akamai. “Page Integrity Manager gives our customers the visibility they need to manage the risk from scripts, including first-, third-, nth-party scripts, with actionable intel needed to make business decisions unique to your organisation.”
