3 Web Third-Party Related Events You Don’t Want to Miss from early 2020

by Reflectiz Team on April 30, 2020

Welcome to Reflectiz’ news picks from the first four months of 2020. The outbreak of Covid-19 is undoubtedly one of the most dramatic events in modern history. Unsurprisingly, this global crisis and even the universal solidarity, hasn’t stopped hackers and threat actors. Over this period, we have seen increased malicious activities, more targeted websites and even new types of client-side attacks. Hackers never rest, and either do we. Read on!

Magecart attacks on e-commerce are booming

With the Covid-19 pandemic outbreak we’ve seen an enormous increase in all kinds of cyber-attacks. This includes all kinds of client-side attacks, many of which are led by the very active Magecart cybercrime groups.

According to a recent report published on Computer Weekly, researchers have identified a 20% increase of Magecart attacks on e-commerce businesses. Obviously, the growth in malicious activities is expected as more and more people have no choice but to use online channels. As we are dealing with the consequences of physical shopping abandonment it is important to identify this trend. In this case, the logical conclusion for e-commerce websites should indicate that Magecart type attacks will increase dramatically, as the online retail is booming because of changes in consumer habits. As for now, the facts talk for themselves.

Read the original article by Alex Scroxton, ComputerWeekly: Coronavirus: Magecart attacks on online retailers jump 20%

Want to learn more how avoid Magecart attacks before they happen?
Visit our new e-commerce section

Sponsorships Available

This attack lasted for 343 days without being discovered!

Magecart attacks are always challenging and not everyone is able to keep pace, but the “KandyPens attack” is somewhat exceptional. Not only because of the data type which was stolen or the size of it, but because of its length.

In this case the attack lasted way longer than the 30+ days an average Magecart breach transpires. According to KandyPens’ notice of data security incident to the authorities “Credit and debit card information entered between March 7, 2019 and February 13, 2020 may have been at risk.” Looking at Magecart attacks from that aspect, gives you a clear idea that this type of e-skimmers knows how to stay in the shadows for long periods of time and hide their tracks. Reducing time-to-detect is crucial to minimize the damage created by web skimming.

Read the original article By Bill Toulas, TechNadu: “KandyPens” Has Leaked Full Customer Credit Card Details

How do we detect Magecart attacks on e-commerce website?
Visit our new e-commerce section

JavaScript and Web Development Trends of 2020

Every new year comes with tons of reports. Most of you are already familiar with all the cyber-security content that summarize the good old 2019. But here is something different that deals directly with our landscape, i.e., JavaScript and web dev tools.

This very interesting report gives an important overview of the latest developments and shows how these environments are expanding. Interestingly enough, at least 70% of websites use 10 third-parties or more. This is “our” huge security landscape. This is also a great opportunity for every CiSO and cyber-security team member to learn more about the evolving landscape and understand how big and important it is.

Read the original report by Dylan Schiemann, Bruno Couriol (and reviewed by Charles Humble), InfoQ: JavaScript and Web Development InfoQ Trends Report 2020

Learn everything you need to know about third-parties on websites:
The Figures of Third-Party Application Security on Websites

The post 3 Web Third-Party Related Events You Don’t Want to Miss from early 2020 appeared first on Reflectiz.