Akamai Tool Detects Suspicious JavaScript Code
Akamai today launched Page Integrity Manager, an in-browser threat detection capability that discovers compromised instances of JavaScript running on a client.
Patrick Sullivan, CTO for security strategy at Akamai, said this type of cyberattack is becoming more common following the successes that cybercriminals collectively known as Magecart groups have had attacking shopping carts on e-commerce sites.
Sullivan said Akamai created Page Integrity Manager to detect suspicious script activity such as web skimming, form-jacking and Magecart attacks in real-time. Page Integrity Manager adds code to the webpage that enables Akamai to analyze JavaScript code before it executes to close a significant visibility gap, he said.
As already proven, it’s not difficult for cybercriminals to inject code into a browser. An Akamai analysis of 5 billion JavaScript executions generated across 110 million page views revealed roughly 1,000 vulnerabilities, any one of which could be employed to steal data, Sullivan noted.
The challenge cybersecurity teams face is about two-thirds of the calls by JavaScript code running on a browser are being made to third-party services. Without Page Integrity Manager there is no way to determine if all the calls are legitimate, he said.
Like many cybersecurity issues, organizations have found it difficult to thwart these attacks because cybersecurity teams and developers both lack the tools needed to discover these vulnerabilities. While improvements are slowly being made in terms of adopting best DevSecOps processes, Sullivan said developers still need access to analytics generated by a tool such as Page Integrity Manager to address issues that are becoming more acute as cybercriminals leverage JavaScript to launch more sophisticated attacks.
Many of those attacks are also polymorphic, as cybercriminals are becoming more adept at exploiting vulnerabilities to launch multiple types of attacks at the same time.
As is the case in cybersecurity these days, it’s not always clear who inside an organization is responsible for mitigating JavaScript vulnerabilities. Most cybersecurity teams can compile a list of vulnerabilities to be shared with developers. However, developers then need to weigh fixing those vulnerabilities against other bugs and new features that the business wants to address as well. After all, there are only so many developers and hours in a day.
That issue is one of the primary reasons for relying on a content delivery network (CDN) to deploy web applications that are frequently targeted by cybercriminals. In addition to improving their performance, a CDN isolates web applications from the rest of the enterprise, thereby reducing the chances malware will spread. Providers of CDNs such as Akamai generally also have more cybersecurity tools and services available to secure those applications.
Of course, there’s no such thing as perfect security. Organizations that employ CDNs still need to invest in developing their own cybersecurity skills and expertise. However, given the general scarcity of cybersecurity expertise, a provider of a CDN can prove to be a crucial ally at a time when cyberattacks continue to increase in both volume and severity.
