Cloudflare has launched new web security service to prevent Magecart-style attacks.

Magecart is an umbrella term used to describe attacks based on JavaScript, which are card-based. Shopping websites and e-commerce platforms that contain vulnerabilities – such as in the case of background content management (CMS) or third-party script dependencies – are exploited, JavaScript code embedded in e-commerce related pages, and any payment card details posted on these pages are harvested. sent to attackers.

Many companies have, and continue to do, fall victim to the Magecart attacks. Past victims include British Airways, Ticketmaster, Newegg, and Boom! Mobile.

“This attack is difficult to detect because many application owners rely on third-party JavaScript to work as intended,” Cloudflare said. “As a result of this trust, third-party code is not normally tested by the application owner. In most cases, the Magecart attack took months before its acquisition.”

To combat the issue, on Thursday, Cloudflare launched Page Shield, a customer security solution.

The Script Monitor feature, embedded in Page Shield, checks third-party JavaScript dependencies and records any new additions over time.

Script Monitor, currently in Beta and available under the Firewall section of the customer dashboard, also adds Content-Policy-Report-Only content to content passing through the Cloudflare network.

When JavaScript attempts to do so, browsers will send reports to the target company to see if there are any new changes – and then customers are warned so that customers can “investigate and determine if a change is expected,” Cloudflare said.

Cloudflare launches Page Shield For Magecart card skimming attacks
Image:Cloudflare

The company also collaborates with cybersecurity partners to obtain Magecart JavaScript samples. Ultimately, it is hoped that Page Shield will be accurate enough to notify clients when dependency appears negative.

Business and Enterprise customers can now sign up to access closed beta Shield for Page Shield.

Earlier this week, the company introduced Cloudflare Browser Isolate, a zero-trust protection program to protect remote employees – and organizations they work for – from threats by creating a gap between active browsing times and end tools.

The page shield is currently in Beta Version But, all Business and Enterprise customers can sign up here to join the closed beta for Page Shield. By joining the beta, customers will be able to activate Script Monitor and begin monitoring their site’s JavaScript.

Priyanshu Vijayvargiya

Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

Leave a Reply

Your email address will not be published. Required fields are marked *