ePrivacy and GPDR Cookie Consent by Cookie Consent

With the increase in Magecart attacks, how do you know if your website is protected?

November 2020

by Nicos Rugeris

Guest Blog by Randy Paszek, Sales Engineer at Source Defense. 

When building anything from scratch it’s always best to have the right tools. A cabinet will require saws, drills, glue, rulers, squares, and many others. There are many tools in a carpenters toolbox. All of them with a purpose.

If you’re not a carpenter, picking the right tool can be difficult. Do you need a drill driver or will just a drill work? Should you use a router to bevel the edges or can you get away with a belt sander to take that edge away? Many tools can get the job done but the correct one gets the job done right. As a carpenter, the latter is the ultimate goal.

The same can be said for CyberSecurity, and more specifically, Magecart. There are many tools in the CyberSecurity toolbox, but only one can be used correctly when trying to prevent a Magecart attack. If you’re not a CyberSecurity software expert and if you have not done the research, how can you be sure you are choosing the right tool?

Now sure, there are tools you may already have that only detect attacks or require a massive resource sink to configure and upkeep, your CSPs, your SRIs, or your scanners. These tools are a great way to control cross-site scripting, maintain file integrity, or get an overview on the health of your site. However, none of those tools are made specifically to prevent Magecart. In fact, some only report anomalies after a certain percentage of traffic is disrupted!

The Magecart solution landscape is similar to the WAF vs Bot argument. Before bots started mimicking human behavior to stay undetected, WAFs were a popular deterrent. Once bots started becoming more advanced the need for a specific tool grew exponentially. Right now, the need for a specific Magecart solution is high. Magecart attacks have only ramped up since the first major attack in 2018.

Existing tools (CSP, Scanners) were thought to do enough to slow down or curb these attacks, but with obfuscated code, URL hijacking, and other nefarious tactics, the CyberSecurity toolbox has a hole that normal detection tools simply cannot fill. Scanning all code, in real time, and determining good vs bad still allows the attack to happen. The remediation and response to the attack is where you’ll spend most of your time. A tool that prevents the attack from being successful is what’s needed now. That is where Source Defense has come along. They’ve built, from scratch, a patented and proprietary solution designed to prevent a successful Magecart attack. You could use existing tools or website scanners to help mitigate these attacks, but that’d be like using a circular saw to make mitre cuts in a piece of wood. It can be done, but a mitre saw would be the right tool for that job.

The right tool for preventing Magecart attacks is Source Defense. Their solution protects all elements of your webpage from JavaScript attacks (Magecart). Whether it’s an image on your page, a login screen, checkout page, or any other page with a sensitive field, your pages and your visitors are protected.

With the increase in online transactions at financial institutions, healthcare providers, and eCommerce companies, along with compliance regulations like GDPR, CCPA, and SHIELD, the need for a tool to protect website visitors is as high as it has ever been.

Finding the right tool for the right job is quite simple, a screw needs a screwdriver, a nail needs a hammer, and a sensitive field needs Source Defense. If you’d like more information on your Magecart exposure, please contact hello@e92cloud.com or visit https://sourcedefense.com/check-your-exposure/ for a free website risk analysis.