Web commerce attacks accelerate
Perhaps driven by newfound insights into what to look for, the discovery of attacks like Magecart and Cart Thief on web commerce vendors have been hitting the news with increasing frequency. Unfortunately, breach notification fatigue may be causing too many vendors do not address a universal flaw in website security. In fact, this attack type is rapidly increasing in scope and has demonstrated the ability to launch attacks at massive scale. Already thousands of websites have been victimized.
The attack targets the website supply chain that developers rely on when building their websites. The integration of these website supply chain tools provides attackers with an unmanaged connection to the website providing unlimited access to every element of the web page including every piece of customer and payment data. The website owner is powerless to restrict the access or behaviors of these 3rd party vendors and the hackers that exploit them. Also, since these 3rd party integrations provide unmanaged access to customer data, customer privacy compliance is impossible with or without an attacker having compromised the web session.
With holiday shopping just around the corner web commerce vendors need to be concerned about this universal vulnerability that impacts security, data privacy, compliance and risk. Today this vulnerability impacts every website globally.