How secure is your website supply chain?
A supply chain attack is one that targets vulnerabilities in common tools and resources such as chat plugins, ad providers, analytics and more.
These third parties often have scripts that load on popular ecommerce sites across the web. Yours might be one of them.
Orchestrating Supply Chain Attacks
In recent years a number of hacker groups have adopted tactics such as supply chain attacks in order to steal customer data. We refer to these groups collectively as “Magecart”.
These attacks have become more frequent, and major brands have been targeted – including Ticketmaster.
Another high profile example is ad provider Adverline, breached in late 2018. Adverline’s breach compromised 277 websites using its ad software.
Push-notification provider Feedify was also targeted, with a Magecart script affecting around 300 websites using the service. Even after removing the malicious code Feedify was compromised several more times.
Whilst your customers browse and purchase on your website, scripts are loaded from third parties.
If a third party is compromised, hackers then have a way to write scripts affecting your website.
Hackers can then intercept customer card details without you even noticing.
Supply Chain Attack Detection
Without restrictive whitelists and tag management it’s very difficult to spot a supply chain breach. Many large sites operate dozens of third party tools in their source code, and any one could be the victim of a breach that compromises the entire parent website.
When a third-party script sends customer data to a new source – one you haven’t approved – we can detect it.