With the increase in Magecart attacks, how do you know if your website is protected?

e92cloud
November 2020

by Nicos Rugeris

Guest Blog by Randy Paszek, Sales Engineer at Source Defense. 

When building anything from scratch it’s always best to have the right tools. A cabinet will require saws, drills, glue, rulers, squares, and many others. There are many tools in a carpenters toolbox. All of them with a purpose.

If you’re not a carpenter, picking the right tool can be difficult. Do you need a drill driver or will just a drill work? Should you use a router to bevel the edges or can you get away with a belt sander to take that edge away? Many tools can get the job done but the correct one gets the job done right. As a carpenter, the latter is the ultimate goal.

The same can be said for CyberSecurity, and more specifically, Magecart. There are many tools in the CyberSecurity toolbox, but only one can be used correctly when trying to prevent a Magecart attack. If you’re not a CyberSecurity software expert and if you have not done the research, how can you be sure you are choosing the right tool?

Now sure, there are tools you may already have that only detect attacks or require a massive resource sink to configure and upkeep, your CSPs, your SRIs, or your scanners. These tools are a great way to control cross-site scripting, maintain file integrity, or get an overview on the health of your site. However, none of those tools are made specifically to prevent Magecart. In fact, some only report anomalies after a certain percentage of traffic is disrupted!

The Magecart solution landscape is similar to the WAF vs Bot argument. Before bots started mimicking human behavior to stay undetected, WAFs were a popular deterrent. Once bots started becoming more advanced the need for a specific tool grew exponentially. Right now, the need for a specific Magecart solution is high. Magecart attacks have only ramped up since the first major attack in 2018.

Existing tools (CSP, Scanners) were thought to do enough to slow down or curb these attacks, but with obfuscated code, URL hijacking, and other nefarious tactics, the CyberSecurity toolbox has a hole that normal detection tools simply cannot fill. Scanning all code, in real time, and determining good vs bad still allows the attack to happen. The remediation and response to the attack is where you’ll spend most of your time. A tool that prevents the attack from being successful is what’s needed now. That is where Source Defense has come along. They’ve built, from scratch, a patented and proprietary solution designed to prevent a successful Magecart attack. You could use existing tools or website scanners to help mitigate these attacks, but that’d be like using a circular saw to make mitre cuts in a piece of wood. It can be done, but a mitre saw would be the right tool for that job.

The right tool for preventing Magecart attacks is Source Defense. Their solution protects all elements of your webpage from JavaScript attacks (Magecart). Whether it’s an image on your page, a login screen, checkout page, or any other page with a sensitive field, your pages and your visitors are protected.

With the increase in online transactions at financial institutions, healthcare providers, and eCommerce companies, along with compliance regulations like GDPR, CCPA, and SHIELD, the need for a tool to protect website visitors is as high as it has ever been.

Finding the right tool for the right job is quite simple, a screw needs a screwdriver, a nail needs a hammer, and a sensitive field needs Source Defense. If you’d like more information on your Magecart exposure, please contact hello@e92cloud.com or visit https://sourcedefense.com/check-your-exposure/ for a free website risk analysis.

Latest articles

e92corporate
e92plus announce partnership with Cloudflare

March 2021

e92plus have announced a partnership with Cloudflare, the security, performance, and reliability company helping to build a better Internet. The partnership between  e92plus and Cloudflare will help grow Cloudflare’s channel community in the UK with joint reseller enablement, sales engagement, and go-to-market programs.“From non-profit communities to the largest global enterprises, Cloudflare’s heritage is built on keeping thousands of organisations online and secure every day” comments Mukesh Gupta, CEO and Founder of e92plus. “We’re delighted to be partnering with them, and enhancing our portfolio with a range of technologies and solutions that are designed from the ground up to secure and optimise the cloud from application build, to infrastructure, to the new network perimeter”. "As customers have accelerated their transition to the cloud, the demand for solutions from Cloudflare has risen dramatically,” states Anwar Karzazi, Head of Cloudflare EMEA Channel Sales and Partnership. “e92plus have well-established expertise as a distributor in the cyber security market.Their solid sales, technical and marketing capabilities, and their relationships with top resellers in the cyber channel, will help Cloudflare accelerate our growth still further in the UK and Ireland markets.”For e92plus, Cloudflare brings a heritage in securing cloud applications and infrastructure, while accelerating performance to maximise productivity and efficiency of the modern workforce. Together, e92plus andCloudflare will help reseller partners evolve their offering to secure cloud connections and protect against Zero Day attacks by deploying remote browser isolation technology, all managed with a single pane of glass alongside the full Cloudflare product stack. Cloudflare takes a cloud-first approach, combining security with performance to ensure the cloud delivers on the premise of a better user experience. “The opportunities for partners is significant, in complimenting their existing cybersecurity portfolio” explains Mukesh Gupta. “As cloud-first is becoming the default strategy for many organisations of all sizes, the reputation and proven expertise of Cloudflare in delivering an optimised, secure web experience will help partners provide a complete customer solution. It’s no longer about simply providing point solutions, and providing an offering that includes securing the fundamental cloud infrastructure that business-critical cloud applications is built on is essential”. Crucially, Cloudflare also provides extensive integrations with other third party cybersecurity solutions, meaning partners can deliver a single solution rather than disparate point products. For example, the integration with e92plus partner Ping Identity provides significant benefits, according to Baber Amin, CTO West of Ping Identity. "Cloudflare integrates with Ping Identity's global authentication authority to provide a comprehensive identity and zero trust networking solution to teams working on the internet, and ensure that only the right people get the appropriate access to resources at the right time."

e92corporate
e92plus partners with iboss to provide industry-leading, cloud-based network security

January 2021

e92plus have announced a partnership with iboss, a leader in cloud delivered network security, to grow their partner community and take their industry-leading, SASE cloud network security services to market to secure organisations and their employees on any device, from any location, in the cloud.iboss recently announced it has raised $145 million in new funding, supporting the company’s rapid growth as organizations increasingly recognize iboss as the leading provider of cutting-edge network security through the cloud. With iboss' success also recognised by leading analysts, the company is the ideal place as COVID-19 accelerates the ongoing shift to cloud-based cybersecurity providers.The iboss cloud platform eliminates the need for traditional network security appliances by delivering all of the network security capabilities in the cloud via a SaaS offering. iboss ensures a smoother and more seamless transition to the cloud than any other security vendor on the market with its cutting-edge technology and unique patented containerized cloud architecture. Users are always connected to iboss cloud, regardless of device or location, to ensure all Internet traffic is secured for compliance, web filtering, malware defence and data loss at all times.“The market has rapidly changed in 2020, and we’ve seen organisations migrate to the cloud in weeks rather than years” comments Mukesh Gupta, CEO and Founder of e92plus. “These rapid changes have emphasised the need for a cloud first approach, and the iboss approach provides an exciting addition to our portfolio, especially their ability for customers to retain control through containers while leveraging the agility and performance benefits of a cloud native platform”. “The market is embracing a cloud-first approach, and we’re excited to be working with e92plus accelerate cloud adoption and help channel partners simplify cloud-based network security for customers of all sizes. For Zero Trust and SASE models, the iboss platform provides the perfect foundation. This enables users to be the most productive as they work from any location by providing the necessary fast and secure connections to the cloud applications they use every day,” said Paul Martini, iboss Co-founder and CEO. “e92plus will help iboss scale in UK&I as channel partners assist their customers in establishing and executing against a zero-trust strategy and SASE model to support today’s evolving workplace.”The benefits and potential savings of using iboss have been highlighted in a report this year, produced in partnership with IDC 1. Key highlights included:- 37% lower 3-year cost of operations- 275% 3-year ROI- 4 months payback periodThe report also found that “iboss cloud was light years ahead of what we were using in terms of security functionality. The price factor was also important – when it came to iboss versus the other solutions we considered, iboss was a lot more affordable.” 1“For our partner community, iboss enables them to help their customers break from free on-premise restrictions and embrace the scale and flexibility of the cloud” explains Mukesh Gupta. “Increasingly customers are looking at alternatives to legacy VPNs or on-premise gateways that require unnecessary data backhaul and additional complexity. The iboss cloud-first approach offers an exciting new approach to cloud security and Zero Trust Network Access, and a vendor that’s highly ranked by leading analysts yet offers fantastic opportunity for growth. The major investment in them validates the huge potential for the company, and why they represent a significant opportunity for partners looking to replace legacy solutions”. 1 https://www.iboss.com/wp-content/uploads/2020/02/idc-iboss-report-full.pdf About e92plus Limitede92plus is the leading independent cybersecurity VAD for the UK channel, going beyond traditional distribution to provide exceptional products and services that drive accelerated growth for our vendor and reseller partners. With an established track record of introducing disruptive and next-gen technologies and building successful channels, e92plus also delivers award winning services through in-house specialists, complimenting and supporting our partners in their go-to-market strategy. They encompass technical, marketing, finance and operations, with our expertise in the entire lifecycle and agility to meet the dynamic needs of the market differentiating from legacy distribution models. Our portfolio is focused on best of breed technologies, delivering the most advanced solutions in cybersecurity that address the needs of every type of organisation from SMB to multi-national enterprise, while providing complimentary solutions to provide an integrating offering that moves beyond single products. The portfolio has expanded with divisions that provide platforms for MSP/MSSPs and VARs looking to build managed service practices, and support cloud-first partners and CSPs with relationships with the leading public cloud platforms.e92plus has distribution agreements with Bitdefender, Bitglass, Boldon James, Ericom Software, Forcepoint, iboss, NetAlly, SolarWinds, Swivel Secure, Trend Micro, Trustwave, WALLIX. About ibossiboss is a cloud security company that provides organizations and their employees fast and secure access to the Internet on any device, from any location, in the cloud. The iboss cloud platform provides network security as a service, delivered in the cloud, as a complete SaaS offering. This eliminates the need for traditional network security appliances, such as firewalls and web gateway proxies, which are ineffective at protecting a cloud-first and mobile world. Leveraging a purpose-built cloud architecture backed by over 190 issued and pending patents and more than 100 points of presence globally, iboss protects more than 4,000 organizations worldwide. To learn more, visit https://www.iboss.com

See all news posts

Visit e92plus.com for a full list of e92 divisions