Help
Technical Articles
F5 SMEs share good practice.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

JavaScript Supply Chains, Magecart, and F5 XC Client-Side Defense (Demo)

Kyle_Roberts
F5 Employee
F5 Employee

on ‎22-Jun-2022 13:10 - edited on ‎27-Apr-2023 14:01 by Community Manager

JavaScript Supply Chain Attacks are on the Rise

With a firewall, a WAF, bot defense, and a SIEM, you control and monitor web traffic entering the data center. Criminals have adapted their strategies to attack your customers in the browser. New web architectures involving dozens of third-party JavaScript files make this new attack surface even more vulnerable. 

Increasing Web Page Complexity

Enterprises cannot keep track of all the scripts and changes that go on in their website and attackers are exploiting this lack of surveillance to introduce malicious code into the supply chain that their web page relies on.

  • Most use 3rd party libraries (eg. Marketing Scripts)
  • Most 3rd party libraries themeselves depend on another set of 3rd party libraries (eg. jQuery.js)
  • Final page loads on end user's browser can easily contain scripts from 20-30 different organizations

Screen Shot 2022-06-16 at 10.19.15 AM.png

Magecart, Formjacking, and E-skimming

These attacks occur when a threat actor injects one or many malicious scripts into a legitimate page or code repo to create a software supply chain man-in-the-browser attack (SC-MITB). The attacker can then run keyloggers and any other JavaScript based attacks on the end-users browser stealing any credit card data, username and password combinations etc... which will be sent to the attackers command and control server as pictured below.

Screen Shot 2022-06-17 at 7.38.02 AM.png

What is Distributed Cloud Client-Side Defense?

F5® Distributed Cloud Client-Side Defense (CSD) provides a multi-phase protection system that protects web applications against Magecart-style and other malicious JavaScript attacks. This multi-phase protection system includes detection, alerting, and mitigation.

  • Detection. A continuously evolving signal set allows CSD to understand when scripts on web pages exhibit signs of exfiltration. CSD detects network requests made by malicious scripts that attempt to exfiltrate PII data.
  • Alerting. CSD generates timely alerts on the behavior of malicious scripts, provided by a continuously improving Analysis Engine. The Analysis Engine contains a machine learning component for accurate and informative analysis and provides details on the behavior of malicious script to help troubleshoot and identify the root cause.
  • Mitigation. CSD detects threats in real-time and provides enforcement with one-click mitigation. CSD leverages the same obfuscation and signal technology as F5® Distributed Cloud Bot Defense, delivering unparalleled efficacy.

High Level Distributed Cloud Client-Side Defense Architecture

csd data flow new

 

Client-Side Defense Demo:

Learn about the risks of JavaScript supply-chain attacks (aka Magecart), the costs of Formjacking and PII Harvesting, and how to detect and mitigate this threat vector. Regain security control of your apps with F5’s Distributed Cloud Client-Side Defense.

Related Resources

F5 Client-Side Defense Product Page

Client-Side Defense Documentation

Labels:
Version history
Last update:
‎27-Apr-2023 14:01
Updated by:
Community Manager
Copyright © 2023 Khoros, LLC