Cloudflare

Cloudflare has released a new tool called Page Shield for thwarting any malicious JavaScript injections into a site. The tool will help website admins to know whenever a user or visitor injects an unknown JavaScript dependency that may infect the site or supply chain. This helps prevent attackers from injecting phishing sites and stealing data from the site.

Cloudflare Page Shield

Cloudflare Page ShieldAs attacks like Magecart have grown rapidly in recent days, there’s a need for the website admins to do something to protect both their sites and customers’ information from attackers. Magecart attacks often exploit a vulnerability in the supply chain or install a JavaScript dependency from an external source to infect the website.

Compromising the website allows them to introduce phishing pages in a legitimate site or redirect users to malicious sites/sources or steal sensitive data like credit card information while entered into the billing page. Since all these hardly alter the user experience, they go undetected until checked.

This could be from days to weeks and years until realized. To solve these attacks, Cloudflare has come up with a tool called Page Shield, where it contains a Script Monitor to check any malicious JavaScript files being uploaded to infect the site.

This works by registering all the legitimate JavaScript dependencies initially from the website administrator and monitor continuously the activity from the user’s end while on site. And when there’s a new/suspicious JavaScript dependency uploaded to the site from the user’s end that is not in the list, it will inform the site admin to investigate.

This enables the site admin to take action if the activity was malicious. It may not be effective if the site’s already connected to a JavaScript dependency source, which is tagged legitimate and altered later.

For example, a source JavaScript dependency like

https://www.example.com/js/harmless.js

maybe allowed at the start as legitimate, but if the operator chooses to push a malicious code through it to infect the website, Cloudflare may not be able to detect it as it’s coming from a legitimate source. Cloudflare announced to introduce more features in the future to make this tool more useful.

LEAVE A REPLY

Please enter your comment!
Please enter your name here