By detecting suspicious script activity in real-time, Page Integrity Manager offers a more effective way to defeat well-hidden supply chain attacks such as Magecart when they happen.

Akamai, the intelligent edge platform for securing and delivering digital experiences has unveiled its Page Integrity Manager, an in-browser threat detection solution designed to uncover compromised scripts that could be used to steal user data or impact the user experience.

Initially popularized by Magecart groups, and now being leveraged by other threat actors, the attack vector of malicious web page scripts is growing and has become a frequent source of data breaches.

Experts say SMS-based two-factor authentication is not the best option to secure online accounts

Online shoppers are susceptible to credential stuffing

A typical website relies on dozens of third-party sources — many that result in scripts executing in user browsers. Third-party scripts are essential for the dynamic user experience expected in modern websites, inclusive of sensitive information pages used for payments, account management, and personal information forms. However, security teams have little visibility into or control over these third-party supplied and maintained scripts.

Page Integrity Manager

Akamai designed Page Integrity Manager to protect websites from JavaScript threats, such as web skimming, form-jacking, and Magecart attacks, by identifying vulnerable resources, detecting suspicious behavior, and blocking malicious activity. By detecting suspicious script activity in real-time, Page Integrity Manager offers a more effective way to defeat well-hidden supply chain attacks such as Magecart when they happen.

“Web skimming attacks steadily remain at a high-volume across a variety of industries, especially retail, media, and hospitality,” said Steve Ragan, security researcher, Akamai. “Over a recent seven-day period, we analyzed nearly five billion javascript executions, across 110 million page views and saw about a thousand vulnerabilities, any one of which could result in stolen sensitive user data.”

“By its nature, web page scripts are very dynamic. Third-party scripts are especially opaque, creating a new attack vector that is challenging to defend against,” said Raja Patel, VP of Products, Web Security at Akamai. “Page Integrity Manager gives our customers the visibility they need to manage the risk from scripts, including first-, third-, nth-party scripts, with actionable intel needed to make business decisions unique to your organization.”