The recent discovery of a website supply chain attack using the cdn.
Polyfill.io domain has left many websites vulnerable to malicious code injection.
Once a trusted resource for adding JavaScript polyfills to websites, the domain has recently become the epicenter of a significant website supply chain attack.
Funnull, a Chinese company, has acquired the domain polyfill[.
Following the acquisition of the domain, Funnell began inserting malicious code into scripts served to end-users.
The malicious domains used advanced evasion tactics, including protections against reverse engineering, activating only on specific mobile devices at certain times, and avoiding execution when admin users or web analytics services are detected.
Io domain has been suspended by its registrar and can no longer redirect users to malicious sites, we believe it is still important to remove all related scripts to maintain security best practices.
Our Client-Side Protection solution swiftly identified which customers and specific websites had these compromised domains in their codebase.
Imperva Client-Side Protection helps detect such threats and provides immediate action to mitigate risks.
If you are an Imperva customer currently using Client-Side Protection with Instant Blocking enabled, you are protected from this attack.
How You Can Protect Your Website Onboard to Imperva Client-Side Protection: Gain visibility and control into all domains and scripts on your client-side by onboarding to Client-Side Protection.
Catalog Your Domains: Maintain a catalog of all domains used in your client-side code to facilitate rapid response to security threats.
By maintaining an updated list of these domains, you can respond swiftly if a malicious domain is discovered in the future.
Remove the Domains: Once identified, immediately remove these domains from your codebase and replace them with secure alternatives.
Set Up Alerting: Stay informed about newly discovered domains by turning on alerting through email, SIEM, or public APIs.
For Imperva customers not currently using Client-Side Protection, start a free trial today to discover if your site is vulnerable.
As a proactive measure, our support organization is actively working with the Client-Side Protection engineering team to notify and assist all customers identified on the list of compromised domains.
Our goal is to ensure that every website owner understands the urgency of removing these domains to protect their users and maintain the integrity of their online presence.
Imperva Client-Side Protection prevents data theft from client-side attacks like formjacking, Magecart, and other online skimming techniques that often exploit vulnerabilities in the website supply chain.
Imperva Client-Side Protection also ensures your organization meets the latest compliance standards, including those in PCI DSS 4.0.
This Cyber News was published on www.imperva.com. Publication date: Tue, 02 Jul 2024 01:13:07 +0000