Supply chain attacks are difficult to diagnose because there is little evidence of a breach on the store itself. The store may follow network and web security best practices and be infected anyway.
SOUTHFIELD, Mich. (PRWEB) November 27, 2018
Future Hosting, a managed server hosting provider, has advised eCommerce retailers to be vigilant of the risk posed by supply-chain attacks. The advice comes in the wake of a number of massive data breaches caused by third-party libraries infected with malicious code.
“As a server host, Future Hosting supports thousands of eCommerce stores. We are concerned that the current rash of supply chain attacks is likely to damage confidence in the eCommerce market, especially in the run-up to the holiday season,“ said Maulesh Patel, VP of Operations of Future Hosting. “Supply chain attacks are difficult to diagnose because there is little evidence of a breach on the store itself. The store may follow network and web security best practices and be infected anyway.”
The number of supply chain attacks has increased because software repositories are an easier target than well-secured eCommerce stores. A supply chain attack can infect hundreds or more stores and sites with minimal investment from the attacker.
Although supply-chain attacks are difficult to find, they are not impossible to prevent. Modern web applications typically rely on dozens, if not hundreds, of third-party libraries. It may not be feasible to thoroughly vet everyone, but eCommerce retailers should attempt to audit the code running on their servers.
Web security safeguards such as Content Security Policy (CSP) can reduce the risk. CSP specifies whitelisted sources from which code can be loaded, limiting the effectiveness of some Magecart attacks. CSP can be used in concert with Subresource Integrity (SRI) to ensure that malicious code is not executed in users' browsers.
About Future Hosting, LLC
Founded in 2001, Future Hosting is a privately held leading Internet solutions provider specializing in managed hosting, including Dedicated Servers, Virtual Private Servers, and Hybrid Virtual Private Servers. The company has built a strong reputation for its high-quality service, innovative pricing models, and 3-hour Service Level Agreement. Future Hosting is based in Southfield, Michigan. For more information, visit http://www.futurehosting.com
Get The Bar Code News once a month, once a week or once a day. Subscribe here.
Follow us on Twitter: https://twitter.com/TheBarCodeNews
Follow us on Facebook: https://facebook.com/TheBarCodeNews