A new report by Tala Security warns that the vast majority of Alexa top 1000 websites are vulnerable to advanced client-side attacks such as those falling under the Magecart umbrella. In a Magecart attack, hackers inject the checkout page of an otherwise legitimate website with malicious code that enables them to steal the payment card information of visitors.
The study found that on average, a single website currently relies on 31 third-parties, and close to two in three (63 percent) websites use JavaScript code that is written and/or managed by third-parties. This extensive reliance on third-parties puts organizations at risk, since it means that attackers aiming to compromise a single website can target dozens of organizations and only one of those attacks needs to be successful for them to achieve their goal. Data breaches are also more likely because form data, including Personally Identifiable Information (PII) and financial data sent to websites by users, is exposed to an average of 15.7 third-party domains.
Read more: 98 percent of top US websites not prepared against attacks