Israeli cybersecurity firm Source Defense analyzed the supply chain risk posed by shadow code on third- and fourth-party scripts on major businesses’ websites. Third-party scripts and open source JavaScript libraries assist development teams in adding advanced functionality to web applications without writing or maintaining code. They allow developers to improve user interaction, implement social media sharing, tracking and analytics, deliver dynamic content, display news feeds, and retrieve data from third-party sources. Although external scripts speed up the application development process, attackers could exploit or leverage them for digital skimming, form jacking, credential harvesting, and redirecting users to malicious websites. Magecart attacks originating from client-side scripts have grabbed major cyber security news headlines in the past few years, with incidents rising sharply since 2014.
Read more : Study Warns That Shadow Code on External JavaScript Libraries Pose a Serious Supply Chain Risk.