A data breach on British Airways' website has resulted in the theft of 380,000 booking transactions data made between 21 August and 5 September. The compromised data included names, addresses, email addresses and sensitive payment card including the card's long number, expiry date and the three-digit CVV security code.
For an in-depth look into how the attack was carried out, cybersecurity firm, RiskIQ, has an excellent blog post breaking down how the attackers revised an underlying script within the British Airways web page to include code — just 22 lines of it, to grab data that customers entered into a payment form and sent it to an server owned by the attackers.
Cybersecurity has many moving parts and components - the chain effect is long and complicated. Assuming that British Airways has all the necessary front-facing security mechanisms in place to protect their web server assets - it is obvious in this case, they could have missed out one small matter of ensuring the file integrity of all scripts and static web resources are also monitored. This oversight has allowed a mere 22 lines of codes discreetly inserted into an unassuming script file but with devastating consequences.
Protecting the core data was why we created WebALARM - the last line of defence should any attackers manage to breach all the front-end security defences.
Watch the video below where we demonstrate how WebALARM can prevent malicious scripts from being inserted to your website:
WebALARM file integrity protection agents are lightweight and works 24x7, monitoring and protecting your web assets. By monitoring static web assets like external scripts, CSS, graphic files, documents, and source codes, a single bit of unauthorised change will trigger a tamper alert, providing response team a crucial intrusion signal and valuable time to respond, investigate and ultimately contain the intrusion.
WebALARM goes beyond traditional file integrity monitoring as it provides automatic tamper recovery. This ensures your web site integrity is preserved at all times and provides assurance to your site visitors.
WebALARM file integrity protection works extremely well in concert with the rest of your web security deployments like web application firewalls, end-point security, network filters, intrusion detection systems, etc.
Contact sales@clokesecurity.com for a presentation on how WebALARM can protect your critical source codes from unauthorised tampering.
Comments