Cloudflare launches Page Shield to fight against Magecart attacks

Cloudflare launches a new web security offer to prevent Magecart type attacks.

Attacks that are difficult to detect

Magecart is an umbrella term used to describe JavaScript-based bank card data theft attacks. Legitimate websites and e-commerce platforms with vulnerabilities – for example in a content management system (CMS) or in third-party script dependencies – are targeted. JavaScript code is embedded in e-commerce related pages, then all credit card information submitted on those pages is collected and sent to attackers.

Countless companies have been, and continue to be, the prey of Magecart attacks. Known victims include British Airways, Ticketmaster, Newegg and Boom! Mobile.

“These attacks are difficult to detect because many application owners trust third-party JavaScript modules to work as expected,” says Cloudflare. “Because of this trust, third-party code is rarely audited by the app owner. In many cases, Magecart attacks lasted for months before being detected. “

Page Shield

To combat this problem, Cloudflare on Thursday launched Page Shield, a client-side security solution.

The Script Monitor feature, included in Page Shield, checks third-party JavaScript dependencies and logs any new additions over time. Script Monitor, currently in beta and found in the “Firewalls” section of customer dashboards, also adds a “Content-Security-Policy-Report-Only” header to content that passes through the network by Cloudflare.

When JavaScript attempts to run, browsers send back reports to the company which are checked to see if there are new changes – and customers are then alerted so they can “investigate and determine if the change was. expected, ”says Cloudflare.

Cloudflare Browser Isolation for Telecommuting

The company is also working with cybersecurity partners to obtain sample scripts used in Magecart attacks. Ultimately, it is hoped that Page Shield will be accurate enough to alert customers when dependencies appear to be malicious.


Business and Enterprise customers can now register to access the Closed Beta of Page Shield.

Earlier this week, the company introduced Cloudflare Browser Isolation, a zero trust browsing system designed to protect remote workers – and the organizations they work for – from threats by creating a gap between active browsing sessions and end devices.

Source: .com

Back to top button