In recent years, client-side attacks have become considerably more common, gaining in prominence since 2015. As online activity increases due to the global pandemic, the most susceptible target, e-commerce, is becoming more lucrative than ever.
Understanding The Client-Side Problem
Numerous activities take place in the background while communicating with a web application. Generally, these can be classified into two groups, based on where they take place. The first is the client-side (i.e., activities on the device of the end-user), and the second is the server-side (i.e., actions executed on the webserver). In recent years, attackers have found it easier to carry out client-side attacks, as these are more difficult to track and control by organizations.
How does the client-side get compromised? There are different situations where this might happen, such as cross-site scripting, a compromised S3 bucket, or a compromised package, to name a few.
Personal Information Offers Significant Gains
The Pandemic’s Impact On Online Shopping
The pandemic has intensified the transition to a more digital world and caused shifts in online shopping patterns that are likely to have lasting effects. Electronics, gardening/do-it-yourself, pharmaceuticals, furniture/household goods, education, and categories of cosmetics/personal care are the biggest winners. In 2021, this trend is predicted to rise. And the risk of fraud is increasing exponentially, with many corporations forced to alter the way they perform their sales.
A Multi-Dimensional Challenge
A multi-platform card skimmer that has been discovered on some major e-commerce sites is a recent example of such fraud. By inserting a malicious duped checkout form that was accurately masquerading as the legitimate form, the skimmer successfully “took over” the checkout method. This shows the degree of complexity involved in these recent attacks, capable of exploiting even the largest e-commerce sites hosted by them.
The fact that hackers may abuse the client-side to access PII (Personally Identifiable Information) is as serious a data breach as actually stealing data from the server. This raises PCI, GDPR, CCPA non-compliance concerns.
A Difficult Threat For Security Teams
It can be quite a challenge to handle the risks of client-side attacks. Several third-party providers found on websites today are executing on the client-side, rendering them a blind-spot for the security organizations. Keeping an inventory of all third-party resources used in their applications is a vital part of the security team strategy, but this is not easy, as the security team typically does not participate in the development cycle.