Processing Your Payment

Please do not leave this page until complete. This can take a few moments.

May 25, 2022

New Haven tech firm warns of ‘shadow code’ risk in business websites

Photo | Yakir Shukron Source Defense staff members, from top left: Keren Rubin, head of HR; Avital Grushcovski, founder and VP, and Sagi Shvartz, VP of R&D. Bottom row, from left: Hadar Blutrich, founder and CTO; CEO Dan Dinnar and CFO Yehudit Baum.
By Liese Klein

Source Defense, an Israeli cybersecurity firm with an office at New Haven’s District, warned businesses of “shadow code” in their websites that could lead to data breaches.

In a report released Tuesday, Source Defense said in a statement that it had analyzed “the security, privacy, and compliance risks that are literally designed into the digital supply chains of major business websites.”

The company examined 4,300 of the world’s largest websites across industries in the first quarter of this year and found an average of 15 “externally generated scripts” per site. Developers routinely add third-party scripts from widely available packages to webpages without considering that they often contain code from additional parties, the company said. 

“If a script has been compromised, the shadow code comes with it and goes straight to the browser without organizational defenses able to detect it,” Source Defense said. “From there, scripts can exfiltrate data to remote servers, redirect users to malicious websites or lay the groundwork for formjacking, digital skimming and credential-harvesting attacks.”

Financial services companies had the most shadow code, with 60% more scripts on average resident on sensitive pages, double the number per page overall, and had triple the amount of fourth-party scripts. 

Source Defense CEO Dan Dinnar said, “While retail and credit card breaches grab the most headlines, this is a pervasive and relatively unchecked risk to both security and privacy across all verticals.” 

Sensitive information is most at risk because "data of greatest value to malicious actors is collected on the pages where the business has the greatest need for analytics, tag management, and other tracking and management capabilities,” Dinnar said. 

The report also warned of growing cybersecurity risks as the economy shakes free of the COVID-19 pandemic. 

“The pace of adversarial activity is only increasing as retail and e-commerce companies enjoy exponential growth, as travel and lodging needs increase post-pandemic, and as healthcare and financial services transactions move more critical and sensitive functions online,” said Source Defense’s statement. 

Based in the central Israeli city of Rosh Haayin, Source Defense announced in April that it had secured $27 million in Series B funding.

Contact Liese Klein at lklein@newhavenbiz.com.
 

Sign up for Enews

Most Recent

Most Recent

0 Comments

Order a PDF