Managed hosting provider
Future Hosting has announced its concerns about the risk of supply-chain attacks. Headquartered in Southfield, Michigan, United States, Future Hosting offers a broad range of web hosting offerings including Virtual Private Servers (VPS), hybrid Virtual Private Servers and dedicated server offerings. The company was in the news last month warning PHP users of the dangers of not upgrading their software to the most recent version. Future Hosting has urged ecommerce retailers to be “vigilant of the risk posed by supply-chain attacks”.
Future Hosting’s recommendations come after a number of major incidents caused by malicious code in third-party libraries. The company cites the Magecart credit card scraper injected via third-party JavaScript libraries as its chief example of the problem. Ecommerce stores of a range of sizes were infected by Magecart, malicious code that collects credit card numbers and sends them to the attacker’s servers. Attackers focus on code libraries because they are an “easier target than well-secured ecommerce stores”, Future Hosting suggests. They also suggest safeguards like ‘Content Security Policy’ (CSP) can help mitigate issues. CSP “specifies whitelisted sources from which code can be loaded” and this reduces the impact of some Magecart attacks. They also recommend Subresource Integrity (SRI) as a means of ensuring “malicious code is not executed in users' browsers”.
“As a server host, Future Hosting supports thousands of ecommerce stores. We are concerned that the current rash of supply chain attacks is likely to damage confidence in the ecommerce market, especially in the run-up to the holiday season,“ explained Future Hosting’s Vice President of Operations, Maulesh Patel. “Supply chain attacks are difficult to diagnose because there is little evidence of a breach on the store itself. The store may follow network and web security best practices and be infected anyway.”
Do you know of any other companies offering warnings against cyber attacks? Let us know the details. Add your comments below.
