Name: Magecart Attacks: The Client-Side Blindspot
Start: 2020-02-19T17:00:00Z
End: 2020-02-19T17:00:44.000Z
Location: BrightTALK
Rating: 2

HUMAN is a cybersecurity company that protects organizations by disrupting digital fraud and abuse. We leverage modern defense to disrupt the economics of cybercrime by increasing the cost to cybercriminals while simultaneously reducing the cost of collective defense. Today we verify the humanity of more than 20 trillion digital interactions per week across advertising, marketing, e-commerce, government, education and enterprise security, putting us in a position to win against cybercriminals. Protect your digital business with HUMAN. To Know Who’s Real, visit www.humansecurity.com. 


Fraudsters start preparing for the holidays earlier than you think. As the temperature rises outside, bad actors are turning up the heat on their cyber schemes: harvesting sensitive data, launching automated attacks, and contaminating web metrics. And we have the data to prove it.

In this webinar, Liel Strauch, Senior Director of Cyber Security Research at HUMAN, unveils insights from the 2023 Bad Bot Holiday Report, sharing the automated attack patterns the face online retailers and best practices to defend against heightened bot activity. 

View recording to find out more about:
- The holiday season bot trends that our threat hunters are seeing
- Bot vs. human traffic patterns in Q4, and what that means for online retailers
- How to stop fraudsters and grinch bots from stuffing their stockings

Show Me the $$: E-commerce Holiday Fraud

If your business accepts credit card payments online, you know about PCI DSS. But did you know that version 4.0 is coming soon? This update to the standard requires that you protect your customers’ information on all payment pages that use scripts.  

Join us on July 26 at 11 am PT | 2 pm ET as we welcome, Troy Leach, SME at Cloud Security Alliance. He will discuss the details of PCI DSS 4.0 with HUMAN’s Senior Product Marketing Manager, Robert Kusters. Together, they will walk through the details of the upcoming changes in the standard, the challenges you may face in implementing the updates, and how HUMAN can make the journey to PCI DSS 4.0 compliance easy.  

We’ll discuss:
The upcoming PCI DSS 4.0 customer browser requirements
How to easily comply with PCI DSS 4.0 requirements with HUMAN
Adopt a modern defense strategy to prevent script data leakage

Understanding the Upcoming PCI DSS 4.0 Customer Browser Requirements

Get the lowdown on the 2023 Enterprise Bot Fraud Benchmark Report, drawn from HUMAN’s unmatched visibility into more than 20 trillion online interactions per week. This annual report provides insights into automated attack trends, including account takeover, brute forcing, carding, credential stuffing, inventory hoarding, scalping, and web scraping. 

Hear from the lead analysts on the report: Liel Strauch, Director of Cybersecurity Research, and Gil Bar-Yaacov, Cybersecurity Data Researcher. They will discuss the report findings, explore the top threats facing organizations today, and answer all your questions!

The webinar will cover:

A deep dive into the bot traffic and threat patterns that HUMAN observed in 2022
What this might mean for online organizations in the coming months
Best practices to combat sophisticated bot attacks and automated fraud

Bringing Bad Bots to Light

85% of organizations suffered at least one successful cyberattack last year. That’s according to the 2023 Cyberthreat Defense Report, the most geographically comprehensive view of IT security perceptions in our industry. Join the webinar on Wednesday, June 21 at 11am PT | 2pm ET to get the results.

The webinar will cover:

The top cyberthreats concerning industry professionals today
How to benchmark your organization against others in your industry
Best practices your peers are using to strengthen their security posture

The 2023 Cyberthreat Defense Report is here. Save your spot to get insights!

Understanding CyberEdge’s 2023 Cyberthreat Defense Report

Join us on May 25th at 9am PT | 12pm ET, as we welcome Andrea Ravikumar, Senior Product Research Manager at TripleLift and Adam Sell, Senior Research Editor of HUMAN to review the findings of our joint report, Fraud on Connected TV: Buyers’ Perceptions. 

With explosive growth projected for CTV in 2023, HUMAN and TripleLift set out to explore ad buyers' perceptions of ad fraud when it comes to CTV and the impact, if any, to their buying decisions. Adam and Andrea will talk through the top concerns for buyers and ways to increase trust in this growing space. 
- Understand CTV buyers’ top concerns 
- Dive into how fraud is informing their decisions
- Learn what they expect from partners and platforms

CTV Fraud: What do buyers really think?

Mobile gaming ad revenue is projected to hit more than $7 billion by 2024, according to eMarketer. There’s a lot of opportunity for creativity with in-game advertising. But with all of that opportunity and potential ad revenue, comes fraudsters looking to steal a piece of the pie. 

In this webinar, we’ll be joined by Ben Fenster, Co-Founder and Chief Product Officer at Anzu to discuss how in-game ad fraud works and how fraudsters make money from this, what can we learn from other environments, such as CTV, and how can advertisers protect themselves.

Join to hear:
- A deep dive into what in-game ad fraud is 
- How fraudsters make money from this threat model
- How modern defense strategy enables us to protect ad spend

Show Me the $$: In-Game Ad Fraud

HUMAN invites you to join us for a live demonstration where we'll discuss the PCI DSS 4.0 payment protection requirements and the vulnerabilities we see in website payment page scripts. We’ll showcase HUMAN’s comprehensive approach that combines advanced code mitigation techniques with effective real-time monitoring for PCI compliance, specifically the requirements in section 6.4.3.

Digital skimming is a rapidly growing cyberthreat to payment security. With PCI DSS 4.0 on the horizon,  we'll show you how you can meet the new requirements and also extend protection to other areas of your platform where scripts run. This will safeguard your platform from malicious script attacks, such as Formjacking, PII harvesting, and Magecart - threats all addressed in the new PCI requirements. 

Join us on Wednesday 3rd May to discover compliance solutions that extend beyond  simply blocking scripts, while also ensuring that your customer experience and operational capabilities remain unaffected:

Continuously Monitor Scripts
Gain Granular Control Over Scripts
Block PII Leaks to Ensure Compliance

We hope you can join us.

PCI DSS 4.0 Compliance is Just the Starting Point for Website Script Security

You know that protecting your organization from sophisticated bots, client-side threats, and account fraud has value. But quantifying the ROI is easier said than done.

Join us on April 19 at 11am PT | 2pm ET, as we welcome Nathan McAfee, Senior Economic Analyst from Enterprise Strategy Group to review the findings of the Economic Value Analysis of HUMAN's product portfolio with HUMAN's Director of Product Marketing, Peter Craig. They will talk through the processes used for the analysis, the top challenges that our customers face, and the recognizable benefits that customers report when adopting the HUMAN platform.

We’ll discuss:
The challenges businesses face to secure their digital journey
The ESG Economic Validation process
HUMAN Security Economic Overview focusing on profitability, visibility and control and risk

The Enterprise Strategy Group (ESG) Economic Value Analysis of HUMAN

HUMAN’s Satori Threat Intelligence & Research team recently uncovered a sophisticated ad fraud operation they dubbed VASTFLUX. With their research, we were able to execute an unprecedented private takedown with our customers and the Human Collective. Now that the operation has been disrupted, what can we learn from it? 

We’ll be joined by two investigators from the Satori team to learn from their experience fighting off VASTFLUX. Join them to hear: 

- A deep dive into the threat models behind VASTFLUX 

- How the operators made money from this scheme 

- How the three pillars of a modern defense strategy can disrupt the economics of cybercrime  

- What programmatic players can do to to come together and fight back against future threats like VASTFLUX 

- And more

Show Me the $$: VASTFLUX

When HUMAN and PerimeterX began talks many months ago, it became very clear how complementary their missions and businesses were and how powerful it would be to combine them. Now, the two companies have merged under the HUMAN name to safeguard more than 500 customers from digital attacks (bots, fraud and account abuse) through modern defense. Two great teams have come together to solve one of the most important and fundamental problems facing every enterprise today.

Join us for a discussion on Tuesday, November 15 at 10am PT | 1pm ET as Dave DeWalt, Managing Director, NightDragon and Chairman of the Board at HUMAN and Tamer Hassan, HUMAN’s Co-founder discuss the combined company’s expertise, the strategy behind Modern Defense and the Human Defense Platform, and how it creates an opportunity to disrupt the economics of cybercrime by increasing the costs to cybercriminals while simultaneously reducing the cost of collective defense. 

You’ll learn:
- The latest trends in cyberattacks, bots, fraud and account abuse 
- How the combined company will take advantages of combined strengths
- What HUMAN’s plans are for the evolution of the Human Defense Platform
- Why HUMAN is now in an even stronger position to help customers win against cybercriminals with Modern Defense

The Rise of Bots: Threats and Trends

Marketing fraud is on the rise. Bad actors are exploiting the large number of channels found in modern digital advertising, and increasingly capitalizing on a lack of industry awareness and organizational dysfunction around security weak spots. With the consumer, investor, customer and regulator trust at stake, security and marketing leaders need to get ahead of this growing threat. 

A key challenge for businesses is that unlike marketing and security professionals, fraudsters don't care about silos. With their broad range of attacks including digital advertisement fraud, e-commerce fraud and credential stuffing, they can easily slip through departmental cracks and damage entire businesses. With marketing and security teams establishing that this is a shared problem, it’s clear that a more holistic approach to combating fraud is required.

But how exactly can marketing and security teams effectively put on a united front and overcome bad bots? In the first episode of our two-part series, experts from HUMAN and their guests are sharing how. 
Join them to hear:

- The forms of marketing fraud today, and why attackers can easily slip through the cracks
- How to stop bots and reduce wasted ad spend
- How bots lead to distorted data-driven decisions - be it in media spend or business strategy
- Best practices for how security and marketing teams can work together
- Why the impact of marketing and advertising fraud extends far beyond lost advertising dollars
- And more

Bad Bots: Exposing Bots On Site Before They Distort Marketing-Driven Decisions

What would you do if you could look like a million humans? The answer: a lot. 

Cybercriminals' tools of choice include sophisticated bots and malicious code injections to attack companies across the globe, and the result is diminished brand trust, poor user experience, and a negative impact on the company’s valuation and bottom line.

Join us for a discussion on Wednesday, October 19 at 10am PT | 1pm ET as Sandy Carielli, Principal Analyst at Forrester Research, and Tamer Hassan, CEO and Co Founder of HUMAN, discuss the merger of HUMAN and PerimeterX. They will take an in-depth look at the latest trends in sophisticated bots, fraud and account abuse, and explore how organizations can work together to disrupt the economics of cybercrime. 

You’ll learn:
The latest trends in cyberattacks, bots, fraud and account abuse 
Top pain points and use cases impacting enterprises across the globe 
How modern defense puts the industry in a stronger position to help customers win against cybercriminals

Modern Defense and the Path to Win Against Cybercriminals

Bots have transformed the way we engage online, efficiently handling a dizzying amount of data and revolutionizing customer service. Yet the success of good bots - combined with the increased demand for automation - has also led to a sophisticated market for bad bots. Now widely accessible to cybercriminals who are deploying malicious bots to invade networks and jeopardize user experience, bad bots are a reality enterprise CISOs now need to contend with. 

According to Dark Reading Research’s ‘Three Out of Four Attacks: Sophisticated Bots and What Enterprise Security is Missing’ report, nearly three-quarters of organizations today suspect that a proportion of their website-traffic is generated by bots. Worryingly, these same enterprises admit they don’t have the optimal tools for defense to counteract these vicious bots.  

Despite the lack of tools - and the knowledge that preventative action must be taken - there seems to be a lack of consensus over the ownership of bad bot mitigation, and whether it is the responsibility of marketing or security. 

In this episode, HUMAN experts and guests are discussing why this is, and sharing essential findings from Dark Reading Research’s recent report. From diving into why bot attacks are jeopardizing businesses’ standing in the market and shareholder value, to exploring the most effective bad bot mitigation tools, join this 45-minute webinar to learn: 

- Why broader, traditional anti-fraud features, such as CAPTCHA and MFS are no longer adequate for dealing with increasingly sophisticated bot attacks
- Why, in order to effectively defend applications against newer attacks, businesses must emphasize collaboration between the internal teams, including security, customer experience, e-commerce, and marketing
- Which application security, machine learning, and anti-bot solutions businesses can use to detect and stop advanced automated attacks
- And more

When Bots Attack: Sophisticated Bots & What Enterprise Security is Missing

New customer account sign-ups are an indicator of a thriving business, but are those new clients human? You want account creation to be easy for humans. But is it also easy for bots?

Sophisticated bots can quickly and easily create large numbers of fake new user accounts. These accounts are either completely fake or are created using details where the real human is unaware of the fraud. These new phony accounts are then used to carry out malicious activity, such as payment fraud, special offers and discount abuse, and spam and misinformation spreading.

Creating a real new account needs to be quick and easy, so your consumer isn’t frustrated and lost. You want users to create accounts to provide offers and discounts and ensure they become long-term clients. Customer accounts also help you monitor customer behavior enabling you to make sound business decisions. However, sophisticated bots can use that same easy system to register new account after new account to use for their fraudulent activity.

Join HUMAN’s Bryan Becker, Director of Product Management and Peter Craig, Director of Cybersecurity Product Marketing, for a webinar on fake account creation and how to combat this threat.

You’ll learn:
• Why and how fraudsters create fake accounts
• Why sophisticated bots are different and the limitations of your existing defenses 
• How to stop sophisticated bots effectively without introducing unnecessary friction

Mitigate the Risk of Fake Account Creation with Precision

Bots are used in three out of four of cyberattacks, but they work differently from conventional threats. Rather than looking for holes in your systems and defences, bots use applications as they were intended to be used. So then, how do you stop those sophisticated bots?

Including new research from Dark Reading, we explain the damage malicious automation can cause, the limitations of WAF and CAPTCHA, and how you can  adopt new approaches to detect and counter sophisticated bots.

Join HUMAN’s Mark Phillips, VP Solutions Architecture  and Peter Craig, Director of Cybersecurity Product Marketing, for a webinar on sophisticated bots and what enterprise security is missing.

You’ll learn how to:
-- Optimize your bot management strategy 
-- Understand bot attacks and the limitations of CAPTCHAs
-- Receive new Dark Reading sophisticated bot research

Protect Your Business Against Sophisticated Automated Attacks

With the proliferation of cloud-based applications also comes the proliferation of bot fraud, which can result in degraded customer trust, loss of inventory, security breaches, and increased resource utilization. That’s why bot mitigation is increasingly important to conduct business securely, regardless of your industry.

Together, HUMAN and AWS provide a layered solution to seamlessly improve
application performance and protect your cloud-native web and mobile applications from
sophisticated bots masquerading as humans. 

In this session, learn how deploying BotGuard for Applications from HUMAN adds another layer of protection on top of the native capabilities provided by CloudFront, AWS Shield, and AWS WAF. The combined solution means that by the time a bot lands on your digital doorstep, you’ve already seen it and can mitigate its impact. 

Here are some common themes we’ll discuss:
• Mitigating new sign-up fraud
• Blocking comment spamming
• Stopping account takeover
• Preventing credential stuffing

Sign up for the webinar today!

Receive a complimentary 30-day audit of your applications by visiting: https://www.humansecurity.com/offer/bot-risk-assessment

Safeguarding the Humanity of Digital Interactions

The publicity surrounding hype sales helps increase demand for limited edition products such as sneakers, gaming consoles and fashion accessories, which earns brands both market share and profit. But it can also bring out bad bots which snatch up products for lucrative resale and cause traffic spikes. This can result in frustrated customers, potential revenue losses and significantly slow down e-commerce sites.

Join PerimeterX and YOTTAA for a 22 minute live webinar to learn how to:
-Prepare your site to deal with both overwhelming bot and legitimate traffic
-Incorporate user-friendly verifications to ensure that humans, not bots, get your limited edition products
-Receive expert tips on how to build a successful hype sales event

This webinar is hosted by PerimeterX in conjunction with YOTTAA. As a result, both PerimeterX and YOTTAA will have access to the information you submit on this form, and both companies will use it to communicate with you on relevant topics. For more information on each company’s privacy practices, please see the PerimeterX Privacy Policy and the YOTTAA Privacy Policy.

Tips for 2022 Hype Sales Success

Cyber criminals are constantly changing their attack methods to stay ahead of your defenses. How do you keep up with the changing threat landscape? What threats are lurking and how do you plan to address them? What security tools are available to combat these threats? 

To address these questions and more, join us for a live session on April 21 at 10am PT | 1pm ET as CEO of CyberEdge Group, Steve Piper and PerimeterX Cyber Security Evangelist, Robert Kusters discuss findings from the 9th annual Cyberthreat Defense Report. Learn about the key insights from this year’s report, including:  

-The top cyberthreats to web and mobile applications
-Ways that security teams are protecting their businesses
-The biggest issues facing security leaders and how to address them

Insights into Today’s Cyberthreat Landscape

Modern retail and hospitality websites deliver a rich customer experience using client-side JavaScript, including scripts from third-party vendors and open source libraries. Unfortunately, these scripts introduce risks because they are outside the control of the website owner. Magecart and digital skimming attacks steal credit card numbers and PII from websites by exploiting this blind-spot. British Airways paid $230M in regulatory fines for Magecart attacks that occurred in 2017, and remain exposed to millions more in liabilities. This session will shed light on the client-side blindspot, explain how Magecart attacks exploit this and the strategies a modern retail and hospitality business should consider to mitigate this threat.

Magecart Attacks: The Client-Side Blindspot

Information Security

Cyber Attacks

Cyber Intelligence

Cyber Threats

Magecart

Security Breach

Web Security

Code Defender

Digital Skimming

PII Harvesting

Get powerful e-commerce insights to grow your online transaction volume. Connect with thought leaders and colleagues to get the most up-to-date knowledge on the e-commerce strategies and techniques that drive growth.

E-commerce

The marketing community on BrightTALK is made up of thousands of engaged marketing professionals. Find relevant webinars and videos on marketing strategy, branding and more presented by recognized thought leaders. Join the conversation by participating in live webinars and round table discussions.

Marketing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Get powerful emerging technology insights from influential experts. Connect with thought leaders and colleagues to get the most up-to-date knowledge on technologies like 3D printing, pervasive robotics, natural interfaces, connected everything and cognitive systems.

Emerging Technologies

The research and development community on BrightTALK brings together leading professionals in healthcare, technology and manufacturing to present on current topics in their fields. From big data in healthcare to online forensics training and medical research practices, the community is an exceptional resource for those looking to expand their knowledge. Be part of the conversation by joining the community and participating in interactive live webinars.

Research and Development

This community is for institutional investors responsible for managing large-scale funds. Join to learn how top institutional investors are managing their organization’s shares, influencing the market, and what tips they have for successful investment strategies.

Institutional Investors

Get powerful banking and treasury insights for your business. Connect with experts and colleagues to get the most up-to-date knowledge on hot topics such as digital banking, payments disruption and non-bank competition. Learn how the latest treasury management strategies are helping to mitigate operational, financial and reputational risk.

Banking and Treasury

Join this new, vibrant community to learn and connect with top thought leaders, startups and banks who are disrupting the financial services industry. Keep up with the latest news and trends in Fintech and take part in lively debates on topical issues and challenges.

Fintech

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

Magecart Attacks: The Client-Side Blindspot

Presented by

About this talk

More from this channel