A recent supply chain attack crippled a significant portion of the internet, impacting an estimated 100,000 websites writes Cyber Security Technologist Chris McGee.
It exploited the popular JavaScript library Polyfill.io, leaving thousands of unsuspecting websites vulnerable.
Brief History
Polyfill is a small piece of code that bridges the gap between modern web features and older browsers. It’s a popular tool for developers because it simplifies the process of ensuring their websites work flawlessly across different browsers. Traditionally, Polyfill was delivered through a Content Delivery Network (CDN) called cdn.polyfill.io.
How the Attack Took Place
The attack unfolded when the domain polyfill.io became available for purchase. A Chinese company, Funnull, saw an opportunity and acquired the domain. This gave them control over the JavaScript library delivered to any website using the previous polyfill.io library. Funnull then injected malicious code that redirected unsuspecting website visitors to scam sites designed to steal sensitive data or potentially even infect their machines.
What Did the Malicious Polyfill Do?
The malicious script injected by Funnull redirected website visitors away from the intended site and towards scam websites. These scam sites were likely designed to steal sensitive data like passwords or credit card information. Additionally, some websites unknowingly served the malicious library, potentially putting them at risk of being flagged as malicious by search engines like Google. This could lead to a significant drop in website traffic and even browser warnings that discourage users from visiting the site.
Actions to Secure Your Website
Fortunately, there are steps website owners can take to mitigate the risks associated with this attack and similar supply chain vulnerabilities in the future. Several Content Delivery Networks (CDNs) like Cloudflare have stepped in to provide safe versions of the Polyfill library. Additionally, implementing Subresource Integrity (SRI) can significantly improve your website’s security. SRI allows you to specify a unique fingerprint for each external script included on your website. If the script’s content changes, the fingerprint no longer matches, and the script won’t load, preventing potential malicious code injection.
While Polyfill was once a popular solution, with most modern browsers having high Javascript compatibility and the adoption of Chromium-based browsers like Google Chrome, Microsoft Edge, and Opera, the need for Polyfill has significantly decreased. It is important to assess your website’s current needs. If Polyfill is no longer necessary, consider removing it altogether. Otherwise, update your links to use the safe version of Polyfill provided by other CDNs such as Cloudflare.
Conclusion
The Polyfill.io attack highlights the importance of vigilance in website security. By staying informed about potential threats and implementing best practices like Subresource Integrity, website owners can help prevent similar attacks from impacting their website traffic and user experience.
Our ThreatSure service offers monthly scanning to detect vulnerabilities on your network. Find out more here
/-3.5042587517567103,%2054.70635734010168,15.5/300X450@2X?access_token=pk.eyJ1Ijoid29tYmF0Y2hyaXMiLCJhIjoiY2pqaGEyd2lzMDQ3ZDN2bWQ4OTBsa2pmayJ9.ksVq6arM13qYhr76pco33w)