Cybersecurity being a priority
Cyber-crime is at all-time high. Number of possible attacks on systems still rises, and attacks themselves are becoming increasingly sophisticated. Today’s internet faces virtually relentless assault from hacker teams, criminal syndicates, unsavory competitors and even from nation-states or hacktivists. Data breaches in web services are intensifying and being successful leave businesses and their reputation in shatters.
There is even greater danger if it comes to services involving any kind of monetary transfers, as data breach is almost always connected not only with identity theft, but also frequently with lose of client’s funds. The fact that so many businesses are still not investing in appropriate protections and continue to make simple mistakes suggests that, despite cybersecurity concerns being a priority, in many cases they aren’t being addressed appropriately.
Addressing cyber risks requires conscious effort. Companies need to know sources of vulnerability and how they can be exploited. While recent high profile breaches have helped improve public understanding of attacks and their nature, some vectors of attack remain virtually unknown. Area which is often neglected is user interface protection. User interface protection refers to the security measures organizations must employ to defend themselves against attacks perpetrated „in the browser”. Man-in-the-middle and man-in-the-browser are examples of such cyber-attacks which, if undetected, can cause extensive economic damage, particularly in the case of web sites involving any kind of fund transfers, where the economic incentive for hackers is large.
Despite research suggesting that at least 10% of all cyber-attacks are focused in this area, current estimates have found that up to 80% of organizations have taken no action to protect themselves.
Cyber-criminals focus on UI
Failure to protect the UI provides easy access for cyber-criminals and allows them to infiltrate web browsers to modify web pages, transaction content, or insert additional transactions, all completely covertly. This form of content manipulation can be severe. While many companies have come to understand phishing scams, in which an unsuspecting user is directed to a fake website through a link in an email or some other notification, “in-the-browser” attacks occur when the victim has entered the URL into the browser independently. On the surface, interactions and transactions are taking place normally, with expected prompts and password requirements, but underneath hackers are monitoring, modifying, and exploiting the information for personal or financial gain, at the expense of both the user and organization.
Codesealer and On.Live – example of implementation
As On.Live as a project involves transfer of funds with most of the operations performed by user, and by definition almost all services provided by businesses operating within the platform are payed, end user security is one of the most important aspects and shouldn’t be neglected. Carrying for protection of our users and their funds, we decided to employ user interface protection solution provided by CodeSealer. CodeSealer solution specializes in eliminating in-the -browser vulnerabilities. It is recognized by Gartner as a financial fraud detection strategy for user interface protection. CodeSealer is perfectly placed to offer the protection from UI-based cyber-attacks, and that is a necessity in case On.Live and any other business in today’s environment. CodeSealer is completely invisible for the end user. No installation is required by customers. But On.Live users will be enjoying additional layer of security. As the solution implemented on server side of the platform it works across the applications and guards against attacks, potentially destructive for our clients, even if their device is infected with malicious software. CodeSealer works with every browser on any operating system including apps for smartphones build with HTML and WebView.
Technical details
From more technical standpoint CodeSealer provides instant coverage and don’t require end user installation. WSF, the Web Session Firewall secures user sessions implementing several advanced techniques, preventing any unauthorized manipulation of data on the server by man-in-the middle attacks, but also any malicious actions that can originate from unwanted add-ons or scripts on client’s browser side. Product consist of several logical modules, each adding another layer of protection and working in concert, providing robust security package virtually impossible to penetrate.
- Built-in bootloader protects the session, using dedicated session keys, dynamic obfuscation and additional encryption layer.
- The dynamic obfuscation hides code patterns, statements and functions leaving attackers without traces and insight. All in the manner that doesn’t give sufficient time between encryption key changes to break the code.
- Standard HTTPS encryption provides security between HTTPS gateway on the server side, to the SSL/TLS termination point in client browser.
Web Session Firewall goes one step further. It adds an extra layer of encryption and authentication inside HTTPS layer. WSF encryption protects connection all the way from server to WSF client running in customer’s browser.
- Additionally, to session encryption WSF encrypts all URL on the website preventing SQL injection attacks and cross-site scripting through URL parameters, hiding not only the address, but also the server-side structure of the website. Working firewall hides application code by storing and executing all web-site’s JavaScript code inside its client, making analyzing the code extremely tedious and inefficient process.
- Added web page encapsulation prevents from unknown vectors of attack, and any page manipulation by rechecking the send page with data send back from the WSF client in browser. Only valid data entered by user such as input forms is permitted as a deviation from comparison of sent and received webpage code.
- Codesealer’s WSF also provides elaborated forensic reporting and handling, with administrator customizable behavior in case of detected discrepancies and possibility of attack. While no solution can protect 100%, obfuscated and sealed sessions will dramatically improve the security, and cybercriminals will constantly be faced with changed and hidden application code making it virtually impossible to re-use malicious attacks.
The results of this approach is that a secure session between the customers’ browser and the online system can be established. It can be used to continuously monitor the web page displayed to the user and react to unknown and malicious code.
The CodeSealer Web Session Firewall by its design covers zero-day and even unknown and undefined attack vectors. What’s also important it is compliant with GDPR which is essential for any business handling EU consumer data today and in the future. WSF solution by CodeSealer currently under implementation in On.Live platform is overall much more modern and sophisticated than other products present on the market. Our team takes security very seriously. By implementing CodeSealer WSF on the platform we are following footsteps of financial sector where it is implemented for over 3 years and processes over 30 million transactions per day.
Check website 
https://on.live/
Watch INTRO movie https://youtu.be/2TjrMS07trY
Watch platform VIDEO presentation https://youtu.be/3BV3YwprKcQ
Comment https://t.me/OnLive
Follow our announcements https://t.me/OnLiveICO
Check ONL tokens safety https://v11.on.live/
Read whitepaper https://on.live/documents/OnLive_Whitepaper.pdf
Contact info [email protected] , [email protected]
This is a sponsored press release and does not necessarily reflect the opinions or views held by any employees of NullTX. This is not investment, trading, or gambling advice. Always conduct your own independent research.