The dangers hiding inside the favicon


February 16, 2022

Favicons help with brand exposure and with quickly identifying multiple tabs in our browser window, however to cybercriminals it is another possible exploitation method – as Segway found out back in January.

Shoppers using the company’s ecommerce site may well have had their details skimmed (including credit card information) by cybercriminals using magecart12 malware. The suspicion is that the hackers were able to exploit an outdated version of Segway’s ecommerce platform, that led to the malicious code being embedded inside the favicon file, making it difficult to detect.

This latest reported attack shows how cybercriminals are looking for creative ways to obtain information and evade detection.

It also demonstrates the importance of monitoring outside the perimeter and analysing third party cyber risk. This attack, again, highlights how easy it is for hackers to access a company through their supply chain. Unfortunately, these supply chain cyber-attacks are on an upward trend and are expected to quadruple in the next few years.

How can Darkbeam’s help?

You can never eliminate risk, especially those posed by a third-party, but there are tools available that can help you reduce your risk profile. We have created a solution that looks at your company’s own cyber posture including any risk associated to your favicon, as well as monitors your external third-party cyber risk.

Sign up for your free-for-life myHorizon account today

Darkbeam

Subscribe Here!