4800 websites compromised by ‘formjacking’ per month

The new approach favored by cybercriminals as ransomware and cryptojacking returns dwindle.
21 February 2019

Formjacking targets web users’ payment details. Source: Shutterstock

More than 4,800 unique websites are subject to ‘formjacking’ per month, according to a report by software firm Symantec, whereby hackers attempt to inject malicious code into retailers’ websites with the aim of stealing shoppers’ payment details.

Symantec claims to have blocked 3.7 million formjacking attacks— which it compares to “virtual ATM skimming”— on endpoints in 2018, nearly a third of which occurred in the busiest online shopping period of the year, November and December.

Conservative estimates suggest that cybercriminals may have collected tens of millions of dollars last year, stealing consumers’ financial and personal information through credit card fraud and sales on the dark web.

Several well-known retailers’ online payment websites were compromised with formjacking code, including Ticketmaster and British Airways, but Symantec warns that small and medium-sized retailers are the most widely compromised.

The report says that just 10 credit cards stolen from each compromised website could result in a yield of up to US$2.2 million each month, with a single credit card fetching up to US$45 in the underground selling forums.

More than 380,000 credit cards were stolen from British Airways in an attack that may have allowed criminals to net more than US$17 million.

“Formjacking represents a serious threat for both businesses and consumers,” said Greg Clark, CEO, Symantec.

“Consumers have no way to know if they are visiting an infected online retailer without using a comprehensive security solution, leaving their valuable personal and financial information vulnerable to potentially devastating identity theft.

“For enterprises, the skyrocketing increase in formjacking reflects the growing risk of supply chain attacks, not to mention the reputational and liability risks businesses face when compromised.”

The spike in formjacking attempts is thought to stem partly as a result of diminishing returns from ransomware and cryptojacking attacks, which were the former “go-to” methods for criminals looking to make easy money online.

Declining cryptocurrency values and increasing adoption of cloud and mobile computing has made these attacks less effective.

But while ransomware usage saw its first decline since 2013 last year, dropping 20 percent, attacks on enterprises jumped 12 percent— with businesses the targets of 80 percent of such attacks.

Smaller companies looking to bolster their basic cyber attack defenses could do worse than starting with the Global Cyber Alliance’s newly-released Cybersecurity Toolkit, which includes free tools and instructions for making websites secure.