According to the Symantec 2019 Internet Security Threat Report, “Formjacking” attacks have skyrocketed to an average of 4,800 websites each month. This new threat basically involves copying consumers’ card details while they are making an online purchase. Infected web servers remove card details by injecting malicious JavaScript code fragments into the payment section, so that cybercriminals can sell this information on the lucrative dark web: with a dozen stolen credit cards for each compromised website, around $2.2 million could be generated per month.
The exponential growth of this cybercrime, which has brought huge profits to criminals, is likely to increase even further this year. In fact, Symantec claims to have blocked almost 4 million attacks of this type.
The main victims of formjacking, apart from consumers, are small and medium-sized businesses. However, the attacks on the Ticketmaster and British Airways websites were the most high-profile cases last year. As for the former, in addition to corrupt code on the website, a customer service chat bot created by a third party was found. And in the attack on the English airline, the data of 380 thousand credit cards was stolen, which is estimated to have earned the hackers around 17 million dollars.
The serious thing about this type of threat is that consumers do not realize whether they are visiting an infected online store or not. That is why it is advisable to use a comprehensive security solution so that personal and financial information is not vulnerable to potentially devastating identity theft. For businesses, the sudden rise in formjacking reflects the growing risk of supply chain attacks, as well as the reputational risks and legal liabilities that companies face.
How can we avoid being a victim?
Best practices for retailers and site owners include:
- Test new updates early in small test environments or sandboxes.
- Monitor the behavior of all system activities to identify unwanted patterns and block a suspicious application before any damage occurs.
- Site owners should use content security policies with root integrity (SRI) labels to block third-party embedded scripts.
- Install a firewall to facilitate network segmentation.
- Change default system passwords.
- Encrypting the transmission of cardholder data over open, public networks
- Use updated security software.
- Use strong authentication for remote systems.
- Test security systems and implement a vulnerability management program.
- Maintain security policies and implement training for staff.
- Operate with chip and PIN technologies.
- Implement system monitoring and integrity software to take advantage of its features, such as system locking, application control, or whitelisting.
Meanwhile, it is recommended that consumers:
- Track credit card bills for suspicious transactions.
- Only shop at safe, well-known stores and websites that are more likely to have good security measures in place.
