After Ransomware And CryptoJacking , Now it is "FormJacking" : Newer Cyber Threat

Earlier we had talked about Ransomwares and CryptoJacking, but now security researchers have found new Cyber threat known as FormJacking. CryptoJacking a technique, where Cybercriminals are using your computer to mine Cryptocurrency. Whereas, Ransomware, your computer device infects through a file extension. But in Cryptojacking it infects your computer through a browser.

The definition of FormJacking, A type of virtual ATM skimming, the Cyber criminals inject malicious code into retailers’ websites to steal shoppers’ payment card details. An average more than 4800 websites are compromised with formjacking attack in a month. Formjacking represents a serious threat for both businesses and consumers.

Ransomware and cryptojacking, where cyber criminals harness stolen processing power and cloud CPU usage from consumers and enterprises to mine cryptocurrency, were the go-to methods for cyber criminals looking to make easy money. However, 2018 brought drop-offs in activity and diminishing returns, primarily due to declining cryptocurrency values and increasing adoption of cloud and mobile computing, rendering attacks less effective. A study shows, enterprise ransomware infections jumped by 12 percent in 2018 as compared to last year, bucking the overall downward trend and demonstrating ransomware’s ongoing threat to organizations. In fact, more than eight in ten ransomware infections impact organizations.

The USP of Formjacking is, victims may not realize they are victims of formjacking as generally their websites continue to operate as normal, and attackers like Magecart are sophisticated and stealthy and take steps to avoid detection.

Symantec has seen a major uptick in formjacking attacks recently, with publicly reported attacks on the websites of companies including Ticketmaster, British Airways, Feedify, and Newegg by a group called Magecart being the most notable examples.

Formjacking is a term we use to describe the use of malicious JavaScript code to steal credit card details and other information from payment forms on the checkout web pages of e-commerce sites. Formjacking is not a new technique, but recent campaigns are interesting as they are large, sophisticated, and have increased dramatically since mid-August 2018.

How does formjacking work?

When a customer of an e-commerce site clicks “submit” or its equivalent after entering their details into a website’s payment form, malicious JavaScript code that has been injected there by the cyber criminals collects all entered information, such as payment card details and the user’s name and address. This information is then sent to the attacker’s servers. Attackers can then use this information to perform payment card fraud or sell these details to other criminals on the dark web.

Greg Clark, CEO of Symantec, said in a statement. “Consumers have no way to know if they are visiting an infected online retailer without using a comprehensive security solution, leaving their valuable personal and financial information vulnerable to potentially devastating identity theft.

The report analyzes data from Symantec’s Global Intelligence Network, the largest civilian threat intelligence network in the world, which records events from 123 million attack sensors worldwide, blocks 142 million threats daily, and monitors threat activities in more than 157 countries.

Formjacking attacks are simple and lucrative: cyber criminals load malicious code onto retailers’ websites to steal shoppers’ credit card details, with 4,800+ unique websites compromised on average every month. Both well-known (Ticketmaster and British Airways) and small-medium businesses were attacked, conservatively yielding tens of millions of dollars to bad actors last year.

All it takes is 10 stolen credit cards per compromised website to result in a yield of up to $2.2M per month, as each card fetches up to $45 in underground selling forums. With more than 380,000 credit cards stolen, the British Airways attack alone may have netted criminals more than $17 million.

For enterprises, the skyrocketing increase in formjacking reflects the growing risk of supply chain attacks, not to mention the reputational and liability risks businesses face when compromised.