Formjacking is emerging to be one of the most favorite methods of hacking among cybercriminals across the globe.
Formjacking is the hacking technique in which cybercriminals target retail websites with a malicious code that helps them in snatching customers’ credit card information. Thousands of websites are targeted every month in this manner and this kind of attack could even be termed as a virtual equivalent to ATM skimming.
The 2019 Internet Security Threat Report released recently by security firm Symantec highlights the rising popularity of Formjacking among cybercriminals. The executive summary of the report says, “Like flies to honey, miscreants swarm to the latest exploits that promise quick bucks with minimal effort. Ransomware and cryptojacking had their day; now it’s formjacking’s turn.”
The Symantec report reveals that over 4,800 websites are targeted every month by criminals using this technique. The executive summary explains, “Formjacking attacks are simple and lucrative: cyber criminals load malicious code onto retailers’ websites to steal shoppers’ credit card details, with 4,800+ unique websites compromised on average every month. Both well-known (Ticketmaster and British Airways) and smallmedium businesses were attacked, conservatively yielding tens of millions of dollars to bad actors last year. All it takes is 10 stolen credit cards per compromised website to result in a yield of up to $2.2M per month, as each card fetches up to $45 in underground selling forums. With more than 380,000 credit cards stolen, the British Airways attack alone may have netted criminals more than $17 million.”
Symantec had blocked over 3.7 million formjacking attacks last year; such attacks happen more during the holiday shopping season, when it becomes a very attractive proposition for hackers as people use credit cards rampantly to make purchases. A Symantec press release quotes CEO Greg Clark as saying, “Formjacking represents a serious threat for both businesses and consumers. Consumers have no way to know if they are visiting an infected online retailer without using a comprehensive security solution, leaving their valuable personal and financial information vulnerable to potentially devastating identity theft. For enterprises, the skyrocketing increase in formjacking reflects the growing risk of supply chain attacks, not to mention the reputational and liability risks businesses face when compromised.”
Hackers have started liking formjacking especially because returns have started diminishing on some of the older hacking techniques. The Symantec report points out that there has been a 20% decline in ransomware instances; this is happening for the first time since 2013. (However, there has been a 12% increase in enterprise ransomware infections, proving that ransomware is still a threat to organizations.) There is a decline in cryptojacking activity also, but cryptojacking still has some amount of appeal owing to reasons like minimal overload, anonymity and low barrier of entry.
The Symantec press release says that 2018 brought drop-offs in ransomware and cryptojacking activity and diminishing returns, “…primarily due to declining cryptocurrency values and increasing adoption of cloud and mobile computing, rendering attacks less effective.”
The press release further reads, “Although cryptojacking activity peaked early last year, cryptojacking activity declined by 52 percent throughout the course of 2018. Even with cryptocurrency values dropping by 90 percent and significantly reducing profitability, cryptojacking nonetheless continues to hold appeal with attackers due to the low barrier of entry, minimal overhead, and anonymity it offers. Symantec blocked 3.5 million cryptojacking events on endpoints in December 2018 alone.”
Today, when cybercriminals are coming up with all kinds of innovative hacking techniques, it’s best for everyone to follow best security practices and ensure that card data is entered only on secure websites; it’s also important that everyone stays safe of phishing scams, which lead to most other cyberattacks.