Hackers & Attackers are 'Formjacking' Thousands of Website to Steal User Data Every Month

According to a new report from security research firm Symantec, cyber criminals and other hacker syndicates are carrying out ‘formjacking’ attacks at an increasing rate. It has evolved and become stealthier in the last couple of months, where attackers are now injecting malicious codes into websites to steal more than just credit card information.

In case you aren’t aware about it, formjacking is a type of cyber attack where hackers inject malicious JavaScript code into a webpage form - most often a paymet page form. This implanted malicious JavaScript code alters the behavior of the targeted web form or process on the compromised website to surreptitiously steal payment card data and other personal information in the background. As a continuation from Symantec’s ISTR 24 report, Symantec has launched an in-depth analysis on formjacking attacks that are frequently in the news highlighting how websites and consumers have been affected in the last one year.

Symantec has seen a major uptick in formjacking attacks recently, with publicly reported attacks on the websites of companies including Ticketmaster, British Airways, Feedify, and Newegg by a number of groups summarized as Magecart being the most prominent examples. “Each month we discover thousands of formjacking infected websites, which generate millions of dollars for the cyber criminals,” states Candid Wueest, Principal Threat Researcher, Symantec.

As per the report, India ranks third with 5.7 percent of global detections. Symantec highlights in the report that they have blocked more than 2.3 million formjacking attacks globally in Q2/2019. In the first six months of 2019, users in the US were by far the most exposed to formjacking attacks with 52 percent of all global attacks,

Each month we discover thousands of formjacking infected websites, which generate millions of dollars for the cyber criminals

up from 33 percent in 2018.

With such sophisticated attacks, website owners should be aware as this could generate attached costs for affected organizations resulting from things like customer notification processes and possible fines. In addition to the cost of the data breach, there is also a loss of customer trust and damage to the organization’s brand reputation. This can be especially devastating for online stores which heavily depend on customer orders.

“Consumers often don’t notice that they have become a victim to a formjacking attack as it can happen on a trusted online store with the HTTPS padlock intact. Therefore, it is important to have a comprehensive security solution that can protect you against Formjacking attacks,” adds Wueest.

With sophisticated and stealthy attackers like Magecart, the solution for being safe for website owners is to use several different methods to protect their web presence from formjacking. A baseline standard should be to harden any server or service used for hosting the website. This includes scanning local files for any malicious scripts and implementing change control measures to validate and authorize all changes - similar to classic defacement prevention. They must monitor behavior of all activity on a system that can also help identify any unwanted patterns and allow you to block a suspicious application before any damage can be done.

Formjacking attacks are increasing in volume. The reason for this is twofold: they are difficult to detect for end users and can be very lucrative for cyber criminals. In addition, the attacks are quite simple to conduct, and the injected malicious JavaScript is not difficult to create. Formjacking is showing no signs of disappearing any time soon. Therefore, operators of online stores need to be aware of the risk and protect their online presence.