Online retailers and other organisations using ecommerce functionality must prepare for the threat of formjacking, Symantec has warned, after detecting 3.7 million instances of the attack method in 2018.
Formjacking works by inserting malicious JavaScript code into the payment form of an organisation’s online checkout and siphoning off customers’ card details.
It’s particularly dangerous because there’s almost no way to spot whether a page has been compromised. The payment proceeds as normal, and the only way a customer will know they’ve been attacked is when charges show up on their bank statement or the organisation discloses a breach.
Who is being targeted?
Any organisation that accepts online payments is vulnerable to formjacking, but crooks tend to target smaller organisations that have less sophisticated defence mechanisms. This makes it easier to plant malware and for it to remain undetected on the organisation’s systems for longer.
According to Symantec, organisations that work with large companies are particularly vulnerable, as crooks can use them to conduct supply chain attacks. This involves exploiting a vulnerability in a system that’s used to provide services to a third party.
Supply chain attacks were the cause of several high-profile formjacking attacks in 2018, including those against Ticketmaster, British Airways, Feedify and Newegg.
Why are organisations being attacked?
John Moss, CEO of English Blinds, says:
Formjacking has been on the rise in recent months for a combination of reasons. First of all, the well-publicised success of Magecart groups across several high-profile attacks have served as something of an endorsement to others, but the greater part of the problem is that most businesses are simply unprepared for attacks of this type, and have no protocols in place to identify and mitigate them.
Additionally, it is almost impossible to identify if the JavaScript code of a page has been compromised as the intended payments are also processed as normal, and so a significant amount of jacks may take place before a problem is flagged, making it a highly lucrative and reasonably safe attack method for well-prepared antagonists.
To protect and mitigate against formjacking attacks, organisations first of all need to recognise the fact that they pose a real threat in the first place, and that no organisation is too small or low profile as to serve as a completely unappealing target.
Setting up protocols to execute regular penetration tests and vulnerability scans is vital for any organisation, and will ensure that potential threats are identified and eradicated before they can become a problem.
Shayne Sherman, CEO of TechLoris adds:
Hackers are looking for the quick, big win – and of course, a challenge. Identity theft is useful only if you can either a) use the identity stolen or b) sell that information. For those able to hack into larger databases of information, they can collect a larger amount of data that can then be sold. They run a smaller risk as they won’t be caught using a stolen identity. Someone else will then take that risk.
Who is behind the attacks?
The majority of formjacking attacks have been blamed on Magecart, which is believed to be a collection of cyber crime groups.
However, Magecart’s methods aren’t unique. Attacks don’t require any specialist knowledge or technology, meaning any crook could conduct one.
With a single piece of payment card information fetching about $45 (about £34) on the dark web, formjacking is an incredibly lucrative option. Its popularity may only grow further following the declining interest in cryptocurrency, which had previously sparked an increase in cryptojacking attacks.
Protect your business by paying attention
Sherman continues:
Hackers are successful because they are subtle. Making big changes sends up red flags, but by making small changes to source code, a hacker can infiltrate your system. If you’re checking these codes regularly, you’re more likely to catch these hackers before the damage is done.
You can detect malicious code and vulnerabilities that would allow crooks to plant that code by conducting regular vulnerability scans and penetration tests.
Vulnerability scans are automated tests that look for weaknesses in organisations’ systems and applications.
Organisations can use a variety of off-the-shelf tools to conduct vulnerability scans, each of which runs a series of ‘if–then’ scenarios that identify system settings or features that may contain known vulnerabilities.
Meanwhile, penetration testing is essentially a controlled form of hacking in which an ethical hacker, working on behalf of an organisation, looks for vulnerabilities in the same way that a criminal hacker would.
The objective of penetration testing is similar to vulnerability scanning, but it is more thorough and requires expertise and human interaction.
A version of this blog was originally published on 5 March 2019.
No Responses