Formjacking a growing threat due to e-commerce expansion

Font Size

FORMJACKING is emerging as a huge threat in the cyber world as attackers opt for “get rich quick” schemes.

“This year, it was all about formjacking…. We managed to block 3.7 million attacks throughout the year for formjacking across all our customers. This is a significant number when we compare it to other attacks that we have,” Sherif El-Nabawi, vice president for systems engineering of Symantec Asia Pacific & Japan, said in media briefing held in Holiday Inn Makati on March 13.

The media briefing presented the Internet Security Threat Report Volume 24 for 2018 by the Symantec Corp., a California-based software company. It provides security and information management solutions for companies.

Formjacking is an attack similar to skimming, where a chip inserted in the card slot of automated teller machine gets a client’s account information. Formjacking, it involves the use of JavaScript in a website to steal credit card information and transfer it to the attacker.

“You’re going into e-commerce [site]… You put in credit card details. What the attacker only does is to put a JavaScript in that page, which basically sends a copy of the credit card details to the attacker and at the same time, your transaction goes through. As a user, I don’t see anything wrong there…and this is the largest thing we’ve seen this year,” he said.

The report also showed that there were about 4,818 websites victimized per month in 2018. The report said this form of attack is booming because of “better returns” compared to other methods like cryptojacking, which involves cyber criminals running coin-miners on target’s devices unknowingly and using their central processing unit (CPU) power to mine cryptocurrencies.

“The value of stolen credit card details on the cyber underground is probably more assured than the value of cryptocurrencies in the current climate,” Symantec said in the report.

For example, an attacker can earn at least $2 million dollars through formjacking by stealing information of at least 10 credit card accounts from each of the 4,800 websites for $45 per account, versus cryptojacking which is highly dependent on the cryptocurrency values, Symantec said.

The company noted that there is a direct relationship between cryptojacking activities and values, thus the observed downtrend in this attack, as activities associated to this kind of scheme decreased by 52% while values dropped 90% in 2018.

“That doesn’t mean that you shouldn’t worry… It actually means that it’s a decrease because the groups are finding other ways to infiltrate… It’s still a threat and we’ve seen attacks based on it… It’s still a worry but there has been a decrease,” Mr. El-Nabawi said in an interview with BusinessWorld after the briefing.

It was the same case for ransomware as Symantec also noted a 20% decrease in ransomware activity in 2018.

“Up until 2017, consumers were the hardest hit by ransomware, accounting for the majority of infections. In 2017, the balance tipped towards enterprises, with the majority of infections occurring in businesses. In 2018, that shift accelerated and enterprises accounted for 81 percent of all ransomware infections. While overall ransomware infections were down, enterprise infections were up by 12 percent in 2018,” the company said in the report.

Symantec said this shift was due to enterprises being more vulnerable to attacks through e-mails as it remains as a primary tool for companies.

In addition to this, since consumers usually use mobile phones, they can back up data through cloud, while enterprises usually use Window-based computers, which are the usual targets of ransomware attackers.

Also, the Internet of things (IoT) was still one of the main entry points of attackers, with routers and cameras accounting for 90% of the infected devices. Symantec also noted that “smartphones can be the greatest spying device ever created,” with the sheer number of applications people install in these devices. — Vincent Mariel P. Galang