After Ransomware and CryptoJacking The New Form of Cyber Threat is “FormJacking”

Formjacking
Formjacking

Earlier we had talked about Ransomwares and CryptoJacking, but now security researchers have found new Cyber threat known as FormJacking.

CryptoJacking a technique, where Cybercriminals are using your computer to mine Cryptocurrency.

Whereas in Ransomware, your computer device infects through a file extension. But in Cryptojacking it infects your computer through a browser.

What is FormJacking?

A type of virtual ATM skimming, the Cyber criminals inject malicious code into retailers’ websites to steal shoppers’ payment card details. An average more than 4800 websites are compromised with formjacking attack in a month.

“Formjacking represents a serious threat for both businesses and consumers,” Greg Clark, CEO of Symantec, said in a statement. “Consumers have no way to know if they are visiting an infected online retailer without using a comprehensive security solution, leaving their valuable personal and financial information vulnerable to potentially devastating identity theft.”

How does FormJacking Work?

1. Attacker injects malicious script into targeted web page.

2. User loads web page and fills in form to make purchase.

3. When users submit the form to complete a purchase the form data us sent to the merchant website.

4. A copy of the form data, including payment card details, is also sent to the cyber attacker.

The report analyzes data from Symantec’s Global Intelligence Network, the largest civilian threat intelligence network in the world, which records events from 123 million attack sensors worldwide, blocks 142 million threats daily, and monitors threat activities in more than 157 countries.

Formjacking attacks are simple and lucrative: cyber criminals load malicious code onto retailers’ websites to steal shoppers’ credit card details, with 4,800+ unique websites compromised on average every month. Both well-known (Ticketmaster and British Airways) and small-medium businesses were attacked, conservatively yielding tens of millions of dollars to bad actors last year.

All it takes is 10 stolen credit cards per compromised website to result in a yield of up to $2.2M per month, as each card fetches up to $45 in underground selling forums. With more than 380,000 credit cards stolen, the British Airways attack alone may have netted criminals more than $17 million.

“Formjacking represents a serious threat for both businesses and consumers,” said Greg Clark, CEO, Symantec. “Consumers have no way to know if they are visiting an infected online retailer without using a comprehensive security solution, leaving their valuable personal and financial information vulnerable to potentially devastating identity theft.

For enterprises, the skyrocketing increase in formjacking reflects the growing risk of supply chain attacks, not to mention the reputational and liability risks businesses face when compromised.”

Join Our Club

Enter your Email address to receive notifications | Join over Million Followers

Leave a Reply
Previous Article
Improve Wordpress Site Security

How WordPress Audit Logs Improve Your Sites Management And Security

Next Article
WhatsApp Bug

WhatsApp Bug- To Allows iPhone Users to Bypass Face IDs Or Touch IDs

Related Posts
Total
0
Share