The 2018 holiday season brought a new kind of Grinch. Late in the year, Symantec revealed that hackers had begun to employ a nearly invisible new tactic called formjacking. According to the Internet Security Threat Report, Symantec blocked nearly four million formjacking attacks in 2018. One third of those attacks occurred during November and December.
Remember ATM skimmers that steal credit card information when you swipe your card? Think of formjacking as the online version of skimming. Hackers infect an online order form with malicious JavaScript. Then, when you enter your card information to make a purchase, the code transfers that data to the hackers.
With formjacking, cyber-criminals gain a big payout for relatively little effort. First, they look for targets that process large amounts of sensitive data, particularly sites that use third-party JavaScript technology. Then they inject a small amount of code and sit back to wait for the data to arrive. Finally, they can sell stolen credit card information for about $45 per card.
Some experts consider formjacking one of the most dangerous hacking methods yet, for several reasons. First, shoppers have almost no chance of detecting an attack until they see something unusual on their credit card statement. Even website owners struggle to detect anomalies in thousands of lines of code.
Second, because it can take days or weeks to discover that an attack has occurred, it can prove difficult to identify the compromised website. Meanwhile, shoppers suffer identity theft and financial loss. And vendors suffer more than a reputation hit. They may also find themselves in violation of privacy laws with stiff penalties.
Finally, while news reports have focused attention on the acquisition of credit card information, keep in mind that formjacking can capture anything entered into a form. This can include login credentials, health information, tax data and more.
Symantec reports that hackers infect approximately 4,800 sites each month. Small to medium-size businesses take the biggest hit, due to less robust cyber-security. However, larger companies, such as British Airways and Ticketmaster, have suffered attacks, as well. In many cases, the criminals gain entry by infecting smaller businesses in the supply chain.
The onus for preventing and detecting formjacking attacks falls to the e-commerce provider. Vendors must apply a defense-in-depth approach to e-commerce cyber-security, including measures like the following:
While no silver bullet exists to halt hackers in their tracks, you can take control of your cyber-security and reduce the risk. The retail cyber-security experts at eMazzanti can help you design a layered strategy to protect you and your customers from formjacking and other cyber-security threats.
Microsoft Copilot is a tool, powered by AI, that aims to boost your productivity within…
Making things happen is the art and science of project management. The process involves managing…
In today's fast digital life, website performance is important, as it holds visitors and ensures…
The FBI reported that cyber attacks against government facilities saw an increase of almost 36…
In today’s fast-paced, technologically advanced world, businesses of all sizes increasingly rely on digital systems…
You likely hear terms like "blockchain," "machine learning," and "cloud computing" without considering their real…