Formjacking ‘Breakthrough Threat of the Year’: Report

Formjacking ‘Breakthrough Threat of the Year’: Report

February 28, 2019

Cybercriminals are consistently growing more creative, looking for the easiest attack method that will deliver the greatest returns. Increasingly, criminals are targeting e-commerce businesses, evidenced by the latest findings from Symantec.

According to Symantec’s 2019 Internet Security Threat Report, formjacking saw a spike in activity in May 2018 which led to the threat growing increasingly prevalent as the year went on.

The research found that more than 4,800 unique websites were compromised with formjacking code every month. In fact, formjacking attacks—which are essentially virtual ATM skimming, where cybercriminals inject malicious JavaScript code into retailers’ websites to steal shoppers’ payment card detailssurpassed both ransomware and cryptojacking last year, making it the top cyber threat of 2018.

“Much of this formjacking activity has been blamed on actors dubbed Magecart, which is believed to be several groups, with some, at least, operating in competition with one another. Magecart is believed to be behind several high-profile attacks, including those on British Airways and Ticketmaster, as well as attacks against British electronics retailer Kitronik and contact lens seller VisionDirect,” the report said.

“The surge in formjacking attacks in 2018 reinforced how the supply chain can be a weak point for online retailers and e-commerce sites. Many of these formjacking attacks were the result of the attackers compromising third-party services commonly used by online retailers, such as chatbots or customer review widgets.”

Previous-Article-CNP Next-Article-CNP

Identifying Credential Stuffing for Account Takeovers

  • Share this Article:
Kacy Zurkus