Cyber criminals turn to ‘formjacking’ to steal online consumers’ payment card info

Symantec’s Sherif El-Nabawi discusses Symantec’s latest Internet Security Threat Report

Alongside the growing number of connected users in the Philippines comes the increasing number of consumers going online to shop, paving for e-commerce to thrive and grow as well.

But a thriving and growing e-commerce is also an opportunity for cybercriminals to make money by engaging in “formjacking”, a method where malicious code is injected into retailers’ websites to steal shoppers’ payment card details—according to Symantec’s latest Internet Security Threat Report.

Formjacking is the new get-rich quick scheme for cybercriminals, according to the report, which also pointed out that cybercriminals are getting diminished returns from other illegal activities such as cryptojacking and ransomware.

On average, more than 4,800 unique websites are compromised with formjacking code every month. Symantec blocked more than 3.7 million formjacking attacks on endpoints in 2018, with nearly a third of all detections occurring during the busiest online shopping period of the year – November and December.

Symantec’s research reveals small and medium-sized retailers are also most widely compromised—not just well-known retailers’ online payment websites.

Cyber criminals may have collected tens of millions of dollars last year, stealing consumers’ financial and personal information through credit card fraud and sales on the dark web. Just 10 credit cards stolen from each compromised website could result in a yield of up to $2.2 million each month as a single credit card can fetch up to $45 in underground selling forums.

“Formjacking represents a serious threat for both businesses and consumers,” said Symantec CEO Greg Clark. “Without using a comprehensive security solution, consumers have no way to know if they are visiting an infected online retailer, leaving their valuable personal and financial information vulnerable to potentially devastating identity theft. For enterprises, the skyrocketing increase in formjacking reflects the growing risk of supply chain attacks, not to mention the reputational and liability risks businesses face when compromised.”

According to the report, 2018 saw a decline in activity and diminishing returns for ransomware and cryptojacking, primarily due to declining cryptocurrency values and the increasing adoption of cloud and mobile computing, rendering attacks less effective.

For the first time since 2013, ransomware infections declined, dropping by 20 percent.

Despite this, however, enterprises should not let their guard down: Enterprise ransomware infections jumped by 12 percent in 2018, bucking the overall downward trend and demonstrating ransomware’s ongoing threat to organizations. In fact, more than eight in ten ransomware infections impact organizations.

Although cryptojacking activity peaked early last year, cryptojacking activity declined by 52 percent throughout the course of 2018. Even with cryptocurrency values dropping by 90 percent and significantly reducing profitability, cryptojacking nonetheless continues to appeal to attackers because of the low entry barrier, minimal overhead and the anonymity it offers. Symantec blocked 3.5 million cryptojacking events on endpoints in December 2018 alone.