Formjacking is a new invisible threat in cyberspace today. The term “Formjacking” is a combination of “online/website form” and “hijacking”. This term brings about the digital version of the well-known skimming by cybercriminals.
Like it sounds, this kind of threat involves a cybercriminal taking over forms on websites by exploiting their security weaknesses. Cybercriminals use lines of malicious JavaScript code on the checkout page forms of e-commerce websites to steal client payment information such as credit card numbers, usernames, and passwords, social security numbers among other important/private data. The major aim of form jacking is to reap the maximum amount of valuable data possible that website clients submit via e-commerce forms.
How Does This Occur?
There are many form jacking vectors that cybercriminals will use to launch attacks to get access to any information that they want, as noted below;
Fraudsters prepare card slots at ATMs with their own card reader. The pin code is spied out simultaneously with small cameras. The credit card is often duplicated with the collected data.
The user’s payment card data can be trapped when they use the card on an e-commerce payment page that has been injected with a JavaScript code. When the user clicks “submit,” the malicious JavaScript code collects the entered information. This code is injected on e-commerce sites by cyber threat actors to gather information like payment card details, home, and business addresses, phone numbers, and more. Once the information has been collected, it is then transferred to the attacker’s servers, which are then used for financial gain.
Another menace may happen when the criminals use this data for identity theft or payment card fraud.
Summit’s 2018 project frontline that brings about Cyberspace Security Report, shows that 92% of credential gathering and data exfiltration was achieved from different websites and online forums.
Notable Examples of Formjacking Attacks that have been successful include British Airways and Ticketmaster attacks that were believed to be perpetrated by Mage cart. The British Airways attack resulted in more than 380,000 credit cards being stolen at an estimated loss of $17 million. This is in addition to the record £183 million fine that was levied against the company due to its lack of General Data Protection Regulation (GDPR) compliance. GDPR allows fines of up to 4% of a company’s annual turnover for noncompliance.
Who’s Behind the Attacks?
Formjacking belongs to man-in-the-middle attacks, during which attackers position themselves unnoticed between the communication partners using malware. But who are the unknowns? Known to move since 2015, “Mage cart” refers to a minimum of seven different hacking groups and has become a household name in recent years as these groups were responsible for the well-known cyberattacks on large companies including British Airways, Ticketmaster, and Newegg.
Mage cart attack methods involve a browser-based injection of malicious JavaScript code, often well-disguised as a Google tag or other common website analytics code snippet. This malicious code “skims” form entry fields for payment card data, names, addresses, and even personal information or protected health information (PHI)–depending on what sort of website is attacked.
Mage cart attackers are best known for hacking into Magneto handcart pages, but they're not limited to only payment card data. Formjacking has been discovered on all types of pages and sites: healthcare sites, login pages, etc.
How Can You Protect Yourself?
Online users may fail to detect and prevent jacking during online shopping because the infected pages look unchanged. It is therefore advisable to restrict purchases to large shops which, in contrast to small e-commerce websites, are equipped with more extensive security systems.
Use the best software that gives you total security from all the threats and cyber-crimes that can happen on the big sites.
Credit cards should even have a second level of defense within the sort of 3D Secure in MasterCard systems. For example, no transaction is possible without a Transaction Authentication Number (TAN) code sent to the user’s smartphone.
The responsibility for protecting user’s data against e-skimming attacks lies back to the companies. The company must keep its security systems up to date. This is to specialize in keeping entry gates for malware into the system, closed with extensive protective measures.
Running vulnerability scanning and penetration testing to identify loopholes or weaknesses in your cybersecurity defenses.
Monitoring outbound traffic on your site to be aware of any traffic from your site to another location.
Comments
Post a Comment