After the US and Australia, users in India were most exposed to formjacking attacks – malicious JavaScript code – in the first half of this year, according to a new report by cyber security company Symantec. In formjacking attacks, cyber criminals find a way to change one of the JavaScript files being loaded as part of the website.
This implanted malicious JavaScript code alters the behaviour of the targeted web form or process on the compromised website to surreptitiously steal payment card data and other personal information in the background.
But formjacking is not just about payment card data, it also is used to steal passwords and other personal data from websites.
On an average, websites compromised in this way stay infected for 46 days, Symantec said in its “Internet Security Threat Report”.
In the first six months of 2019, 52 per cent of all global formjacking attacks targeted users in the US, while 8.1 per cent of the global attacks targeted users in Australia. India ranks third with nearly six per cent of global detections of formjacking.
Symantec reported a major uptick in formjacking attacks recently, with publicly reported attacks on the websites of companies including Ticketmaster, British Airways, Feedify and Newegg by a number of groups summarised as Magecart being the most prominent examples.
“Each month we discover thousands of formjacking infected websites, which generate millions of dollars for the cyber criminals,” warned Candid Wueest, Principal Threat Researcher at Symantec.
In a traditional data breach, the motivation of the perpetrator is not always to misuse the data, sometimes they just want to highlight security inadequacies. With formjacking, however, the attacker almost always wants to make a profit from the stolen information.
“Consumers often don’t notice that they have become a victim to a formjacking attack as it can happen on a trusted online store with the HTTPS padlock intact. Therefore, it is important to have a comprehensive security solution that can protect you against formjacking attacks,” added Wueest.
Symantec said it has blocked more than 2.3 million formjacking attacks globally in the second quarter of 2019.