Form-Jacking Attacks Hit High Profile Companies
Research by Security Company Symantec has revealed that high profile companies such as BA and Ticketmaster are among the many thousands of businesses whose websites are being targeted with "form-jacking" attacks every month.
What Is Form-Jacking?
When a user hits the submit button on a checkout page that contains the malicious code, the user’s payment and personal details are sent to an attacker’s servers where the attacker can use this information to perform payment card fraud or sell these details on to other criminals on the dark web.
Pages that have been compromised in this way aren’t easy to spot, and to the naked eye, the checkout process looks normal.
How Big Is The Problem?
Symantec claims to have stopped more than 3.7 million form-jacking attacks in 2017, and between August and September 2018, the company says that it blocked 248,000 attempts at form-jacking. The fact that 36% of these blocks took place from September 13th to September 20th was an indicator that form-jacking attempts were escalating towards the end of last year.
Symantec reports that 4,800 websites are being hit by form-jacking attacks every month.
High profile examples of victims of form-jacking given by Symantec include British Airways and Ticketmaster who were both targeted by the ‘Magecart’ hacking group.
What Does This Mean For Your Business?
Companies can use network-based and file-based protection against form-jacking, and ways to stop attackers getting in to inject the code include using firewalls to block all incoming connections from the internet to services that should not be publicly available, enforcing a (complex) password policy, turning off file sharing if not needed, turning off and removing unnecessary services, keeping patching up to date, and configuring email servers to block or remove emails that contains file attachments that are commonly used to spread threats e.g. .vbs, .bat, .exe, .pif and .scr files.
Also, companies should guard against software supply chain attacks by testing new updates, even seemingly legitimate ones, in small test/sandbox environments, and by monitoring the behaviour of all activity on a system to help identify any unwanted patterns.