Formjacking: The new hack of cyber criminals to pilfer millions from consumers

Cyber experts cannot stress enough on how rapidly the threat landscape of cyber security keeps changing and how important it is for companies to invest in security to stay ahead of the curve. Hackers are getting sophisticated and every year they figure out a new way to siphon off millions from the government, businesses, and consumers.

Last year, it was cryptojacking, defined as the secret use of a computing device to mine cryptocurrency. However, it seems due to falling value of cryptocurrencies, it is no longer a lucrative option for hackers as it used to be. In 2017, according to a report by cyber security giant Symantec, Cryptojacking attacks rose by a massive 8,500 per cent around the globe. But cryptojacking activity declined by 52 per cent throughout the course of 2018, reveals Syamntec's annual threat report.

The cyber criminals, however, have already found an alternative method. According to the report, Formjacking is the "new get rich quick scheme for cyber criminals".

"Formjacking attacks are simple - essentially virtual ATM skimming - where cyber criminals inject malicious code into retailers' websites to steal shoppers' payment card details," the report says.

"Symantec data shows that 4,818 unique websites were compromised with formjacking code every month in 2018. With data from a single credit card being sold for up to $45 on underground markets, just 10 credit cards stolen from compromised websites could result in a yield of up to $2.2 million for cyber criminals each month," it added.

According to the company, it blocked more than 3.7 million formjacking attacks on endpoints in 2018, with nearly a third of all detections occurring during the busiest online shopping period of the year - November and December.

The report also revealed that for the first time since 2013, ransomware infections declined, dropping by 20 per cent. However, it warned that enterprises should not let their guard down as enterprise ransomware infections jumped by 12 per cent in 2018 as compared to last year, bucking the overall downward trend and demonstrating ransomware's ongoing threat to organisations. In fact, more than eight in ten ransomware infections impact organisations, it added.

Here are some other interesting findings of the report:

• The same security mistakes that were made on PCs during their initial adoption by the enterprise are now happening in the cloud. A single mis-configured cloud workload or storage instance could cost a company millions of dollars or land it in a compliance nightmare. In the past year alone, more than 70 million records were stolen or leaked from poorly configured S3 buckets.
• Supply chain and living off the land (LotL) attacks are now a mainstay of the modern threat landscape, widely adopted by both cyber criminals and targeted attack groups. In fact, supply chain attacks ballooned by 78 per cent in 2018.
• While the volume of Internet of Things (IoT) attacks remains high and consistent with 2017 levels, the profile of IoT attacks is changing dramatically. Although routers and connected cameras make up the largest percentage of infected devices (90 per cent), almost every IoT device has been proven vulnerable, with everything from smart light bulbs to voice assistants creating additional entry points for attackers."
• Smart phones could arguably be the greatest spying device ever created. According to Symantec research, 45 per cent of the most popular Android apps and 25 per cent of the most popular iOS apps request location tracking, 46 per cent of popular Android apps and 24 per cent of popular iOS apps request permission to access your device's camera, and email addresses are shared with 44 per cent of the top Android apps and 48 per cent of the most popular iOS apps.

ALSO READ: Public sector banks zoom up to 19% on fund infusion plan