Formjacking.. It’s the get rich quick scheme cyber criminals love to use, so here’s everything else you need to know about this relatively new kind of cyber-attack…
What is it?
Formjacking is a relatively new method of stealing digital information. It uses malicious JavaScript code to steal valuable data like credit card information from payment forms on the checkout pages of e-commerce websites. It’s particularly problematic because the entire attack happens without any visible warning signs, so often the victim and even the website owners will have no idea anything has happened until it is far too late.
When did it start?
We first started hearing about formjacking attacks towards the end of 2018, thanks to a series of security updates from Symantec.
What websites are targeted for formjacking?
Interestingly enough, the websites that typically fall victim to formjacking attacks are generally very well established, reputable and trusted brands, often whom have spent millions of pounds on developing a sophisticated cyber security strategy. Why is this the case, well because the bigger the brand the greater the number of customers and the greater the number of customers the more data there is to be stolen. Hackers using formjacking will also look out for websites that are already using lots of third-party JavaScript code because this makes it easy to disguise the JavaScript code they need to implement, in order to make the formjacking happen.
Why are hackers using formjacking more and more?
Well the answer to this question is easy. Formjacking is simple to implement, hard to detect and very lucrative. To put that last point into perspective, Rapid Spike estimate that the data formjacked from the British Airways website could net hackers up to $19,000,000!
What can you do to protect against formjacking attacks?
As there is no single (or simple!) answer to this question, we’re going with a bullet pointed list of what you can do to best protect your business, not just from formjacking attacks but from hackers in general.
Invest in a fully patched server with no vulnerabilities. This is especially useful in protecting against formjacking because the JavaScript it relies on is stored on the server.
Keep a close eye on your data! If you notice large volumes of data leaving your website without warning, this could be one of the very few indications that something is afoot. The idea here is that thieves need to send the data they’ve stolen somewhere so they can ultimately sell it, so keeping an eye on where data from your website is going, could be the first clue you’ve been hacked.
Test any software updates in small test environments to try and detect any suspicious behaviour. This is worth doing because many of the formjacking attacks we know about used Supply Chain Attacks as the infection vector. You can read more about that here.
How serious is a formjacking attack?
In short, it’s serious. With the likes of regulations like GDPR and the hefty fines a breach of these regulations can carry, it’s very important that your website and the data it is responsible for is incredibly well protected. Falling victim to a formjacking attack due to poor security could land your business with a very big bill!
What should I do next?
If you’re concerned your ecommerce business or online shop could fall victim to a formjacking attack, then get in touch with our cyber security experts today and we’ll help you put the right security measures in place.
Dynamic Insights & Advice
Dynamic Networks Group Continues Its Expansion
Dynamic Networks Group continues its expansion with the acquisition of Peak Support Services Ltd, a Derbyshire based Cloud MSP.
Dynamic Networks completes a Management Buyout and commences its acquisition strategy
David Smith (CEO) and Gareth Leece (COO) have successfully completed an MBO of Dynamic Networks, working with Paul Landsman of Kingland Capital. The MBO provides for a simplification of the Board structure to allow for its continued accelerated growth strategy.
10 reasons to archive your business emails in the cloud
For most organisations, email has become an essential part of daily workflow and communications. However, many businesses are unaware of the importance of archiving their emails and having an email retention strategy.
Planning a successful migration to the cloud
Moving to the cloud comes with multiple benefits. For most businesses, it usually means reducing running costs, faster modernisation capabilities and increased security.
2021 IT trends your business should be thinking about
Here are our top IT trends and predictions your business should be thinking about now to prepare for 2021.
The end of Skype for Business is closer than you think...
Microsoft have recently announced that Skype for Business Online will be retiring on July 31, 2021.