Australian online shoppers targeted in formjacking attacks
New research published by Norton, powered by Symantec, has uncovered a new threat that’s targeting Australians who are shopping online ahead of the busy festive period.
The report has uncovered an increase in attacks against online retailers, ticket sellers and airlines which are trying to intercept customer credit card details.
This type of attack is called formjacking which uses a malicious code to intercept credit card details and other information from payment forms on the checkout page of e-commerce sites.
Formjacking is nothing new but there has been a dramatic increase since mid-August 2018.
It was picked up by Symantec’s Intrusions Prevention System (IPS) technology which protects websites from these types of attacks.
HOW DOES FORMJACKING WORK?
Cyber criminals inject a JavaScript code into the site’s payment form which is there to collect all the entered information from the customer including payment card details and the user’s personal information including their name and address.
One method attackers use is a supply chain attack to gain access to the website and change the code on its payment page.
The attackers can then use this information when it is submitted by the customer for credit card fraud or sell these details to other criminals on the dark web.
HOW BIG IS THE PROBLEM?
According to Symantec, since August 13 almost a quarter of a million attempts at formjacking have been blocked.
More than one third of these blocks (36 per cent) occurred in the week between September 13-20 which, when compared to the same week a month earlier, has more than doubled.
Data shows that any company anywhere in the world which processes payments online is a potential victim of formjacking.
WHO IS BEING ATTACKED?
There have been publicly reported attacks which targeted large e-commerce businesses including Ticketmaster and British Airways.
Over a three-day period from September 18-20, Symantec observed 57 websites had been impacted ranging from small niche online retail sites to larger retail operations.
The websites affected range from a fashion retailer in Australia to a supplier of outdoor accessories in France and a fitness retailer in Italy.
Sites may not even realise they are victims of formjacking because their websites continue to operate normally and attackers like Magecart, who were behind the attacks on British Airways and Ticketmaster, are sophisticated enough to take steps to avoid detection.
HOW DO YOU PROTECT YOURSELF?
Symantec customers are protected from formjacking attacks through network-based protection and file-based protection.
Website owners can also use content security policies to detect and lockdown any integrated third-party script.