Formjacking is a new type of threat that’s being compared to ATM skimmers, and the only way to protect your website is by putting the best security measures in place
Chances are that you have never heard of formjacking at all. Or you may have heard that it’s the internet version of an ATM skimmer.
For those who’ve never heard of it, formjacking has just been highlighted in the newest Symantec Internet Security Threat Report. The report lists this cybercrime as one of the most serious and lucrative attacks in the history of cyber-badness. Symantec says that it’s so successful that about 4,800 websites are infected with formjacking software every month.
Stealing credit card info
What happens is that a bad actor places a small piece of code on to an e-commerce website and then waits. In a typical event, the code reads credit card information as the victim enters it, and then sends that information to the bad guy. Meanwhile, the actual e-commerce transaction goes through as if nothing has happened. The victim never knows that the credit card information has been stolen — until it shows up on a malicious site or charges start showing up on card statements.
Malicious code in disguise
“From a consumer standpoint, there’s nothing to see,” says Kevin Haley, director of product management for security response at Symantec. “It’s the equivalent of a skimmer at an ATM unless you can go through the code on a website.” But chances are, you won’t find it even if you look. Malware developers are good at disguising malicious code as harmless or routine.
“It’s up to the website owners to protect against this threat,” Haley says. He noted that some major e-commerce sites have been caught with formjacking software on their websites, “but small and medium businesses are more likely to be affected”. The reason smaller businesses can be a target is because they are less likely to have the sophisticated protection that larger sites have.
How to protect websites
“Some of these attacks are going through third-party applications such as chats and surveys,” Haley explains, saying that it’s important to have a strong relationship with the supplier of such software. “You should test updates before using them,” Haley says. Then, “scan your websites looking for unexpected code”.
It’s important that you find tools that will let you lock down your websites and alert you if there are any changes. This includes following security best practices regarding managing and protecting your websites.
Cybercriminals have now shifted their target from consumers to enterprises
No comments:
Post a Comment