Security Roundup: Formjacking, SecBI, Firemon, Palo Alto Networks
Move over ransomware, formjacking has emerged as the latest attack of choice for cybercriminals looking to make a quick buck.
That’s according to Symantec’s 2019 Internet Security Threat Report, with details on the latest trends in cybersecurity, including cryptojacking, ransomware, cloud and the breakthrough threat of 2018: formjacking.
On average, 4,800 websites were compromised every month, and tens of millions of dollars may have been stolen as a result of formjacking attacks in 2018.
To get the lowdown on formjacking attacks, we spoke with Kevin Haley, Symantec‘s director of product management for security response.
Channel Futures: What is formjacking?
Kevin Haley: The easiest way to think about formjacking is to compare it to a real-world skimmer where the bad guys will take a little hardware device and they’ll put it on top of the credit card reader on an ATM or on a gas pump, and that way you go in there and you pay for gas, the retailer gets your number, the gas is paid for, but the bad guy also gets your credit card number and then can resell it. The virtual equivalent of that is formjacking, where instead of putting hardware on a web server, they’re inserting Java script malicious code into that web server so when they use [that] to make a purchase and enter their credit card information, that credit card information goes to the retailer and pays for the goods, but the bad guy has also captured a copy of it and now he has that information in order to resell it in the underground marketplace.
CF: Why has formjacking become so popular?
KH: Because it’s easy to do and so you can make a nice profit from it. You can get rich quick. That’s why people will get into cybercrime, right? Not to work hard, but to get rich quick. Somebody figured out how to make the money and then other people say, “Wow, you’re making money doing that; I’m going to do it too.” So you begin to see it grow.
CF: What types of organizations are being targeted by formjacking?
KH: It is retailers, people you can go and buy something from online, where you’re going to enter your credit card. And when you think about it, when you’re doing a purchase on the web as opposed to in real life, you’re not only putting all the credit card information in, but that CVV code on the back; we always happily enter that when we’re purchasing on the internet as well, so that makes it even more valuable. There have been some examples of very large retailers that have gotten hit, but we’re seeing most of them really happening to small and medium, and they’re less likely to get detected. They may not get as many credit cards in a day, but they could stay there a very long time.
CF: Is it difficult for organizations to protect themselves from formjacking? They would first have to detect that it’s happening and then get rid of it, or maybe there’s a preemptive way to stop it?
KH: There [are] a couple of things working against them. First of all, it doesn’t take a lot of lines of code, and if the bad guy can get onto your website via a vulnerability or bad password management, it’s easy enough for them to insert those couple lines of code and hide it on the site. They also have, in some cases, taken advantage of third-party software. A lot of sites are not creating all the software themselves; they’re licensing different parts of that, maybe a chat program or survey, so those websites are not being written from scratch by the retailer. There [are] various third parties feeding it, and if you get into one of the third parties where the malware gets installed along with the app, the website owner’s probably …