Followed by the US and Australia, Indian users were the most exposed to Formjacking attacks, according to a new survey by cybersecurity firm, Symantec, which has blocked over 2.3 million formjacking attacks globally in the second quarter of 2019.
In 2018, American users faced 33% of the total formjacking attacks; however, during the first half of the year 2019, they became the most exposed to these attacks with more than 50% of all the global detections. On the other hand, India with 5.7% of all the global attacks ranks third, as per the Symantec report.
Formjacking, a new dangerous threat in the cyber world, operates by infecting websites via malicious codes; mainly, these are the websites that involve filling out job applications, government forms, and credit card details. Symantec carried out a comprehensive analysis of formjacking attacks in its Internet Security Threat Report (ISTR) which calls attention to the ways users and websites have been affected by this critical cyber threat in 2018-19.
“We expect this formjacking trend to continue and expand further to steal all kinds of data from web forms, not just payment card data. This also means that we are likely to see more software supply chain attacks. Unfortunately, formjacking is showing no signs of disappearing any time soon. Therefore, operators of online stores need to be aware of the risk and protect their online presence,” reads the report.
How ‘Formjacking’ Works?
In order to inject malicious JavaScript code on the website, attackers and cybercriminals modify one of the JavaScript files which get loaded along with the website. Then, the malicious JavaScript code makes alterations in the behavior of the selected web process on the infected website which, as a result, allows hackers to unlawfully acquire credit card data and other sensitive information.
According to the findings of Symantec, the websites which are affected by Formjacking attacks stay under its influence for 46 days. A number of websites have fallen prey to formjacking, with publically reported attacks on the websites of major companies like British Airways, Ticketmaster, Feedify, and Newegg.
Warning the consumers around the globe, Candid Wueest, Principal Threat Researcher at Symantec, said, “Each month we discover thousands of formjacking infected websites, which generate millions of dollars for the cybercriminals," warned Candid Wueest, Principal Threat Researcher at Symantec.
"Consumers often don't notice that they have become a victim to a formjacking attack as it can happen on a trusted online store with the HTTPS padlock intact. Therefore, it is important to have a comprehensive security solution that can protect you against formjacking attacks," He added.
