Threat actors have shown a major uptick in formjacking attacks targeting e-commerce sites with researchers blocking nearly a quarter million attempts since mid-August 2018.
Formjacking is an attack in which malicious JavaScript code designed to steal payment card information along with other data from payment forms is injected into the checkout web pages of e-commerce sites.
First an attacker injects malicious script into the targeted page, then the user loads web page and fills in form to make purchase, when the user submits form to complete purchase data is sent to merchant site and a copy is sent to the attacker.
Although this is not a new technique, researchers noted attacks have increased dramatically with Symantec researchers saying they are blocking an average of 6,368 attempts daily as threat actors like Magecart is target large e-commerce businesses like Ticketmaster, British Airways, and Newegg.
Magecart has been active since at least 2015 and injects web-based card skimmers onto websites to steal payment card data and other sensitive information from online payment forms.
Chris Olson, CEO of The Media Trust says these attacks demonstrate that bad actors continue to find an element of a site that is not set up for checks and that enable threat actors to the inject malicious code to alter the site's behavior.
“There are two main factors that make these attacks possible: first, web apps are being developed without adequate attention to security and privacy, and, second, large companies are not using automated website vulnerability scanners or having white hat hacker teams assess their web app security against these breaches,” Olson said.
Olson went on to say web operators should continuously scan their websites and mobile apps for unauthorized JavaScript code to identify unauthorized actors and code so they can be stopped
“To help counter these malicious campaigns, web operators should work closely with their web app developers on ensuring improperly formatted data is never inserted into the HTML content that comprises the web application”
“According to Symantec telemetry, since August 13 we have blocked 248,000 attempts at formjacking—almost a quarter of a million instances,” researchers said in the post. “However, more than one third of those blocks (36 percent) occurred from September 13 to 20, indicating that this activity is increasing.”