Formjacking: The Latest Evolving Scam

Symantec’s 2019 Internet Security Threat Report takes a deep dive into insights from the world’s largest civilian global intelligence network, revealing that Formjacking attacks skyrocketed, with an average of 4,800 websites compromised each month.

With this attack, which is essentially a virtual ATM skimming, cybercriminals inject malicious code into the websites of retailers to steal customers’ payment card details.

The most high-profile formjacking attacks were against British Airways and Ticketmaster, but according to Symantec, cyber criminals who used this technique also got a huge chunk of their illicit earnings from smaller online retailers who accept payments from their customers via online portals.

The company said that more than 4,800 websites are hit with formjacking code each month. Symantec said it blocked more than 3.7 million formjacking attacks on endpoints last year, with close to a third of all detections happening during the holiday shopping period, which takes place from November to December.

The company noted that a number of well-known online retailers’ payment websites were compromised by formjacking code in the past few months, but small and medium-sized retailers were the most targeted.

“Formjacking represents a serious threat for both businesses and consumers,” said Greg Clark, CEO of Symantec, in a press release highlighting the results of the report. “Consumers have no way to know if they are visiting an infected online retailer without using a comprehensive security solution, leaving their valuable personal and financial information vulnerable to potentially devastating identity theft. For enterprises, the skyrocketing increase in formjacking reflects the growing risk of supply chain attacks, not to mention the reputational and liability risks businesses face when compromised.”

Symantec used its Global Intelligence Network (GIN) which includes over 123 million attack sensors to gather data for its 2019 Internet Security Threat Report, allowing it to analyze roughly 9 petabytes of information recorded at a speed of a few thousand threat events per second. Symantec's GIN is designed to keep a close eye on threat activities impacting more than 300,000 organizations and businesses around the world which use its security solutions to protect endpoints and networks.