What Is Formjacking and How to Protect Your Passwords Against It?

Formjacking Attacks

Which are the two types of cyberattacks that are most frequently mentioned in the news? The first one that has probably crossed your mind is ransomware, and this is hardly surprising. Quite apart from the fact that it's a common attack, the concept of holding innocent users' files hostage until a ransom is paid is appealing to mainstream outlets trying to sell news. Cryptojacking is also likely on your list. The cryptocurrency craze from a couple of years ago gave cryptojacking a massive boost, and the media is still trying to give people a heads-up.

There is one threat that doesn't receive nearly as much attention as cryptojacking or ransomware, however, which is unfortunate since users should definitely know about it. It's called formjacking, and although this may be the first time you've heard of it, you should bear in mind that it's just as dangerous as any other form of cybercrime.

What is formjacking?

The term "formjacking" is a portmanteau of "online form" and "hijacking". Usually, it's aimed at checkout pages on e-commerce websites where people enter their credit card details or other financial information, but the attack can also be used for stealing usernames and passwords on login forms. One of its main advantages is that it's difficult to detect. Regular users have no way of knowing that their financial or login data is going into the hands of cybercriminals, and the owner of the website that inadvertently facilitates the attack often remains none the wiser as well.

In most cases, hackers exploit a vulnerability or use stolen credentials from a website administrator in order to inject malicious code on the targeted online form. The code scrapes personal data, login credentials, and credit card information and sends everything it's stolen to a server controlled by the attackers. At the same time, however, it ensures that the page works as intended and any login attempts and payments go through without a hitch. This way, both the users and the website administrator are less likely to suspect anything.

Is formjacking common?

It's more common than you might think. Researchers from F5 Labs recently took a large set of data breach reports and examined them in an attempt to identify and learn more about the newest trends in the cybercrime world. It turned out that more than 70% of the web-based attacks they analyzed were carried out with the help of formjacking.

The researchers investigated a total of 80 formjacking attacks, and they figured out that the number of compromised cards during them sits at a hair under 1.4 million. These figures go to show that we're talking about a real threat that does real damage and affects quite a lot of people.

Why do cybercriminals love formjacking?

As you can see, it is an efficient way of stealing sensitive data. Not a whole lot of time and effort is required to pull it off, and as F5 Labs' experts explained in their report, the increasingly de-centralized web makes the attackers' job even easier.

In the past, a website or a web application used to be a single thing hosted on a single server and created and maintained by a single team of developers. This is no longer the case. Most modern websites use multiple technological solutions that are maintained by many different providers and are hosted all around the world. On the one hand, this increases the attack surface. On the other, it gives hackers the chance to hit many birds with a single stone.

Instead of hacking the login forms or payment pages of individual websites, the crooks can target the companies that provide this type of service. That way, a single successful attack can affect hundreds of websites and, potentially, millions of users.

How to fight formjacking?

There is one more advantage to formjacking that hackers love – there's not much you can do about it. As we mentioned already, for most users, this type of attack is completely invisible, and for a variety of different reasons, website operators and third-party service providers are sometimes unable or unwilling to take the necessary precautions in order to ensure that attackers can't tamper with their code.

Hopefully, vendors will soon make some real progress in that aspect. Until then, you need to keep a close eye on your online and bank accounts and act quickly if you spot something suspicious. Create strong, unique passwords for all the websites you're using and use multi-factor authentication wherever possible. This could very well be enough to protect you from a formjacking attack.

August 16, 2019

Leave a Reply