During the past few years, we’ve seen alarming instances of nation states using cyber intrusions to sow political discord, infect infrastructure, and steal military, government and enterprise secrets. As we grapple with the escalation and ramifications of global activity across this virtual battlefield, it’s important to remember one persistent reality: many cyber criminals are just in the game to make a buck.

One splashy way to cash in online, of course, is to use ransomware to encrypt and hold it hostage until the victims pay you off. As noted in a recent post, however, although ransomware remains a major threat, Symantec actually tracked an overall decline in this form of during 2018 in their annual ISTR report.

Meanwhile, a different money-making exploit showed a significant uptick last year. Formjacking, while by design less attention grabbing than ransomware, is becoming a pervasive form of money-making attack.

Formjacking is the name Symantec uses to label a cyber attack often called web skimming. In essence, this type of attack is a cyber variant of physical credit card skimming devices, which thieves insert in card readers at sites ranging from ATM machines to gas station pumps. When a customer inserts his or her card, the skimming device captures the sensitive information it contains.

In the formjacking instantiation of this technique, cyber thieves use different methods to infect eCommerce websites with malicious JavaScript code. When consumers load, fill out and submit a check-out form from an infected website, a copy of the payment form data, including credit card details, is sent to the attackers’ servers.



Source link

No tags for this post.

LEAVE A REPLY

Please enter your comment!
Please enter your name here