During the past few years, we’ve seen alarming instances of nation states using cyber intrusions to sow political discord, infect critical infrastructure, and steal military, government and enterprise secrets. As we grapple with the escalation and ramifications of global activity across this virtual battlefield, it’s important to remember one persistent reality: many cyber criminals are just in the game to make a buck.
One splashy way to cash in online, of course, is to use ransomware to encrypt data and hold it hostage until the victims pay you off. As noted in a recent post, however, although ransomware remains a major threat, Symantec actually tracked an overall decline in this form of attack during 2018 in their annual ISTR report.
Meanwhile, a different money-making exploit showed a significant uptick last year. Formjacking, while by design less attention grabbing than ransomware, is becoming a pervasive form of money-making attack.
Formjacking is the name Symantec uses to label a cyber attack often called web skimming. In essence, this type of attack is a cyber variant of physical credit card skimming devices, which thieves insert in card readers at sites ranging from ATM machines to gas station pumps. When a customer inserts his or her card, the skimming device captures the sensitive information it contains.