Formjacking is the new cyberthreat, says Symantec report

By Espie Angelica A. de Leon

From cryptojacking to formjacking, global cyberthreat attacks have evolved in the last few years with cybercriminals now turning to an alternative method to cash in quick on stolen data.


Symantec vice president for sales engineering for Asia Pacific and Japan Sherif El-Nabawi

Formjacking, the new technique resorted to by criminals, involves injecting malicious code into retail websites to acquire shoppers’ personal and financial data.

Every month, an average of over 4,800 unique websites around the world are penetrated into by cybercriminals via formjacking.

This information is one of the key findings of the Internet Security Threat Report for 2018 by cybersecurity giant Symantec. The report was presented to the media on March 13 at the Holiday Inn Hotel in Makati City.

Cybercriminals are now leaning more toward formjacking, owing to the diminishing returns offered by two other popular methods — cryptojacking and ransomware.

In 2018, cryptojacking and ransomware activities decreased globally, the former falling by 52% and the latter by 20 percent since 2013. 

According to Sherif El-Nabawi, vice president for sales engineering for Asia Pacific and Japan at Symantec, this could be mostly due to the almost 90% drop in cryptocurrency prices.

Formjacking, in comparison, may have spurred huge amounts of cash to flow into the hands of cybercriminals last year who took to the dark web for card fraud and sales. In such forums, stolen credit cards  from each website can sell for up to $2.2 million every month.

While established retail online payment sites like Ticketmaster and British Airways had been compromised, which resulted in over 380,000 stolen credit cards from the latter, Symantec’s report revealed that small and medium-sized businesses were the most affected.

Of the more than 3.7 million formjacking attacks on endpoints stopped by Symantec in 2018, nearly a third took place between November to December when online shopping reaches its peak.

But while cryptojacking and ransomware attacks generally dropped in 2018, enterprise ransomware in particular increased by 12 percent. Ransomware is now also affecting more enterprises than individuals. The number of attack groups using destructive malware likewise jumped by 25%.

Meanwhile, cybercriminals continued to rely on cryptojacking as reflected in the 3.5 million incidents on endpoints blocked by Symantec in December 2018.

The Symantec Report also indicated that last year, one in every 10 URLs analyzed by the company was found to be malicious.

Moreover, more than 70 million records were stolen or leaked from the cloud via misconfigured S3 buckets. Many of these incidents involved big companies.

Supply chain and living off the land (LotL) attacks are also now taking permanent positions in the global threat scenario. Supply chain activities grew by 78 percent in 2018 while the use of malicious PowerShell scripts, an LotL technique, swelled by 1,000 percent. In 2017 when office files took up a mere 5 percent share of the total number of malicious email attachments, they grabbed a 45 percent slice of the pie in 2018.

As for IoT attacks, 2018 figures are consistent with those for 2017. But while routers and cameras accounted for 90 percent of affected devices in 2018, every device was proven to be prone to attacks including smart light bulbs and voice assistants.

The VPNFilter router malware in particular is now creating a trend in the IoT threat landscape, according to the report. Aside from stealing data, this type of malware can destroy a device and capture SCADA communications.

The Symantec Report further revealed that smartphones are now being targeted intensely by cybercriminals with their all-in-one capability that includes cameras, location tracking, and listening features. Mobile app developers were found to be among the leading offenders.

“2018 was the year that the world realized the importance of privacy, not only because of GDPR,” said El-Nabawi. “People started realizing that your phone device is by far the largest spying device ever made.”

In addition, cybercriminals were found to be widening their range of targets, with more attack groups zeroing in  on operational systems including those that monitor and control satellites.

In the Philippines, the cyber threat picture for 2018 saw an increase in web attacks, spam, cryptomining, and malware incidents.

Comment on this post