HOME > BLOGS > CYBERCRIME

Formjacking Attacks – How Attackers are Stealing Payment Card Details


Formjacking Attacks – How Attackers are Stealing Payment Card Details


Share now!
Formjacking Attacks - How Attackers are Stealing Payment Card Details

Online retailers face a massive challenge at present to stay afloat amidst the ever-increasing choices available for customers. As if that was not enough, they are now reeling under the problems unleashed by ‘formjacking attacks’! Formjacking attacks are the newest weapons of choice for hackers that are mostly targeted at online retailers. So what is formjacking? What are the various formjacking techniques? How to prevent formjacking attacks? Get all the answers here.

What is Formjacking?

Formjacking attacks are cyber attacks that involve stealing of financial details by using a malicious JavaScript code. The malicious code extracts personal data from the check-out page of the site and sends it to the attacker’s servers. And, which are the online platforms that deal with colossal volumes of financial data? The answer is simple! Online retailing sites, or what is commonly known as e-commerce sites!

Formjacking attacks target nearly 4,800 websites every month on an average!

Formjacking attacks, though not a new technique for hackers, have witnessed a significant increase since August 2018. Among the most notable attacks in the current times are those on British Airways, Newegg, Feedify, and Ticketmaster by a notorious hacker group called Magecart.

How Do Formjacking Techniques Work?

Formjacking is a serious nuisance especially in the current age when e-commerce is booming. Formjacking techniques leverage a malicious JavaScript code. It reads data when a customer selects ‘Submit’ or the like after entering his/her details on the website’s payment form. This enables hackers to extract sensitive data such as payment card details and personal information entered in the form.

Formjacking techniques are similar to card skimmers used in executing payment card frauds by reading the card details. Just that in this case, the JavaScript code acts as the skimmer that extracts financial details from the website.

What Do Cyber Criminals Do with the Stolen Data?

Cyber conmen can misuse the payment card details to make purchases – legal or illegal, or sell this information to other cyber criminals on the dark net.

In fact, cyber criminals can make up to $2.2 million per month by trading the details of just 10 payments cards per website! The formjacking attack on British Airways compromised the details of nearly 380,000 payment cards. This means that the cyber criminals involved may have made a profit of over $17 million!

Does Your Website Stand a Chance of a Compromise?

Formjacking techniques are easier to deploy through a mode called supply chain attack. Wondering what are supply chain attacks? Well, contrary to what it may sound, it is not an attack on a supply chain. Also known as third-party attacks or value-chain attacks, supply chain attacks are common when a third-party has access to your organization’s data. This form of attack involves the infiltration into your organization’s systems through a third-party having access to your data/systems.

So, if you engage third-parties into your business, which is quite a common occurrence, tread cautiously! As a matter of fact, attackers carried out the Ticketmaster formjacking attack using a supply chain attack technique. By gaining access to the website, Magecart attackers injected the code into their payment page.

Remember that you stand the chance of an attack if businesses with access to your network do not have robust cyber security strategies themselves!

Magecart – One of the Most Notorious Hacker Groups in the World

The hacker world is presently dominated by the achievements and proficiencies of the attack group – Magecart. They are notorious and infamous for the latest formjacking attacks on Ticketmaster, British Airways, Newegg and Feedify.

Active since 2005, the group’s core skill lies in embedding web-based card skimmers into websites that extract payment card data and other confidential data from online payment forms.

The Story Behind the Most High-Profile Formjacking Attacks

Attackers are more becoming more and more proficient in effecting formjacking attacks through third-parties linked to the target website.

Take, for instance, the Ticketmaster breach. Megacart attackers first targeted Ticketmaster’s chatbot service provider. Tech firm, Inbenta, managed the chatbot services for customer support on Ticketmaster’s website. Following the compromise of the chatbot, the attackers then altered the JavaScript code on Ticketmaster’s website enabling the capture of users’ payment card details and transmission to their servers.

The attack on British Airways is also one of the most high-profile formjacking attacks in recent times. The attack compromised the confidential details of nearly 380,000 passengers and was well masked by Megacart attackers to avoid detection. One of the techniques in use was to purchase SSL certificates and set up spoofed web domains to give a genuine impression of the company.

How Can You Protect Your Website from Formjacking Attacks?

Formjacking attacks are quite tricky to identify. Often, the victim may not even be aware of the website compromise as it continues to work normally. Therefore, having cognizance of such attacks and robust cyber security measures can help in keeping formjacking attacks at bay.

Here are some tips on how to prevent formjacking attacks.

1. Maintain Maximum Privacy When Developing or Making Changes to Your Website

Make sure that you develop the codes for your website and web applications in the most private and secure environment. Try using small test environments to test new software updates.

2. Scan Your Website Regularly for Vulnerabilities

Deploy ‘white hat hacker’ teams and/or robust vulnerability services to scan your website regularly and identify loopholes and suspicious codes. Conduct website and network penetration tests at regular intervals to keep bad actors from gaining access to your websites.

3. Ensure That Your Third-Parties Use Robust Cyber Security Measures

As stated in the preceding sections, having a sound cyber security for your organization is not adequate. You also need to ensure that third-parties having access to your website and business-critical information are equally protected.

4. Monitor Outbound Traffic

It is also a good measure to monitor your website’s outbound traffic using strong firewalls and other security measures. It will keep you apprised if the traffic is channelized in a direction that appears suspicious.

Unfortunately, formjacking attackers are getting proficient and sophisticated by the day. They are now able to pull off such attacks with greater finesse as they also inject a secondary code that looks out for debugger tools on the website. This means that they know how to watch out for those cops while doing the burglary!

Incognito Forensic Foundation (IFF Lab) – A Step Ahead in Keeping the Nation Cyber Safe

Incognito Forensic Foundation or IFF Lab is a private digital and cyber forensics laboratory in Bangalore. Its state-of-the-art digital forensics lab houses advanced digital and cyber forensics tools and equipment. Additionally, its repertoire of the best-in-class forensics experts and cyber security professionals enables IFF Lab to stay a step ahead of the other players in this domain.

IFF Lab offers a multitude of cyber and digital forensics services such as fraud investigations, risk assessment, data protection, and information security etc. It also offers training to law enforcement agencies, educational institutions, and corporate on various cyber security measures.

Contact IFF Lab for Cybersecurity Assistance and Consultation.