Managed.IT - issue 53

16 MANAGED.IT SECURITY 01732 759725 Most e-commerce and content management systems offer extensions and customisable plug-ins that businesses can use to tailor standardised platforms to their needs and to those of their customers. While useful, third party extensions to websites, if unsecure, are vulnerable to a growing threat known as formjacking, through which malicious actors skim off credit card details and other data that they can sell on the dark web. The code used to undertake formjacking is designed to keep a low profile, enabling it to avoid detection and steal data over a prolonged period without anyone knowing. Ecommerce sites are often targeted because the data that can be collected has significant resale value – around $45 for a complete Symantec’s latest Internet Security Threat Report (ISTR) , based on data from its Global Intelligence Network, which records events from 123 million attack sensors in more than 157 countries, states that every month more than 4,800 unique websites are compromised with formjacking code that steals shoppers’ payment card details. Growth in formjacking has coincided with reduced ransomware set of fresh credit card details. As well as targeting individual organisations, malicious actors are generating substantial returns by going after extensions and plug-ins used by hundreds or thousands of different web pages. Formjacking’s growing frequency and diversity highlight how threat actors are continuously upgrading their malicious code and deploying new delivery mechanisms to infect more users and make an attack harder to identify, for instance by cleaning browser debugger console messages. The recent big spike in reported attacks suggests this vulnerability is not being effectively addressed by extension developers, too many of which do not regard security as a priority in the development cycle and are reluctant to share information about vulnerabilities or engage on the topic in any concerted manner. Concern over formjacking is currently focused on e-commerce activity (infections down 20%) and cryptojacking activity, in which cyber criminals harness stolen processing power and cloud CPU usage from consumers and enterprises to mine cryptocurrency (infections down 52%). This, says Symantec, is primarily due to declining cryptocurrency values and increased adoption of cloud and mobile computing, which have rendered attacks less effective. That said, the report does warn that the same security mistakes that were made on PCs during their initial adoption by enterprises are now occurring in the cloud, with more than 70 million records stolen or leaked from poorly configured S3 buckets in the last year alone. and the theft of credit card details, but it’s worth remembering that formjacking can target any type of data entered on a form via the web, including log-in information and employee details. We know that nearly nine in ten organisations are currently undertaking some type of cloud- based digital transformation project (source: IDC) and, as they progress in their digital transformation strategies, they are increasingly developing apps via infrastructure- as-a-service (IaaS). This makes them vulnerable to formjacking attacks, which can prey on any type of web-based data collection. Formjacking is the latest proof that traditional on-premise security approaches do not cover the myriad attack surfaces of a cloud-enabled enterprise. Paolo Passeri is Cyber Intelligence Principal at smart cloud security company Netskope. www.netskope.com There are numerous tools that allow attackers to identify misconfigured cloud resources on the internet, while hardware chip vulnerabilities like Meltdown, Spectre and Foreshadow put cloud services at risk of being exploited to gain access to the protected memory spaces of other companies’ resources hosted on the same physical server. The report also warns about the risks to privacy posed by smartphones, which Symantec describes as “arguably the greatest spying device ever created – a camera, a listening device and location tracker all in one that is willingly carried and used wherever its owner goes”. go.symantec.com/ISTR Paolo Passeri, Cyber Intelligence Principal at Netskope, comments on the growing problem of formjacking In the face of diminishing returns from ransomware and cryptojacking, cyber criminals are switching to alternative money-making methods, such as formjacking, warns Symantec Formjacking highlights wider problem Formjacking on the rise as ransomware declines Last summer’s attack on BA, which affected 380,000 customers, brought formjacking to the attention of the wider public ISTR InternetSecurityThreatReport Volume24 |February2019