Norton by Symantec is warning Kiwis that Magecart, the attack group behind high profile attacks on Ticketmaster and
British Airways is also launching formjacking attacks on other e-commerce sites.
You can read the full blog post here: https://www.symantec.com/blogs/threat-intelligence/formjacking-attacks-retailers.
What? Norton, powered by Symantec, the world’s largest civilian cyber security network, has seen a major uptick in formjacking
attacks recently, with publicly reported attacks on the websites of companies including Ticketmaster and British Airways
and is warning Kiwi consumers to take heed ahead of the Festive purchasing period.
36 percent of blocks occurred in the last week.
What is formjacking? It’s a term we use to describe the use of malicious JavaScript to steal credit card details and other information from
payment forms on the checkout web pages of e-commerce sites. Formjacking is not a new technique, but recent campaigns
are interesting as they are large, sophisticated, and have increased dramatically in the last few weeks.
How does formjacking work? When a customer of an e-commerce site clicks “submit” or its equivalent after entering their details into a website’s
payment form, malicious JavaScript code that has been injected there by the cyber criminals collects all entered
information, such as payment card details and the user’s name and address. This information is then sent to the
attacker’s servers. Attackers can then use this information to perform payment card fraud or sell these details to other
criminals on the dark web.
Why does this matter? This is a significant and sustained campaign, with activity increasing substantially in the past week. According to
Symantec telemetry, since August 13 we have blocked 248,000 attempts at formjacking — almost a quarter of a million
instances. However, more than one third of those blocks (36 percent) occurred during the past week — from September 13
to 20 — indicating that this activity is increasing.