Faced with diminishing returns from ransomware and cryptojacking, cyber criminals are doubling down on alternative methods, such as formjacking, to make money according to Symantec’s Internet Security Threat Report (ISTR)
“Formjacking is the new get rich quick scheme for cyber criminals,” said, Victor Law, chief operating officer, Enterprise Security, Greater China Region at Symantec, when the report was released last week.
He said: “These attacks are simple – essentially virtual ATM skimming – where cyber criminals inject malicious code into retailers’ websites to steal shoppers’ payment card details. On average, more than 4,800 unique websites are compromised with formjacking code every month.”
Symantec blocked more than 3.7 million formjacking attacks on endpoints in 2018, with nearly a third of all detections occurring during the busiest online shopping period of the year – November and December.
While a number of well-known companies such as Ticketmaster and British Airways were compromised with formjacking code in recent months, the research reveals small and medium-size retailers are, by and large, the most widely compromised.
By conservative estimates, cyber criminals may have collected tens of millions of dollars last year, stealing consumers’ financial and personal information through credit card fraud and sales on the dark web.
“Just 10 credit cards stolen from each compromised website could result in a yield of up to US$2.2M each month, with a single credit card fetching up to US$45 in the underground selling forums. With more than 380,000 credit cards stolen, the British Airways attack alone may have allowed criminals to net more than US$17 million,” Law said.
He added: “Consumers have no way to know if they are visiting an infected online retailer without using a comprehensive security solution, leaving their valuable personal and financial information vulnerable to potentially devastating identity theft. For enterprises, the skyrocketing increase in formjacking reflects the growing risk of supply chain attacks, not to mention the reputational and liability risks businesses face when compromised.”
Furthermore, the ISTR said 2018 brought drop-offs in activity and diminishing returns, primarily due to declining cryptocurrency values and increasing adoption of cloud and mobile computing, rendering attacks less effective.
For the first time since 2013, ransomware infections declined, dropping by 20%.
“Nevertheless, enterprises should not let their guard down – enterprise ransomware infections jumped by 12% in 2018, bucking the overall downward trend and demonstrating ransomware’s ongoing threat to organizations. In fact, more than eight in ten ransomware infections impact organizations,” Law said.
In recent years, ransomware and cryptojacking, where cyber criminals harness stolen processing power and cloud CPU usage from consumers and enterprises to mine cryptocurrency, were the go-to methods for cyber criminals looking to make easy money.
Although cryptojacking activity peaked early last year, cryptojacking activity declined by 52% throughout the course of 2018.
Even with cryptocurrency values dropping by 90% and significantly reducing profitability, cryptojacking nonetheless continues to hold appeal with attackers due to the low barrier of entry, minimal overhead, and anonymity it offers.
Symantec blocked 3.5 million cryptojacking events on endpoints in December 2018 alone.
Cloud Is the New PC when it comes to cybersecurity
“A single misconfigured cloud workload or storage instance could cost a company millions of dollars or land it in a compliance nightmare,” Law said. “In the past year alone, more than 70 million records were stolen or leaked from poorly configured S3 buckets.”
He said: “There are also numerous, easily-accessible tools that allow attackers to identify misconfigured cloud resources on the internet.”
The recent discoveries of hardware chip vulnerabilities, including Meltdown, Spectre, and Foreshadow also place cloud services at risk of being exploited to gain access to the protected memory spaces of other companies’ resources hosted on the same physical server.