You fill in a form to buy something nice, and then all of a sudden, you lose some money. Not just the money you expected, but a whole lot more. What just happened?
For years, we’ve been told that if you saw a security lock on a website, that your connection with that particular place would be okay, and that it was secure. With a secure link, sending your details to a website like when you’re buying something is the way to do it, but what if a security exploit found a way around that?
The makers of Norton’s security program, Symantec, has recently released a report citing that a type of hack is attempting to make that trust a little more difficult, and the new approaches to this type hack are proving very interesting, as hacking groups target large companies.
It’s called “formjacking”, and much like how a carjack has a criminal steal a car, formjacking is when a criminal takes over a form.
You might be on a totally legitimate website, ready to click purchase, and if it has been formjacked, a criminal has actually injected a piece of JavaScript code that collects your data, sending it to servers to be used or sold to the highest bidder.
In fact,since August 13, Symantec says that formjacking efforts have ramped up, with Symantec’s security platforms detecting the JavaScript intrusion and blocking almost a quarter of a million, though the company says formjacking is on the increase.
“Formjacking is quite a common form of a malicious attack and Norton by Symantec saw an incredible increase in activity in the past month,” said Nick Savvides, Chief Technology Officer for Norton by Symantec in the Asia-Pacific region.
Savvides told Pickr that formjacking could take place on mobiles, tablets, and devices capable of accessing the internet, and just needed a web browser, saying that “if the device can access the web, then Australians can fall victim to formjacking”.
In fact, the attacks thus far have been pretty aggressive. British Airways and electronics retailer Newegg have been compromised slightly in the past, with a small hack using formjacking to capture details, with British Airways saying the hack impacted 380,000 passengers. The hackers even made its spoofs look like proper secure sites, so when people saw the security lock, they just entered data all the same.
It’s an attack that had affected Ticketmaster, possibly for up to a year, and it’s one that uses what’s called a “supply chain attack” to modify the code on the payment page. Essentially, everything else about the website you might be buying from is legit, except for the code finalising the orders. In formjacking, that final page where your details are entered is where the hack is occurring, and it’s something that can affect any website that processes payment information.
Symantec advises that businesses worried about issues like these will want to monitor activity on the site and block suspicious activity, with the warning that they should test new updates in small environments first.
But businesses will need to be better to capture hacks on their servers, there are options consumers can take on board to make sure they stay on guard against it, with a security product being key.
Savvides suggested that people could “run a JavaScript-aware advanced endpoint protection product, like Norton Internet Security” to look out for these malicious scripts, meaning buying anything online might be something best handled through a device that has security.
Despite this, we suspect most people won’t stop using their phones and tablet to make online purchases, and ultimately, the responsibility on this one will be with the website owners, so if you run a website online and you’re concerned, you may want to consider working with a platform that locks the security efforts down for you to at least ensure that these systems are taken care of.
