A recent survey from cybersecurity firm Symantec revealed that internet users in India were the most exposed to Formjacking attacks after the U.S. and Australia.
In Formjacking attacks, cybercriminals inject malicious JavaScript code into retailers’ websites to steal shoppers’ payment card details. The implanted malicious code alters the behavior of the targeted website to steal payment card data and other sensitive information in the background, without a user’s knowledge. Attackers use the stolen information to perform financial frauds or sell them on the dark web market.
In its survey report, Internet Security Threat Report (ISTR), Symantec stated that nearly 52 percent of all Formjacking attacks targeted users in the U.S. and 8.1 percent of the attacks targeted users in Australia during the first half of 2019. While India is positioned third with 5.7 percent of Formjacking attacks.
Symantec stated that it monitors billions of URLs and blocked an average of 63 million malicious web requests per day in May 2019. The security firm also revealed that it prevented more than 1.1 million formjacking attacks.
“We expect this formjacking trend to continue and expand further to steal all kinds of data from web forms, not just payment card data. This also means that we are likely to see more software supply chain attacks. Unfortunately, formjacking is showing no signs of disappearing any time soon. Therefore, operators of online stores need to be aware of the risk and protect their online presence,” Symantec said in its report.
In its earlier report, Internet Security Threat Report (ISTR), Symantec stated that cybercriminals are doubling down on alternative methods to make money. The ISTR provides an overview of the threat landscape, including insights into global threat activity, cybercriminal trends, and motivations for attackers.
The survey highlighted that more than 4,800 unique websites are compromised with Formjacking code every month globally. Symantec blocked more than 3.7 million Formjacking attacks on endpoints in 2018, with nearly a third of all detections occurring during the busiest online shopping period of the year – November and December. While a number of well-known retailers’ online payment websites, including Ticketmaster and British Airways, were compromised with Formjacking code.
The report analyzes data from Symantec’s Global Intelligence Network, the largest civilian threat intelligence network in the world, which records events from 123 million attack sensors worldwide, blocks 142 million threats daily and monitors threat activities in more than 157 countries.