Formjacking

From HandWiki

Formjacking or web skimming is an attack where the attacker injects malicious code into a website and extracts data from an HTML form that the user has filled in. That data is then submitted to a server under control of the attacker.[1][2]

Mitigation

Subresource Integrity or a Content Security Policy can be used to protect against formjacking, although this does not protect against supply chain attacks. A web application firewall can also be used.[2][3]

Prevalence

A report in 2016 suggested as many as 6,000 e-commerce sites may have been compromised via this class of attack.[4] In 2018, British Airways had 380,000 card details stolen in via this class of attack.[5] A similar attack affected Ticketmaster the same year with 40,000 customers affected[6] by maliciously injected code on payment pages.

Magecart

Magecart is software used by a range[7] of hacking groups for injecting malicious code into ecommerce sites to steal payment details.[8] As well as targeted attacks such as on Newegg,[9] it's been used in combination with commodity Magento extension attacks.[10] The 'Shopper Approved' ecommerce toolkit utilised on hundreds of ecommerce sites was also compromised by Magecart[11] as was the conspiracy site InfoWars.[12]

References

  1. Reddy, Niranjan (2019). Practical Cyber Forensics : an Incident-Based Approach to Forensic Investigations. Berkeley, CA. ISBN 1-4842-4460-5. OCLC 1110377452. https://www.worldcat.org/oclc/1110377452. 
  2. 2.0 2.1 "You Need to Protect Your Website Against Formjacking Right Now" (in en). https://www.pcmag.com/news/you-need-to-protect-your-website-against-formjacking-right-now. 
  3. Wueest, Candid. "Internet Security Threat Report - Formjacking: How Malicious JavaScript Code is Stealing User Data from Thousands of Websites Each Month". https://docs.broadcom.com/doc/istr-formjacking-deep-dive-en. 
  4. Ismail, Nick (13 October 2016). "Stowaways: malicious skimming code hiding in almost 6,000 online shops". https://www.information-age.com/online-skimming-card-fraud-123462661/. Retrieved 9 December 2018. 
  5. Whittaker, Zack (11 September 2018). "British Airways breach caused by credit card skimming malware, researchers say". https://techcrunch.com/2018/09/11/british-airways-breach-caused-by-credit-card-skimming-malware-researchers-say/. Retrieved 9 December 2018. 
  6. Priday, Richard (28 June 2018). "The Ticketmaster hack is a perfect storm of bad IT and bad comms". https://www.wired.co.uk/article/ticketmaster-data-breach-monzo-inbenta. Retrieved 9 December 2018. 
  7. Whittaker, Zack (13 November 2018). "Meet the Magecart hackers, a persistent credit card skimmer group of groups you’ve never heard of". https://techcrunch.com/2018/11/13/magecart-hackers-persistent-credit-card-skimmer-groups/. Retrieved 9 December 2018. 
  8. Muncaster, Phil (1 October 2018). "Magecart: Time to Focus on Web Security to Mitigate Digital Skimming Risk". https://blog.nasstar.com/magecart-time-to-focus-on-web-security-to-mitigate-digital-skimming-risk/. Retrieved 9 December 2018. 
  9. Osborne, Charlie (19 September 2018). "Magecart claims another victim in Newegg merchant data theft". https://www.zdnet.com/article/magecart-claims-another-victim-in-newegg-merchant-data-theft/. Retrieved 9 December 2018. 
  10. Cimpanu, Catalin (23 October 2018). "Magecart group leverages zero-days in 20 Magento extensions". https://www.zdnet.com/article/magecart-group-leverages-zero-days-in-20-magento-extensions/. Retrieved 9 December 2018. 
  11. Leyden, John (9 October 2018). "Payment-card-skimming Magecart strikes again: Zero out of five for infecting e-retail sites". https://www.theregister.co.uk/2018/10/09/magecart_payment_card_malware/. Retrieved 9 December 2018. 
  12. Blake, Andrew (14 November 2018). "Alex Jones' Infowars store infected with malware capable of skimming payment data". https://www.washingtontimes.com/news/2018/nov/14/alex-jones-infowars-store-infected-malware-capable/. Retrieved 9 December 2018. 




Retrieved from "https://handwiki.org/wiki/index.php?title=Formjacking&oldid=3370775"