Formjacking 101: The Complete Guide
With over 4,800 unique websites compromised on average every month, formjacking is a simple and effective type of cyber attack that somewhat slips under the radar compared to ransomware or other cyber attacks that attract news coverage.
In an eCommerce market expected to reach $7.3 trillion by 2025, customers continue to purchase products online in their droves in addition to paying for subscription services. Taking advantage of this, threat actors are deploying tactics to steal credit card details from unknowing customers while they shop online.
What is formjacking?
Victims enter their card details and complete online transactions as normal. A copy of the card details gets sent to a malicious party without the victim being aware of anything suspicious happening.
For threat actors, each stolen card can earn $45 on the dark web, which quickly adds up to a lucrative payday when you consider that thousands of cards often get stolen during a single breach. For businesses selling products or services online, stolen customer card details can result in reputational, financial, and legal costs, specifically related to regulations like PCI and GDPR. This article provides a step-by-step guide to help your business prevent formjacking attacks.
Formjacking, magecart, and everything in between
Web skimming is an alternative name for formjacking that reflects how these attacks resemble virtual versions of physical card skimming. Instead of a device that captures card details at an ATM, malicious web forms operate as the virtual web skimmers in today’s digital landscape.
Sometimes, media reports on formjacking incidents refer to them as “Magecart attacks.” Magecart is actually a syndicate of threat actors that target retailers with web skimming attacks. This syndicate has previously hit some high-profile victims, including Ticketmaster and British Airways. The group’s name stems from its initial focus on compromising the Magento eCommerce platform as far back as 2016. Magecart threat actors now target many different platforms and sites beyond just Magento.
Recommended Steps to Prevent Formjacking Attacks
Here are some actionable, recommended steps your business can take to protect against the threat of formjacking attacks.
Step 1: Automate penetration tests and vulnerability scans
Current approaches to penetration testing and vulnerability scans are too reactive to prevent formjacking attacks. Many businesses carry out these tests and scans every month or worse still, every six months to one year.
A proactive and preventative approach to penetration testing and vulnerability scanning quickly identifies areas of risks in eCommerce platforms, web applications, or third-party software. You need to find and fix problems before threat actors exploit them in an effort to skim customer card details. To achieve a proactive and preventative approach, software or SaaS solutions that automate much of the work involved in penetration tests or vulnerability scans can prove an invaluable investment.
You don’t need to rely solely on automation, but you do need to incorporate it if you want to get on top of the formjacking threat. A SaaS or software solution can continuously look for vulnerabilities in your client-side eCommerce store, while manual penetration testing can unearth other areas of risk or vulnerabilities.
Step 2: Fix your vulnerabilities as soon as you find them
Up to 83 percent of security operations professionals feel frustrated by alert fatigue. Constantly bombarded with alerts about different risks and threats from multiple tools, security professionals often struggle to prioritize what they need to remediate.
Web app vulnerabilities actively being exploited in the wild represent huge risks for any business that takes payment from customers online. Automating tests and scans brings vulnerabilities to your attention faster, but you still need to fix them promptly. Slow remediation is a deep-seated problem evidenced by the fact that organizations were still becoming victims of the WannaCry ransomware over four years after Microsoft released a patch for it.
Step 3: Rigorously test website updates before launching them on the web
Businesses running eCommerce stores regularly update their websites to add new features, plugins, update products, or change the design. While customers and marketing teams appreciate these changes, threat actors understand that any new update comes with a potential security loophole they can exploit. As stores of private data and places where people fill in forms with their credit card details, websites and web apps are prime targets of cyber attacks.
It’s critical before launching any website update into a production environment that you conduct thorough security testing. This testing can include automated tools and manual processes. Web forms and third-party payment processors should be thoroughly checked for any vulnerabilities introduced by new website updates.
Step 4: Leverage AI to improve your monitoring of behavioral patterns
Artificial intelligence continues to demonstrate its usefulness across a wide spectrum of cybersecurity areas. Of particular benefit in preventing formjacking are machine learning solutions that improve their performance over time in recognizing patterns of user behavior and traffic.
By monitoring your web app and establishing baseline levels of normal and secure activity, machine learning solutions can identify anomalies that indicate data being sent to servers that it shouldn’t be sent to.
Step 5: Block suspicious patterns and apps that may cause damage to your system
AI-powered behavioral monitoring and other behavioral analytics technology provide advanced threat intelligence about what’s happening in your website ecosystem. Just as important is the ability to quickly block suspicious traffic, users, third-party code, or IP addresses quickly before damage is done and data is stolen. The ability to block suspicious patterns and apps quickly starts with a solid incident detection and response process that finds and remediates threats throughout the cyber attack chain.
That’s why it’s important to gain visibility into your website’s blind spots – that is, which applications are connected to it, what data are users accessing, and where is that data being sent to. Mapping these three components for every single website asset will allow you to efficiently eliminate third-party security risks and vulnerabilities.
Step 6: Go beyond scanning your own website
Many successful formjacking attacks are actually supply chain attacks, because they exploit vulnerabilities in third-party code used by a website or web application. Scanning your own site and getting security right is just one part of the equation. You need to go beyond traditional security measures and start to verify the security of all third-party dependencies and components integrated with your site.
There is a real need for greater visibility into third-party risks in client-side web applications. The average eCommerce site uses 40-60 third-party technologies and even many more scripts, and businesses ignore these risks at their peril. A solution that provides ongoing monitoring and tracking of third-party ecosystems is essential for securing modern websites against supply chain attacks.
Start prevention today: discover how vulnerable your site is, for free
The threat of formjacking is not going away any time soon. With high levels of demand for stolen credit card details on the dark web and increasingly unsecured third-party ecosystems on eCommerce websites, threat actors like Magecart will continue to target web forms.
Following the steps outlined above will help your business prevent formjacking. But to take one extra step towards reducing your external attack surface and prevent formjacking attacks, you can start with a free website formjacking vulnerability scan.