What is Formjacking?

Formjacking is a cyberattackWhat is a Cyberattack? A cyberattack is a deliberate and malicious attempt to exploit vulnerabilities in computer systems, networks, or software applications to cause damage, steal information, disrupt services, or… More where malicious actors inject harmful JavaScript code into online forms on legitimate websites to steal sensitive user information. Once stolen, the data, which includes personal identification details, payment card numbers, and other confidential information, is transmitted to the attacker’s server upon form submission.

How Formjacking Works

1. Exploiting Vulnerabilities: Bad actors identify and exploit security weaknesses in a website’s infrastructure, such as outdated Content ManagementWhat is Content Management? Content management is the process of creating, storing, accessing, governing, retrieving, and refining the information that companies want to present to their customers. Because brands are… More Systems (CMS), vulnerable plugins, or unsecured third-party integrations.
2. Injecting Malicious Code: Once access is gained, attackers insert malicious JavaScript code into the website’s form pages. This code is designed to capture user inputs during form submissions.
3. Data ExfiltrationWhat is Exfiltration?Exfiltration is the unauthorized transfer of data from a computer or network by an attacker or other entity. In a cybercrime scenario, exfiltration is typically the final stage… More: As users enter information into the compromised forms, the malicious code captures the data and transmits it to the threat actor’s remote server, often without affecting the form’s expected functionality, making the breach difficult to detect.

Common Targets of Formjacking

Formjacking primarily targets industries that process online transactions and collect personal information, including:

• Financial Services: Banks and financial entities collect large volumes of sensitive data, making them compelling targets.
• E-commerce: Online retailers are popular targets due to the high volume of payment information processed.
• Healthcare: Medical firms are targeted by attackers because they handle privileged personal health information, which is highly valuable to criminals.
• Hospitality: All hotels and travel agencies process payment details and personal information, making them attractive targets.
• Media and Entertainment: Subscription services collect user data that can be exploited for profit.

Additionally, cryptocurrency and blockchain platforms have seen an increase in formjacking attacks.

Infamous Formjacking Incidents:

• British Airways (2018): Attackers gained a foothold on a British Airways network account assigned to a Swissport cargo-handling employee and used it to inject card-skimming malwareWhat is Malware? Malware, a portmanteau of “malicious software,” constitutes a broad category of software specifically designed to infiltrate, damage, or disrupt computer systems, networks, and devices without the user’s… More into the airline’s payment page. They compromised the personal and payment information of approximately 380,000 customers.
• Ticketmaster (2018): A formjacking attack that saw malefactors compromise a customer support chatbot from tech firm Inbenta and use it to inject malicious JavaScript code into Ticketmaster’s website. This led to the theft of payment information from thousands of customers due to compromised third-party software.

Detecting and Preventing Formjacking

Businesses can implement several tools and procedures to prevent formjacking. These include:

Regular Software Updates: Ensure all website components, including CMS platforms, plugins, and third-party integrations, are regularly updated to mitigate known vulnerabilities and protect against newly discovered threats.

Content Security Policy (CSP): Implement strict CSP headers to control which scripts can execute on web pages. By restricting sources of executable content, you can limit the risk of unauthorized code injection.

Subresource Integrity (SRI): Use SRI to verify that resources fetched from third-party sources, such as JavaScript libraries and stylesheets, have not been altered or compromised before being loaded by the browser.

Web Application Firewalls (WAF): Deploy WAFs to actively monitor, analyze, and filter incoming traffic, blocking malicious activities such as formjacking attempts, SQL injection, and cross-site scripting (XSS)What is Cross-Site Scripting?  Cross-site scripting (XSS) is a vulnerability that enables threat actors to inject malicious scripts into web pages. These scripts can execute within the victim’s browser, which could… More attacks.

Regular Security Audits: Conduct thorough security assessments at regular intervals to detect vulnerabilities, identify suspicious changes in website scripts, and maintain compliance with security best practices.

User Education: Educate users on the dangers of formjacking, encouraging them to be vigilant when entering sensitive data online. Also, advise them to regularly scrutinize their financial statements for any unauthorized or unusual transactions.

A Growing Scourge

Formjacking is a growing and significant scourge, exploiting the trust that is so critical between consumers and the websites they depend on. By understanding how it works and its mechanisms and by implementing robust security measures, entities can protect themselves and their customers from these covert attacks.

For more cybersecurity information and cybersecurity marketing tips, check out our blog page here.