Hackers Are Focused On Hijacking Payment Data

Uploaded on 2019-03-08 in TECHNOLOGY--Hackers, FREE TO VIEW

Thousands of websites are being hit by cyber-thieves who implant code to scoop up payment card numbers, research suggests. Security giant Symantec found more than 4,800 websites were being hit by these "form-jacking" attacks every month.

High-profile victims of these attacks include airline BA and Ticketmaster. Online crime groups had turned to the attacks as other more established techniques proved less and less lucrative, Symantec said.

'Attack code'
"It's a sign we're in a world where security is tighter and tighter and it's getting harder to carry out this type of activity," said Orla Cox, director of Symantec's security response unit. Formerly profitable ventures involving ransomware and mining crypto-currencies now made gangs much less money, she said.

Instead, they were now inserting "attack code", either when sites failed to update core software to close loopholes or via insecure third-party apps, such as chat apps, analytics packages or other extras.

"It's a tiny line of code in there and that's enough for attackers to monitor payment card info being entered and they siphon it off," she said. "It’s often not obvious that the website has been compromised.  "To the naked eye everything would look fine."

Make money
Last year, Symantec had stopped more than 3.7 million form-jacking attacks, said Ms Cox, adding that the figure was a measure of the technique's sudden popularity.

"Cyber-criminals are continuing to find new ways to make money," she said. "And when they do, they pile in."

Ransomware was also still widely used, said Ms Cox, but better back-up practices by businesses and home users meant it was harder for criminals to secure a payday. And infections from ransomware had fallen by 20% over the past year. 

"In a lot of cases people are not paying up because it’s got easier for them to get their data back as they often have it in the cloud somewhere," she said.

BBC:              Image: Nick Youngson

You Might Also Read:

Hackers Use PayPal To Go Phishing:

 

« No Easy Button Solution To Cybersecurity’s Skills Shortage
NATO Defense Spending Should Privilege Cyber »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Hotlava Systems

Hotlava Systems

HotLava network adapters enable today's powerful servers and workstations to deliver more productivity by reducing congestion at the network interface.

CIRCL

CIRCL

CIRCL is the national Computer Incident Response Center of Luxembourg

KFSensor

KFSensor

KFSensor is an advanced 'honeypot' intrusion and insider threat detection system for Windows networks.

Zanasi & Partners

Zanasi & Partners

Zanasi & Partners is a security research and advisory company active in the EU and MENA areas. Services focus on technology solutions.

SCIPP International

SCIPP International

SCIPP’s courses are based on internationally recognized best business practices for security awareness, for both technical and non-technical staff and to comply with regulatory mandates.

Coalition

Coalition

Coalition combines comprehensive insurance and proprietary security tools to help businesses manage and mitigate cyber risk.

Lineal Services

Lineal Services

Lineal supports clients in meeting their digital forensics, cyber security and eDiscovery needs by providing bespoke solutions to complex problems.

Corsha

Corsha

Corsha is on a mission to simplify API security and allow enterprises to embrace modernization, complex deployments, and hybrid environments with confidence.

SterlingRisk Programs

SterlingRisk Programs

SterlingRisk’s Cyber practice brings experience working with a wide array of clients across a broad spectrum of industries.

Drip7

Drip7

Drip7 is a micro-learning platform that is re-inventing the way companies train their employees and build lasting cultural change around the importance of cybersecurity.

Theta432

Theta432

THETA432 is a cybersecurity firm that provides 24/7/365 managed prevention, detection, response, Hybrid SOC, cyber defense monitoring services with dynamically defined defense (3D™).

Zuul IoT

Zuul IoT

Zuul take an asset-centric approach to OT security, enabling security teams to protect the critical IIoT/IoT devices that are at the foundation of critical business functions.

Rhodian Group

Rhodian Group

Rhodian Group (formerly Adar) specialize in providing Technology, Cybersecurity, and Compliance services to the insurance industry.

Eden Data

Eden Data

Eden Data is on a mission to break the outdated mold of traditional cybersecurity consulting. We handle all of your security, compliance & data privacy needs.

Acumenis

Acumenis

At Acumenis, we help organisations of all sizes to manage information security effectively. Our key services are penetration testing, ISO 27001 implementations, and security

Xeliumtech Solutions

Xeliumtech Solutions

Xeliumtech Solutions are a Digital Transformation partner with quality offerings in Mobile App Development, Ecommerce, Devops, RPA, AI, IoT development, Cybersecurity and more.