Hackers Are Focused On Hijacking Payment Data

Uploaded on 2019-03-08 in TECHNOLOGY--Hackers, FREE TO VIEW

Thousands of websites are being hit by cyber-thieves who implant code to scoop up payment card numbers, research suggests. Security giant Symantec found more than 4,800 websites were being hit by these "form-jacking" attacks every month.

High-profile victims of these attacks include airline BA and Ticketmaster. Online crime groups had turned to the attacks as other more established techniques proved less and less lucrative, Symantec said.

'Attack code'
"It's a sign we're in a world where security is tighter and tighter and it's getting harder to carry out this type of activity," said Orla Cox, director of Symantec's security response unit. Formerly profitable ventures involving ransomware and mining crypto-currencies now made gangs much less money, she said.

Instead, they were now inserting "attack code", either when sites failed to update core software to close loopholes or via insecure third-party apps, such as chat apps, analytics packages or other extras.

"It's a tiny line of code in there and that's enough for attackers to monitor payment card info being entered and they siphon it off," she said. "It’s often not obvious that the website has been compromised.  "To the naked eye everything would look fine."

Make money
Last year, Symantec had stopped more than 3.7 million form-jacking attacks, said Ms Cox, adding that the figure was a measure of the technique's sudden popularity.

"Cyber-criminals are continuing to find new ways to make money," she said. "And when they do, they pile in."

Ransomware was also still widely used, said Ms Cox, but better back-up practices by businesses and home users meant it was harder for criminals to secure a payday. And infections from ransomware had fallen by 20% over the past year. 

"In a lot of cases people are not paying up because it’s got easier for them to get their data back as they often have it in the cloud somewhere," she said.

BBC:              Image: Nick Youngson

You Might Also Read:

Hackers Use PayPal To Go Phishing:

 

« No Easy Button Solution To Cybersecurity’s Skills Shortage
NATO Defense Spending Should Privilege Cyber »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Odix

Odix

Odix security software neutralizes file embedded targeted cyber attacks before they enter your organization’s network.

National Defense Industry Association (NDIA) - USA

National Defense Industry Association (NDIA) - USA

The National Defense Industrial Association Cyber Division contributes to US national security by promoting interaction between the cyber defense industry, government and military.

Shadowserver Foundation

Shadowserver Foundation

Shadowserver Foundation aims to improve internet security by raising awareness of compromised servers, malicious attackers and the spread of malware.

NXO France

NXO France

NXO is an independent leader in the integration and management of digital workflows with services covering digital infrastructures, communications & collaboration, and security.

AimBrain

AimBrain

AimBrain tools detect and prevent fraud, faster and more accurately than ever before.

ISMS Accreditation Center (ISMS-AC)

ISMS Accreditation Center (ISMS-AC)

ISMS-AC is the national accreditation body for Japan. The directory of members provides details of organisations offering certification services for ISO 27001.

Norsk Akkreditering

Norsk Akkreditering

Norsk Akkreditering is the national accreditation body for Norway. The directory of members provides details of organisations offering certification services for ISO 27001.

Technology Ireland ICT Skillnet

Technology Ireland ICT Skillnet

Technology Ireland ICT Skillnet is a network of companies who collaborate to address skills needs within the technology sector.

Orchestra Group

Orchestra Group

Orchestra Group offer a unique integrated cybersecurity defense platform with proactive security policy management and enforcement orchestration.

PreEmptive Solutions

PreEmptive Solutions

PreEmptive Protection hit the sweet spot between cost, convenience and functionality by helping you protect and secure your apps in a smarter way.

Verica

Verica

Verica uses chaos engineering to make systems more secure and less vulnerable to costly incidents.

Gilsbar

Gilsbar

For more than half a century, Gilsbar has offered insurance service solutions and support for businesses and their employees.

TrustMe

TrustMe

TrustMe’s integrated platform for business trust and resilience keeps organizations safe, secure, and trustworthy.

Myrror Security

Myrror Security

Myrror Security is a software supply chain security solution that aids lean security teams in safeguarding their software against breaches.

Applied Insight

Applied Insight

Applied Insight work closely with government agencies and industry to overcome technical and cultural hurdles to innovation, empowering them with the latest cloud, data and cyber capabilities.

Bearer

Bearer

Bearer helps modern teams ship trustworthy products with the help of our code security solution built for security, privacy and engineering teams.