Hackers Are Focused On Hijacking Payment Data

Uploaded on 2019-03-08 in TECHNOLOGY--Hackers, FREE TO VIEW

Thousands of websites are being hit by cyber-thieves who implant code to scoop up payment card numbers, research suggests. Security giant Symantec found more than 4,800 websites were being hit by these "form-jacking" attacks every month.

High-profile victims of these attacks include airline BA and Ticketmaster. Online crime groups had turned to the attacks as other more established techniques proved less and less lucrative, Symantec said.

'Attack code'
"It's a sign we're in a world where security is tighter and tighter and it's getting harder to carry out this type of activity," said Orla Cox, director of Symantec's security response unit. Formerly profitable ventures involving ransomware and mining crypto-currencies now made gangs much less money, she said.

Instead, they were now inserting "attack code", either when sites failed to update core software to close loopholes or via insecure third-party apps, such as chat apps, analytics packages or other extras.

"It's a tiny line of code in there and that's enough for attackers to monitor payment card info being entered and they siphon it off," she said. "It’s often not obvious that the website has been compromised.  "To the naked eye everything would look fine."

Make money
Last year, Symantec had stopped more than 3.7 million form-jacking attacks, said Ms Cox, adding that the figure was a measure of the technique's sudden popularity.

"Cyber-criminals are continuing to find new ways to make money," she said. "And when they do, they pile in."

Ransomware was also still widely used, said Ms Cox, but better back-up practices by businesses and home users meant it was harder for criminals to secure a payday. And infections from ransomware had fallen by 20% over the past year. 

"In a lot of cases people are not paying up because it’s got easier for them to get their data back as they often have it in the cloud somewhere," she said.

BBC:              Image: Nick Youngson

You Might Also Read:

Hackers Use PayPal To Go Phishing:

 

« No Easy Button Solution To Cybersecurity’s Skills Shortage
NATO Defense Spending Should Privilege Cyber »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

RedTeam Security

RedTeam Security

RedTeam Security is a provider of Penetration Testing, Social Engineering, Red Teaming and Red Team Training services.

Security Current

Security Current

Security Current's proprietary content and events provide insight, actionable advice and analysis giving executives the latest information to make knowledgeable decisions.

Association of Information Security Professionals (AISP)

Association of Information Security Professionals (AISP)

The Association of Information Security Professionals (AISP) represents the interests of information security professionals in Singapore.

Minerva Labs

Minerva Labs

Minerva’s patent pending solution keeps malware in a constant sleep state before it can infiltrate your network and cause any damage.

Sigma Payment Solutions

Sigma Payment Solutions

Sigma Payment Solutions offers a comprehensive suite of automated payment processing services, solutions, and technology to businesses in the USA.

Advanced Systems International SAC

Advanced Systems International SAC

Advanced Systems international is a global company dedicated to data security software design, development, support, and licensing.

ComCERT

ComCERT

ComCERT SA is an independent, private consulting company focusing in the assistance of its customers facing the dangers of cyber threats and security incidents.

DataTribe

DataTribe

DataTribe is a cyber startup foundry, leveraging deep experience and expertise to build and launch successful product companies.

T-REX

T-REX

T-REX is a coworking space, technology incubator, and entrepreneur resource center for technology startups.

Automox

Automox

Remediate vulnerabilities 30X faster than the industry norm – and dramatically reduce your risk with simple, fast, and cloud-native endpoint hardening from Automox.

Mayhem

Mayhem

Mayhem, by ForAllSecure, is a developer-first application and API security testing solution.

Rampart AI

Rampart AI

Tackling DevSecOps Issues In Application Security. Rampart has revolutionized the shift left security approach, applying zero-trust to application development.

ITButler e-Services

ITButler e-Services

At IT Butler, our mission is crystal clear: we are dedicated to providing top-tier cybersecurity solutions and best-practice methodologies to secure and enhance your digital infrastructure’s resilienc

Tanzania Industrial Research and Development Organization (TIRDO)

Tanzania Industrial Research and Development Organization (TIRDO)

TIRDO is a multi-disciplinary research and development organization.

Synergy Quantum

Synergy Quantum

Synergy Quantum has pioneered a proprietary suite of military-grade, quantum-secure communication technologies.

Krash Consulting

Krash Consulting

Krash Consulting is a premier provider of Cyber Security solutions, offering a range of services to safeguard businesses against cyber-attacks, minimize fraud, and protect brand reputation globally.