Formjacking is a type of cyber attack that can be used by an attacker to steal sensitive information that is entered by website users through forms. Most usually this type of attack targets ecommerce sites to obtain payment card details and personal information that are entered by customers; however, Formjacking attacks can target any website which accepts information through web forms. With stolen payment card details commanding an average of $45 each on the black market, a successful Formjacking attack at a reasonably busy ecommerce site can yield significant financial results for the criminals.
There has been a significant rise in the incidence of Formjacking attacks in recent months, with many of the high-profile attacks being attributed to the cyber-criminal gang known as Magecart. Recent victims include Ticketmaster, British Airways and US retailer NewEgg.
How does Formjacking work?
Do you trust your friends?
Because of the success of security standards such as PCI-DSS, ISO 27001 and Cyber Essential Plus, many (if not most) organisations that process sensitive data such as card payments, have taken significant strides to improve their security.
Regular website penetration testing ensures that organisation’s web applications are secure, while network penetration testing ensures that systems and servers are secure. Adoption of information security policies based on recognised standards, such as ISO 27001 and PCI-DSS ensures that organisation’s policies and processes are secure. As a result, cyber-criminals have moved their attention elsewhere and gone looking for the weakest link in the chain. This has given rise to a new wave of attacks against your suppliers and business partners in what is known as supply chain attacks. The logic is simple – if you trust your suppliers enough to bring them (or their code) inside your secure perimeter, then if criminals can inject malicious code into your supplier’s system, the chances are it will be treated as trusted code by your security monitoring and be welcomed with open arms.
The anatomy of a modern web page
How to safeguard against Formjacking attacks
You can protect your own source code from attempts to install malicious Formjacking code by treating your source code with the same care as you do high value client or payment data:
- Secure source code repositories and files against unauthorised access and modification.
- Implement change control measures to validate and authorise all changes.
- Peer review all code changes to ensure the stated reason for change matches the actual changes being made to the code.
- Implement automated file change detection and monitoring for source code repositories and web server folders.
- Use automated source code analysis tools to identify unexpected behaviours in the code.
- Monitor and analyse all browser traffic during testing to ensure no unexpected connections are being made to third party servers.
- Conduct regular penetration testing of your web application or at any time where a significant change has been made to the source code.
If you are using third-party libraries in your webpages, consider these additional steps to protect yourself from supply chain attacks:
- Review the security measures your suppliers have in place for their source code and compare them to your own on a regular basis. Consider insisting they comply with a recognised standard such as ISO 27001.
- Implement Subresource Integrity checks to protect against unexpected modification of third party libraries used on your web pages.
- Monitor and analyse all browser traffic during testing to ensure no unexpected connections are being made to third-party servers.