Video | Agriculture | Confidence | Economy | Energy | Employment | Finance | Media | Property | RBNZ | Science | SOEs | Tax | Technology | Telecoms | Tourism | Transport | Search

 

Symantec Threat Intelligence – Formjacking

Symantec Threat Intelligence – Formjacking: New Campaign Affecting Top Shopping Sites

Symantec has detected a new Formjacking campaign. Formjacking is the use of malicious JavaScript code to steal credit card details and other information from payment forms on the checkout web pages of e-commerce sites and has been making headlines globally.

Prevalence

In recent months, Symantec have seen a major uptick in formjacking attacks against high-profile websites across the globe. From their telemetry, Symantec has also observed locally popular websites (those with an Alexa Rank of less than 5,000 in a particular country) in the U.S., Japan, Germany, and Australia, among other countries, being injected with formjacking scripts.

Symantec’s Intrusion Prevention System (IPS) technology proactively protects website users from formjacking attacks. In the past three months alone, IPS has blocked more than 1 million formjacking attempts on more than 10,000 unique websites. Taking into account supply chain attacks, which can allow attackers to gain access to large companies by exploiting weaknesses in smaller businesses used by the larger company to provide different services, we can easily say that the actual number of infected websites is bound to be higher.

New campaign, new technique

Recently, Symantec came across a website of a retail store in Paris which was injected with a formjacking script (Figure 1).


Figure 1. Code injected into affected sites’ pages

The code shown in Figure 1 collects the payment information entered by users on the website and posts it to the domain google-analyitics.org. This domain is a typo-squatted version of the legitimate Google Analytics domain, google-analytics.com.

This was no new occurrence, considering the number of payment information-stealing script injections Symantec sees daily. However, digging into our telemetry, we came across an interesting pattern. We observed popular websites from different countries—such as the U.S., Japan, Australia, and Germany—redirecting to this one Paris website. This created an interesting redirection chain as customers of all these websites were being infected by formjacking at the same time. Figure 2 shows how this infection chain works.



Figure 2. Example of formjacking redirection

This attack chain is unique in the sense that it differs from the prevalent supply chain formjacking attack, where attackers compromise popular third-party script library providers. As these scripts are loaded by many websites, with one compromise the attacker manages to load their malicious code on a large number of websites all at the same time. In our scenario, the redirecting website and the compromised website in many cases come from different areas of the online shopping landscape, dealing in entirely different product spaces.

Protection

Victims may not realise they are victims of formjacking, as generally their websites continue to operate as normal, and attackers are sophisticated and stealthy and take steps to avoid detection.

Symantec customers are protected from formjacking attacks.

To read the full Threat Intelligence Report please go to https://www.symantec.com/blogs/threat-intelligence/formjacking-targeting-popular-stores


ends

© Scoop Media

 
 
 
Business Headlines | Sci-Tech Headlines

 

21, 22, 23 December: Air NZ Workers Vote To Strike

Last week union members voted overwhelmingly in favour of industrial action in response to the company’s low offer and requests for cuts to sick leave and overtime. More>>

ALSO:

24/7: National Geohazards Monitoring Centre Opens

For the first time, New Zealand will have 24-7 “eyes on” monitoring of the four perils: earthquake, tsunami, landslides and volcanic activity. More>>

ALSO:

EU Wine Exports: Yealands Fined For "Unprecedented Offending"

Yealands Estate Wines has pleaded guilty to “unprecedented offending” under the Wine Act 2003 and has copped a $400,000 fine. More>>

ALSO:

Discussion Paper: Govt To Act On Unfair Commercial Practices

“I’ve heard about traders who have used aggressive tactics to sell products to vulnerable consumers, and businesses that were powerless to stop suppliers varying the terms of their contract, including price.” More>>

ALSO:

'Considering Options' On Tip Top Ownership: Fonterra Drops Forecast Milk Price

Fonterra Co-operative Group Limited today revised its 2018/19 forecast Farmgate Milk Price range from $6.25-$6.50 per kgMS to $6.00-$6.30 per kgMS and shared an update on its first quarter business performance. More>>

ALSO: