Cyber criminals increasingly used 'formjacking' to carry out attacks in 2018: study

Cyber criminals increasingly turned to "formjacking" as their go-to means of carrying out attacks against companies last year, according to tracking by Symantec.

Using that method, hackers have stolen sensitive customer data by inserting a few lines of malicious code onto e-commerce websites.


When a customer makes a purchase online, the malicious code makes a copy of their data -- payment card details, username, address -- and then sends it to the hackers' servers. That information can then be sold on the dark web or used to commit fraud.

Symantec began warning about increased formjacking in September.

“This is a significant and sustained campaign, with activity increasing substantially in the week of September 13 to 20,” the company wrote in a blog post at the time.

After discovering another attack in December, Symantec researchers said the form of attack highlights “the fact that attackers are continuously altering and improving their malicious code and exploring new delivery mechanisms to infect more users.”

Attention to these types of attacks came into greater focus following last year’s Ticketmaster breach, in which hackers stole some credit card information in what turned out to be an extensive digital credit card skimming campaign.

Other major companies like British Airways also fell victim formjacking.

In July, RiskIQ reported that in addition to Ticketmaster, the threat group known as Magecart targeted more than 800 e-commerce sites around the world in its campaign.

Updated at 10:47 a.m. on Feb. 15.