Ransomware giving lesser money; cyber criminals shift to formjacking

FOR cyber bad guys, formjacking is their new way of making millions of dollars. No sweat, most probably.

It is because ransomware is not as profitable anymore.

Symantec’s Internet Security Threat Report (ISTR) 2019 revealed this and many more developments in the shadowy world of the internet, where cybercriminals lurk, waiting to pounce on their next victim.

And pounce they do.

Symantec said formjacking poses a serious threat to businesses and consumers as the threat actors are becoming “more ambitious, destructive and stealthy in their attacks,” naturally raising the stakes for both organizations and individuals .

Here’s a quick look at what’s happening per the ISTR:

  • Nearly one in 10 targeted attack groups are now utilizing malware to destroy and disrupt business operations, which is 25 percent higher than 2017.
  • Attackers are enhancing tried-and-tested tactics, including spear-phishing, hijacking legitimate tools and malicious email attachments.
  •  Infections of enterprises through ransomware is up 12 percent.
  • Cloud resources are increasingly becoming an easy target for digital thieves, with more than 70 million records stolen or leaked from poor configured S3 public cloud storage buckets.
  • More attackers display interest in compromising operational and industrial control systems, with the potential of sabotage.


Egyptian Sherif El-Nabawi, vice president for Sales Engineering at Symantec Asia Pacific and Japan. (EKU).

Symantec noted that as ransomware and cryptojacking are encountering diminishing returns, cyber criminals are revving up their formjacking schemes to milk more money from their victims.

The cybersecurity company said formjacking is cyber criminals’ latest get-rick quick scheme.

“Formjacking attacks are simple,” Symantec pointed out in a statement. The new form of online attack is “essentially virtual ATM skimming where cyber criminals inject malicious code into retailers’ websites to steal shoppers’ payment card details.”

It revealed that over 4,800 unique websites on average are compromised with formjacking code every month.

“Symantec blocked more than 3.7 million formjacking attacks on endpoints in 2018, with nearly a third of all detection occurring during the busiest online shopping period of the year — November and December,” the company said.

And it’s not only the big time retailers which are being hit by cyber criminals.

It cited Ticketmaster and British Airways whose online payment websites were compromised recently, but small- and medium-size retailers are the ones “most widely compromised,” by and large.

No exact figure the cyber criminals have siphoned off from their victims, but Symantec said the figure they have stashed away in 2018 could be in the tens of millions of Uncle Sam’s currency.

What the hackers do, it added, is steal consumers’ financial and personal information via credit card fraud and sale them on the Dark Web.

“Just 10 credit cards stolen from each compromised website could result in a yield of up to $2.2 million each month as a single credit card can fetch up to $45 in underground selling forums,” the company said.

“With more than 380 credit cards stolen, the British Airways attack alone may have allowed criminals to get more than $17 million.”

The ISTR’s key highlights include about formjacking; diminishing returns from cryptojacking and ransomware; regarding security, cloud is the new PC; living off the land tools and supply chain weaknesses spur stealthier, more ambitious attacks; Internet of Things in the crosshairs of cyber criminals and attack groups; and, the great privacy awakening.

Among others, Symantec’s report noted that attack volume on IoT devices has remained high since 2017 although but the profile of attacks is changing dramatically.

While routers and connected devices make up the largest percentage of infected devices at 90 percent, almost every IoT device has proven vulnerable, including smart light bulbs to voice assistants.

Sherif El-Nabawi, vice president for Sales Engineering and Service Provider Sales at Symantec Asia Pacific and Japan, hinted of a new online battleground.

“With the growing trend toward the convergence of IT and industrial IoT, the next cyber battlefield is operational technology. A growing number of groups such as Thrip and Triton display interest in compromising operational systems and industrial control systems to potentially prepare for cyber warfare,” said El-Nabawi.

Meanwhile, Symantec has tips for business organizations and consumers to guard themselves from cyber threats.

For business: 1. Don’t get flat-footed. 2. Prepare for the worst. 3. Implement a multi-layered defense. 4. Provide ongoing training about malicious email. 5. Monitor your resources.

For consumers/individuals: 1. Change the default passwords on your devices and services. 2. Keep your operating system and software up to date. 3. Back up your files. (EKU)

Don't be shy, comments are welcome! Thank you.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: