Formjacking is the big new threat in cyberspace, says Symantec report

In a world that’s growing increasingly digital, online security is of utmost importance. Recent incidents involving data leaks from online travel company ixigo and LPF cylinder distributor Indane show how databases of corporations and firms can be compromised and sensitive customer information stolen. No wonder cybersecurity figures on top of all enterprises’ to-do lists.

Mountain View, California-based cybersecurity software and services firm Symantec recently released its 2019 Internet Security Threat Report, which lists the types of threats encountered on the internet in the past year. Formjacking emerged as the greatest threat to ecommerce sites in 2018.

Here are the key highlights from the report:

Formjacking is a favourite of cyber criminals. Formjacking, described as the “use of malicious JavaScript code to steal credit card details and other information payment forms on the checkout pages of ecommerce sites”, attracted many cybercriminals. Symantec’s data revealed that 4,818 unique websites were compromised with formjacking code every month in 2018. Data sold on a single credit card yields up to $45 in underground markets.

Sometimes just 10 credit cards stolen on compromised websites could yield up to $2.2 million for cyber criminals each month, the report said. While compromises on British Airways and Ticketmaster were widely reported, Symantec found from its telemetry data that small and medium-sized retailers – selling goods ranging from clothing to gardening equipment to medical supplies - were often injected with formjacking codes. “This is a global problem with the potential to affect any business that accepts payments from customers online,” the report added.

Cryptojacking is declining. Cryptojacking – a form of attack where cyber criminals run coinminers on victims’ devices without their knowledge and use the CPU power to mine cryptocurrencies – fell by 52 percent between January and December 2018 as cryptocurrency values fell by 90 percent in the same period.

Supply chain attacks are gaining traction. Instead of creating expensive malware, attackers are making use of Windows OS utilities and other commonly available tools to mount an attack, making them difficult to detect. Malicious PowerShell scripts are on the rise and nearly half the malicious email attachments (48 percent) had Microsoft Office files in 2018 compared to just 5 percent in 2017, the report said. Supply chain attacks, which make use of third-party services or software to compromise a final target, surged by 78 percent in 2018, making them one of the most dangerous threats online. The Symantec report said developers were mostly affected in supply chain attacks. “Effectively identifying and blocking these attacks requires the use of advanced detection methods such as analytics and machine learning.”

Misconfigurations and vulnerabilities in hardware chips are being exploited. “Poorly secured cloud databases continued to be a weak point for organisations,” the Symantec report said. Poor configuration resulted in 70 million records stolen or leaked. In 2017, MangoDB’s contents were wiped out and a ransom was demanded to restore them, in what is typically termed a ransomware attack. Hardware chip vulnerabilities could lead to leak of data from several cloud instances as attackers exploit such vulnerabilities to access memory locations that are normally forbidden.

Worms and bots are being used in IoT attacks. Routers and connected cameras were the most infected devices, accounting for 75 percent and 15 percent of the attacks, respectively. A new breed of threats emerged in the form of infection vector in IoT in 2018. India did not figure in the top 10 source countries for IoT attacks.

Messaging threats continue for individuals and organisations. Employees of small organisations were likely hit by email threats, which included spam, phishing, and email malware. Spam went up in 2018, with 55 percent emails being categorised as spam. Phishing registered a decline while email malware rate remained stable. The use of malicious URLs in emails was 7.8 percent in 2018 compared to 12.3 percent in 2017. In India, one in 772 emails was likely to be a malicious email, while one in 8.3 emails was likely to have malicious URL in emails as per the country-wise classification of malicious emails. The top subject topics in malicious emails were Bill, Email Delivery Failure, Package Delivery, Legal/Law Enforcement, and Scanned Document. The top email keywords were invoice, mail, sender, payment, important, message, new, returned, and delivery. India had an email spam rate of 50.9 percent, way below Saudi Arabia, which topped the list at 66.8 percent.

Malware is on the rise and ransomware worries enterprises. The use of malicious PowerScripts increased by 1,000 percent in 2018, according to Symantec data. Ransomware continued to be a threat for organisations, as ransomware infections of enterprises increased by 12 percent whereas overall ransomware infections fell by 20 percent. India was on the second spot, accounting for 14.3 percent of total ransomware attacks behind China (16.9 percent).

Mobile devices are not spared. One in 36 mobile devices has high-risk apps installed, according to the Symantec report. Mobile ransomware increased by 33 percent compared to the previous year. Mobile apps that employ invasive advertising fell to 26 percent in 2018, down 4 percent from 30 percent in 2017.

Web attacks register an increase. One in 10 URLs was found to be malicious in 2018 compared to 1 in 12 in 2017. Formjacking was the biggest cybersecurity threat in 2018.

Targeted attacks continue unabated. The most active cyber-attack groups targeted an average of 55 organisations in 2018. There was an 8 percent increase in malware used by attack groups. Spear-phishing remained the popular form of attack. India had 128 targeted attacks by groups in 2018. Overall, across studied geographies, the number of affected organisations declined to 455 compared to 582 in 2017.

The report also provided wide-ranging information on underground economy that operates using data gained from cyber-attacks.