Faced with diminishing returns from ransomware and cryptojacking, cyber criminals are doubling down on alternative methods, such as formjacking, to make money according to a preview of Symantec’s Internet Security Threat Report.
The report states that, Formjacking attacks are simple – essentially virtual ATM skimming – where cyber criminals inject malicious code into retailers’ websites to steal shoppers’ payment card details. On average, more than 4,800 unique websites are compromised with formjacking code every month globally. Symantec blocked more than 3.7 million formjacking attacks on endpoints in 2018, with nearly a third of all detections occurring during the busiest online shopping period of the year – November and December.
“Formjacking represents a serious threat for both businesses and consumers,” said Greg Clark, CEO, Symantec. “Consumers have no way to know if they are visiting an infected online retailer without using a comprehensive security solution, leaving their valuable personal and financial information vulnerable to potentially devastating identity theft. For enterprises, the skyrocketing increase in formjacking reflects the growing risk of supply chain attacks, not to mention the reputational and liability risks businesses face when compromised.”
Although cryptojacking activity peaked early last year, cryptojacking activity declined by 52 percent throughout the course of 2018. Even with cryptocurrency values dropping by 90 percent and significantly reducing profitability, cryptojacking nonetheless continues to hold appeal with attackers due to the low barrier of entry, minimal overhead, and anonymity it offers. India ranks fourth globally, second in APJ in terms of crypto mining activities. Similarly, India ranks second both globally and in APJ in terms of ransomware activities. Symantec blocked 3.5 million cryptojacking events on endpoints in December 2018 alone.
“With an increasing trend towards the convergence of IT and industrial IoT, the next cyber battlefield is operational technology,” said Ajathashatru Varma, Director, Symantec Cyber Security Services, India. “A growing number of groups, such as Thrip and Triton, display interest in compromising operational systems and industrial control systems to potentially prepare for cyber warfare.”
Symantec’s ISTR provides an overview of the threat landscape, including insights into global threat activity, cyber criminal trends, and motivations for attackers. The report analyzes data from Symantec’s Global Intelligence Network, the largest civilian threat intelligence network in the world, which records events from 123 million attack sensors worldwide, blocks 142 million threats daily and monitors threat activities in more than 157 countries.
Targeted attack groups are increasingly focusing on IoT as a key entry point. The emergence of the VPNFilter router malware represents an evolution in traditional IoT threats. Conceived by a skilled and well-resourced threat actor, it allows its creators to destroy or wipe a device, steal credentials and data, and intercept SCADA communications.