Email remains among the biggest threats enterprises faced in 2018, according to a vendor report, but the increase in formjacking — stealing data customers entered in online forms — is a trend CISOs have to worry about.
That’s one of the conclusions of the latest Symantec Internet Security Threat Report, an analysis of data collected from Symantec endpoint and network devices of customers as well as information from partners.
“Formjacking has taken over as the new threat de jour,” Robert Arandjelovic, the company’s product manager for the Americas, said in an interview.
Symantec figures 4,800 web sites a month were compromised around the world last year by formjacking.
Last week a Russian security vendor called Group IB said it discovered injected code in seven online stores in the U.S. and U.K.
Formjacking involves injecting malicious JavaScript code to steal credit card and other personal information from eCommerce sites.
Among those badly hit last year were Ticketmaster, British Airways, British retailer Kitronik and contace lens seller VisionDirect.
Many of these attacks have been blamed on threat actors called Magecart, which Symantec suspects are several groups. Some, it adds, may be competing with the others.
While infosec teams are getting better at protecting web sites from attacks like SQL injection, Arandjelovic said, criminals are compromising third-party suppliers to wedge their way into sites. Ticketmaster was initially compromised through a chatbot it had contracted with to help with customer service. Other ways of compromise, particularly with SMBs is getting through unpatched web servers and by stealing credentials of web page administrators.
“You’d have to be extremely skilled or paranoid” to detect the small change in web page code, Arandjelovic said.
Regular code review, patching servers and enforcing privileged access management are best defences for formjacking, he said.
Among other trends seen in 2018, cryptojacking dropped throughout the year as the value of cryptocurrencies dropped. However, Arandjelovic said, criminals are still “keeping that pot simmering.”
Detection of ransomware infections also fell, again, paralleling the fall of cryptocurrencies. However, don’t be fooled: Criminals were changing their targets from consumers to the enterprise, as reports of ransomware found in organizations jumped 12 per cent. There was also a rise in mobile ransomware.
Overall, the United States was the number one target of all threats, collecting 22 per cent. Next were China and India. Canada ranked 20th with one per cent of threats.
Among other findings
— in 2018, employees of small organizations were more likely to be hit by email threats—including spam, phishing, and email malware—than those in large organizations;
–spam levels continued to increase in 2018, as they have done every year since 2015, with 55 percent of emails received in 2018 being categorized as spam. Meanwhile, the email malware rate remained
stable, while overall phishing levels declined, dropping from 1 in 2,995 emails in 2017, to 1 in 3,207 emails in 2018. The phishing rate has declined every year for the last four years;
–fewer URLs were used in malicious emails as attackers refocused on using malicious email attachments as a primary infection vector. The use of malicious URLs in emails had jumped to 12.3 percent in 2017, but it dropped back to 7.8 percent in 2018. Symantec telemetry shows that Microsoft Office users are the most at risk of falling victim to email-based malware, with Office files accounting for 48 per cent of malicious email attachments, jumping from five per cent in 2017.
