As the number of customers who make transactions online increases, the risk of compromising their personal details also increases.
In a blog by software company Symantec, it details who the group Magecart uses formjacking to steal user data that include credit card details.
From the research Symantec did to gain insights of what businesses were potential targets, it examined “1,000 instances blocked by Symantec over a three-day period from Sept. 18 to 20, where it found out that 57 individual websites were affected.
The sites are online retail sites that range from small niche sites to larger retail operations.
“Our data shows that any company, anywhere in the world, which processes payments online is a potential victim of formjacking,” Symantec writes on its blog.
The company sees formjacking as a sustained campaign based on its monitoring “with activity increasing substantially in the week of Sept.13-20.
“According to Symantec telemetry, since August 13 we have blocked 248,000 attempts at formjacking — almost a quarter of a million instances. However, more than one third of those blocks (36 percent) occurred from Sept. 13-20, indicating that this activity is increasing.”
This revealed how Magecart has been using third-party — and smaller — companies online retail stores are using for various services such as analytics and customer support. “The report at that time said at least 800 e-commerce sites had been hit in that campaign. The danger is that if Magecart can compromise one widely used third-party supplier, they could potentially infect thousands of sites in one go.”
Symantec warns, though, that while large company websites have ensured data security by complying to government regulations, it is the third-party, small websites that offer various services that become the gateway of such attacks.
Cybercriminals use supply chain attack in order to gain access to the bigger website and “change the code on the payment page.”
Symantec advises companies to ensure that supply chain websites are as secure as their own so their cybersecurity efforts won’t go to waste.
Image from Pixabay