Symantec: Cybercriminals shift to formjacking after cryptojacking ‘collection’ declines

Cybercriminals are not resorting to formjacking, a new form of digital information theft, after losing interest in cryptojacking. This is one of the findings of Symantec’s latest Internet Security Threat Report (ISTR).

Symantec’s ISTR provides an overview of the threat landscape, including insights into global threat activity, cyber criminal trends, and motivations for attackers. The report analyzes data from Symantec’s Global Intelligence Network, which records events from 123 million attack sensors worldwide, blocks 142 million threats daily and monitors threat activities in more than 157 countries.

Symantec reports that on average, more than 4,800 unique websites are compromised with formjacking code every month. The cybersecurity firm claims that it was able to block more than 3.7 million formjacking attacks on endpoints in 2018, with nearly a third of all detections occurring during the busiest online shopping period of the year: November and December.

Ecommerce sites are the most vulnerable to cryptojacking because they have customer’s personal information and financial and credit card details. Criminals could easily make money from the amount of information and its value they can obtain from one site alone.

Details for sale

The report says cybercriminals may have “earned” tens of millions of dollars by selling these pieces of information in the dark web.

According to the report, just 10 credit cards stolen from each compromised website could result in a yield of up to $2.2M each month, with a single credit card fetching up to $45 in the underground selling forums. With more than 380,000 credit cards stolen, the British Airways attack alone may have allowed criminals to net more than $17 million.

“The activity peaked toward the end of the year,” said Sherif El-Nabawi, vice president, Asia-Pacific and Japan, Sales Engineering and Service Provider Sales, at Symantec. “Symantec was able to block over one million attacks in November and December, the busiest online shopping period because of the holidays.”

El-Nabawi also said that 1 in 10 URLs are malicious.

He also noted the shift in attacks from the consumer in 2016 to the enterprise in 2018 “because the money to get from businesses is way higher than what criminals can get from a single user,” El-Nabawi said.

Supply chain

In Symantec’s cybersecurity predictions in 2019, the supply chain will play a big role in these attacks. Supply chain and living off the land (LotL) attacks are now a mainstay of the modern threat landscape, according to Symantec’s findings, and widely adopted by both cybercriminals and targeted attack groups.

“There are 78-percent increase attacks that go through the supply chain,” he said. “Malicious email is, by far, the largest source of these attacks.”

While the volume of the Internet of Things (IoT) attacks remains high and consistent with 2017 levels, the profile of IoT attacks is changing dramatically. Although routers and connected cameras make up the largest percentage of infected devices (90 percent), almost every IoT device has been proven vulnerable, with everything from smart light bulbs to voice assistants creating additional entry points for attackers.

Targeted attack groups are increasingly focusing on IoT as a key entry point. The emergence of the VPNFilter router malware represents an evolution in traditional IoT threats. Conceived by a skilled and well-resourced threat actor, it allows its creators to destroy or wipe a device, steal credentials and data, and intercept SCADA communications.

Image from Pixabay