Website “formjacking” increasing risk to insecure sites

According to Symantec’s Internet Security Threat Report 2019 on average 4800 websites a month are compromised by formjacking code.

Formjacking is a cyber security threat to any business website, with cyber-criminals targeting any commerce sites with a view to intercepting payment details. And if you’re thinking that this only hits sites like British Airways, Semantic points out that as well as well known brands being targeted, small to medium size businesses are also at risk.

The threat occurs when cyber-criminals manage to insert small pieces of code on websites to capture copies of credit card and payment information. The ability to “infect” the sites in this way occurs when website software, plugins, etc. are not kept up to date and vulnerabilities are exploited that allow the insertion of the code.

The key is to make sure you keep your website software up to date. Popular website platforms like WordPress often release updates to fix security issues, but you should also be on the look out for any security updates to plugins you may be using or any plugins that are no longer being updated (where you might not learn of a security issue) – there’s also been examples with some WordPress plugins being taken over and malicious code added. So, if you collect payment information via your website then keep your website software up to date.

As well as a rise in formjacking, the Symantec’s report highlights include:

  • One in ten website URLs are malicious a rise in 56%
  • A drop in Cryptojacking, although still high
  • A 33% rise in mobile ransomware
  • 48% of malicious emails contain Office attachments

Leave a comment