With this attack they can steal your information when you buy online

With this attack they can steal your information when you buy online

Users can make their purchases and not realize they were victims of formjacking 

  The way you gladly give your card information to buy that shirt stamped with the characters from the fashion movie or the earrings you fell in love with on an internet advertisement can expose it to the formjacking, a technique with which cybercriminals' they inject code 'on a page and through fraudulent forms they seek to steal your financial information, sell your data on the black market or clone your cards.

   The formjacking , according to a recent study by the cybersecurity firm Symantec, is shaping up to be the most popular cyber attack in 2019 , even over the popular ransomware , with which attackers hijack the data of their victims to demand a ransom.

In general terms, this form of attack on the rise is a highly profitable way to exploit the vulnerabilities of an online shopping website to send a copy of the information of the netizens to a different server. The most serious, according to experts, is that users can make their purchases, receive their products and never realize they were victims.

It's a form of attack that has taken a lot of force this year. Nobody saw it coming

How does it work?

According to Axel Diaz Ortega, Adalid senior lawyer and expert in information security, contrary to what you might believe, the formjacking is not a new technique.

"It is a way to take advantage of the vulnerabilities of browsers that has been used since the beginning of electronic payments."

According to the experts, the attacker injects code (like a JavaScript that fits easily into the frontend of a page) to generate hidden access and steal the information of the netizens.

"It's a form of attack that has taken a lot of force this year. Nobody saw it coming, the sector did not expect such a sudden growth because, for the most part, browsers have adopted more secure protocols for online payment pages. "


For the security strategist for Latin America and the Caribbean of Symantec Sebastián Brenner, the emergence of these attacks is due to the search for profitability.

"The cyber attackers are inclined for the most lucrative, seek to generate a quick economic return." For Symantec, in part, ransomware would no longer be as profitable with individual victims.

In that sense, the formjacking does not require any dialogue with the victim and may have a more massive scope. In one place, thousands of users can carry out their transactions successfully and not be aware of their vulnerability for months. According to figures from Symantec, during the year 2018 an average of 4,800 infected websites were found per month.

According to Brenner, these attacks have two phases: the first is that in which the server is compromised and the second, waiting for the victims to arrive.

The cyber-attacker first seeks to enter the server to modify or add code that captures the user's information.

According to the executive, "we are talking about attacks on supply chains, suppliers that serve services and applications." Criminals seek to affect small suppliers that provide services to several e-commerce sites.

However, sites such as the British Airways airline or Ticket Master have also been affected. According to Brenner, Symantec has stopped about 4 million attacks of formjacking globally since 2018 .

In the second step, the attackers 'wait for the prey', the user makes a common purchase, goes to the payment form and clicks 'pay'. "Everything seems transparent; the purchase is made, but the inserted code makes a copy of the information and sends it secretly to the addresses stipulated by the attacker. "

It is known that online shopping sites, at least the most reliable ones, have security protocols so that third parties can not visibly see user's payment information.

The success of formjackingis that it does not require access to this encrypted data, but rather works more like a 'mirror'. The real server receives the purchase request and stores it in encrypted form, but first sends a copy to another address, chosen by the offender.

How to buy quiet?

The solution is to keep the browser updated and distrust the offers. In the case of companies, the best thing is professional consulting. An e-commerce firm, for example, should, at least once a year, conduct a review by a specialist in ethical hacking to identify its weak points.

Experts agree that there are no magic solutions, but having the operating systems of the devices and the most up-to-date versions of both the programs and the browsers is a fundamental measure.

Other recommendations are to use trusted portals, check URLs, not download strange executables, have a recent antivirus and check the validity of the site and the source of offers that look too good to be true.