Threat Management, Threat Management, Malware, Phishing, Ransomware

Ransomware out, formjacking in as primary attack vectors

Quick and easy attack methods like formjacking gained popularity among cybercriminals last year, while more tried and true approaches like ransomware fell to the wayside in 2018, according to a new report.

The reasoning behind this switch, according to Symantec’s just-released Internet Security Threat Report, is quite straight-forward. Formjacking, which entails placing malware on a victim’s system to steal payment card information, is simple to perform and offers an incredibly high yield.

Symantec’s research revealed that on average a stolen payment card can be sold on the dark web for about $45 and with 4,800 sites being compromised each month even if only a small number of cards can be stolen from each incident the money quickly piles up for the thieves.

“With more than 380,000 credit cards stolen, the British Airways attack alone may have netted criminals more than $17 million,” the report stated.

The primary culprit behind these attacks was Magecart and its sub-groups. All together these threat actors pulled off an impressive string of heists in 2018 hitting Ticketmaster, Newegg, Huddle House and dozens of other companies.

"So, what can be done to prevent these attacks? Security training and education, along with IT and Ops teams partnering with security to understand and prioritize how to mitigate risk are essential. Applying patches to applications immediately – not months after they become available – and making security testing a part of the entire lifecycle of an application are also critical," said Oscar Tovar, vulnerability verification specialist with WhiteHat

Some of the older style attacks also remained popular last year with spear-phishing being used to infiltrate organizations in order to place malware designed to destroy or disrupt business operations increasing by 25 percent in 2018.

Joining formjacking as a go-to favorite in a cybercriminals toolset were targeted attacks against supply chain vendors, up 78 percent, and those against information residing in the cloud. Symantec reported that in 2018, more than 70 million records were stolen or leaked from poorly configured S3 buckets. Off-the-shelf tools on the web allow attackers to identify databases that were either misconfigured or simply not locked down by their operators.

Living off the land-style attacks using PowerShell scripts saw the largest year over year increase with Symantec noting a 1,000 percent increase.

However, the biggest surprise was the decline in ransomware. Whether this was due to the across the board decline in the value of digital currency or better cybersecurity being in place, the end result was a 20 percent drop in ransomware attacks. That is not to say cybercriminals have given up on this attack vector, in fact, ransomware attacks against mobile and enterprise targets each increased, 33 percent and 12 percent respectively.

The digital currency collapse also convinced many malicious actor to give up on cryptojacking with this form of attack falling by 52 percent. Symantec did couch that statement with the fact that cryptojacking is a relatively easy exercise so it is likely to remain in use and somewhat popular due to this low bar of entry for unskilled attackers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.