Formjacking: Are Ransomware and Cryptojacking About to Be Replaced?

Jason Coggins by   03.15.2019   Ransomware

Well, let’s start with the good news. Overall, both Ransomware and Cryptojacking saw a noticeable decline during 2018. The not-so-good news is that Ransomware is still a growing threat to enterprises, who saw a 12% increase in attacks compared to the previous year. Additionally, 2018 saw an 30% increase in the number of mobile Ransomware infections – most of which affecting devices in the United States.

There was, however, an overall decline in the number of mobile Malware infections. The number of Cryptojacking attempts has declined by 52% during 2018, which was said to be caused by a fall in the value of cryptocurrencies. That said, Symantec claims to have blocked four times as many attempts than what they did in 2017, although no reason was given to support this claim.

I think it is fair to say that Ransomware is going nowhere. For as long as phishing/social engineering attacks are effective, Ransomware attacks will continue to evolve and become more targeted. We may, however, see the end of Cryptojacking, as cryptocurrency mining becomes less profitable – irrespective of the value of the currencies themselves. Not only that, but many of the “next generation” cryptocurrencies don’t use “mining” as a way of creating the “coins”, but instead use other coin generation techniques which require proof of stake, propagation, resource, etc.

Cryptocurrency mining may not disappear completely, but it is unlikely to be as lucrative as it is now. Ransomware, on the other hand, will not be directly affected by the value of cryptocurrencies.

What is Formjacking?

Formjacking is where an attacker injects malicious JavaScript code into the web form of an application or website, in an attempt to collect sensitive data from the user. The compromised form will typically seek to obtain payment information, which can be used for bank fraud or other criminal activities.

Formjacking has become an increasingly popular style of attack as it is simple to deploy and potentially very lucrative. According to the above report, more than 4,800 unique websites are compromised on average every month – some of which affecting high-profile brands such as British Airways, where 380,000 credit cards were stolen worth an estimated +$17 million.

How to Detect and Prevent Formjacking

Given that Formjacking is very new to the scene, the defense procedures are not well documented. However, as with detecting most forms of malware, the first step is to monitor all activity that takes place on the server – paying close attention to changes made to any files associated with your web forms.

It’s also worth noting that some Formjacking attacks have been able to infect websites and applications via “software supply chain attacks” – where the infection is passed on through propitiatory software.

To mitigate SSC attacks, enterprises will need to ensure that all applications and updates are tested before they are deployed – ideally in a controlled environment or sandbox. It is a good idea to use an anti-malware solution that uses machine learning (ML) as opposed to signatures, as ML can identify malware even if it’s unknown or digitally signed.

Additionally, there are solutions available which use threat intelligence feeds to check the hash value of a given application against a database of known trusted hashes. A host-based Intrusion Detection System (IDS) can also be used to monitor web server logs and generate alerts when it detects a suspicious pattern of behavior.

While it may seem primitive, it is also worth manually inspecting your web forms, as Formjacking has been known to alter the functionality of the input boxes, which might only be visible to the naked eye.

If you would like to see how our Data Security Platform, LepideAuditor, might be able to help you address some of the challenges associated with Formjacking, click here to schedule a demo.

If you liked this, you might also like...