Login pages, shopping carts and other similar online forms are being increasingly targeted by cybercriminals looking to get their hands on some valid financial data, new research suggests.
F5 Labs’ latest report, based on 760 breach reports, states that this method was to blame for almost three quarters (71 per cent) of all data breaches that happened last year.
“Formjacking has exploded in popularity over the last two years,” said David Warburton, Senior Threat Evangelist, F5 Networks.
Warburton claims that one of the main problems lies in the fact that many web applications are outsourcing critical components of their code such as shopping carts. Consequently, they’re exposing themselves to unnecessary risk.
A total of 83 such incidents were spotted already this year, which impacted more than a million of payment cards.
Out of all successful attacks, half occurred in the retail industry, 14 per cent in business services and 11 per cent in manufacturing. The report concludes that the biggest victim of formjacking was the transport industry, given that almost two thirds (60 per cent) of all credit card-related thefts were from this particular vertical.
“The injection landscape is transforming along with our behavior,” said Warburton. “Adequately detecting and mitigating injection flaws now depends on adapting assessments and controls – not just fixing code. The more code we hand over to third parties, the less visibility and less control we have over it.”