Skip to main content

Formjacking attacks could be your new security worry

(Image credit: Image Credit: / Shutterstock)

Login pages, shopping carts and other similar online forms are being increasingly targeted by cybercriminals (opens in new tab) looking to get their hands on some valid financial data, new research suggests.

F5 Labs’ latest report, based on 760 breach reports, states that this method was to blame for almost three quarters (71 per cent) of all data breaches that happened last year. 

Formjacking (opens in new tab) has exploded in popularity over the last two years,” said David Warburton, Senior Threat Evangelist, F5 Networks.

Warburton claims that one of the main problems lies in the fact that many web applications are outsourcing critical components of their code such as shopping carts. Consequently, they’re exposing themselves to unnecessary risk.

A total of 83 such incidents were spotted already this year, which impacted more than a million of payment cards.

Out of all successful attacks, half occurred in the retail industry, 14 per cent in business services and 11 per cent in manufacturing. The report concludes that the biggest victim of formjacking was the transport industry, given that almost two thirds (60 per cent) of all credit card-related thefts were from this particular vertical. 

“The injection landscape (opens in new tab) is transforming along with our behavior,” said Warburton. “Adequately detecting and mitigating injection flaws now depends on adapting assessments and controls – not just fixing code. The more code we hand over to third parties, the less visibility and less control we have over it.”

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.