SMEs under attack as cyber-thieves target payment data

Online criminals are placing hidden code into thousands of websites to obtain pay card details, new studies conclude.

A technique known as “form-jacking” was discovered to be affecting up to 4,800 unique websites every month by security firm, Symantec, with BA and Ticketmaster among the high-profile organisations coming under attack.

Symantec’s research reveals small and medium-size retailers are, by and large, the most widely compromised.

Experts at Symantec explained that form-jacking has grown in popularity among the criminal community because more traditional methods have become less financially rewarding. In the past, ransomware and the mining of crypto-currencies has been relied upon, but such techniques are no longer so lucrative.

Orla Cox, director of Symantec’s security response unit, said:

“It’s a sign we’re in a world where security is tighter and tighter and it’s getting harder to carry out this type of activity.”

Form-jacking involves the insertion of “attack code” into vulnerable websites, such as those in need of a software update to strengthen gaps creates by insecure third-party apps, analytics packs or other add-ons.

While everything would appear to be in working order on affected sites, the small line of code would be operating covertly, giving “enough for attackers to monitor payment card info being entered” before criminals siphon that data off, Ms Cox explained.

Greg Clark, CEO of Symantic said:

“Form-jacking represents a serious threat for both businesses and consumers. Consumers have no way to know if they are visiting an infected online retailer without using a comprehensive security solution, leaving their valuable personal and financial information vulnerable to potentially devastating identity theft.

“For enterprises, the skyrocketing increase in form-jacking reflects the growing risk of supply chain attacks, not to mention the reputational and liability risks businesses face when compromised.”

Symantec blocked more than 3.7 million form-jacking attacks on endpoints in 2018, with nearly a third of all detections occurring during the busiest online shopping period of the year – November and December.

Ms Cox said that the findings demonstrate the upsurge in the popularity of the technique, stating “cyber-criminals are continuing to find new ways to make money,” she said. “And when they do, they pile in.”

Although still widely employed, infections from ransomware fell by 20% over 2018, a trend that has been helped by organisations and consumers employing better back-up behaviours thus making it more difficult for criminals to steal valuable payment data.


European Data Protection Summit will take place on June 3rd in Central London and will play host to 800 DPO’s, Security Professionals and senior business decision makers looking for; information, updates, clarity, advice and solutions. For more information, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.