The latest installment of Symantec’s annual Internet Security Threat Report shows that formjacking was the number one cyber threat in 2018, replacing cryptojacking, i.e. the distribution of malware that uses the resourcing powers of infected systems in order to mine cryptocurrency. In a formjacking attack, a threat actor injects malicious JavaScript code into a legitimate website in order to capture sensitive information that users submit to the site, such as payment card information. Over the course of 2018, over 4,800+ websites were compromised through formjacking every month.
The report also indicates that threat actors are increasingly going after organizations by means of indirect cyber attacks in which access to the targeted system is obtained via the supply chain of a company. In practice, this means that hackers first break into the systems of a third party (e.g. a vendor, digital service provider or business partner), and subsequently use their foothold on this third-party network to infiltrate their main target. Between 2017 and 2018, the number of supply chain attacks rose by 78%.
Read more: Formjacking Surpasses Ransomware and Cryptojacking as Top Threat of 2018