Formjacking attacks target customers at checkout

(Image credit: Pixabay)

Cybercriminals are increasingly hijacking online forms such as login pages and shopping carts as they hunt for personal financial information (PFI) according to new research from F5 Labs.

The firm's Application Report 2019 examined 760 breach reports to discover that formjacking, which collects data from a user's web browser and then moves it to an attacker-controlled location, remains one of the most common attack tactics on the web.

According to F5 Labs data, this attack method was responsible for 71 percent of all analyzed web-related data breaches throughout 2018.

Senior Threat Eveangelist at F5 Networks, David Warburton explained how outsourcing parts of web application code led to formjacking's rise in popularity among cybercriminals, saying:

“Formjacking has exploded in popularity over the last two years. Web applications are increasingly outsourcing critical components of their code, such as shopping carts and card payment systems, to third parties. Web developers are making use of imported code libraries or, in some cases, linking their app directly to third party scripts hosted on the web.  As a result, businesses find themselves in a vulnerable position as their code is compiled from dozens of different sources – almost all of which are beyond the boundary of normal enterprise security controls. Since many web sites make use of the same third-party resources, attackers know that they just need to compromise a single component to skim data from a huge pool of potential victims.”


By examining breach data, F5 Labs found that 83 incidents in 2019 were attributed to formjacking attacks on web payment forms which impacted close to 1.4m payment cards.

The firm also found that 49 percent of successful attacks occurred in the retail industry, 14 percent were related to business services and 11 percent were focused on manufacturing. 

However, the transport industry was the biggest victim of formjacking attacks that targeted personal financial information and during F5's window of analysis, 60 percent of all credit card related thefts happened in this sector.

Injection vulnerabilities have been around for some time but F5 Labs believes that they remain a growing and evolving problem as shifting industry trends have led to new risks and the widening of attack surfaces.

To prevent falling victim to formjacking, F5 Labs recommends that businesses create an inventory of web applications, patch their environment, scan for vulnerabilities, monitor for code changes, enable multifactor authentication and monitor for newly registered domains and certificates.

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.