. home.aspx



Formjacking: the security nightmare CISOs need to know about

May 13, 2019 / Paolo Passeri

Ransomware hit the headlines in 2017, cryptojacking became notorious in 2018, so it may come as no surprise that a sophisticated new form of attack is making its mark in 2019. Staying ahead of trends and the security game, malicious actors have latched onto another high-return attack. Their latest weapon of choice: formjacking. The threat. So how does it work? Forms are in use in some manner in most websites – harvesting data for marketing purposes, identifying users through security checks and enabling financial transactions.  They are so common that most operating systems and browsers allow you to save highly sensitive data to be automatically filled into forms (for instance credit card details). Formjacking sees tiny lines of malicious JavaScript code injected into a website with the goal of skimming data. The code is designed to harvest any valuable information inputted into forms by users.