Internet Security Threat Report 2019: 4800 formjacking attacks per month
Symantec presented its annual report on major cyber threats. Criptojacking and ransonware are moving into the background, giving way to formjacking attacks on e-commerce facilities.
As every year, Symantec has published its new edition of its annual report on cyber threats, the 24th, to be precise, which offers particularly interesting ideas. The first fact that stands out is the decrease in private ransomware attacks. The reason is easy to guess, in this case: with the collapse in value of the various cryptocurrencies, attacks of this type become less and less convenient and as a result cybercriminals prefer to focus on more effective strategies.
In particular, the increase in formjacking attack, which can yield much more to criminals, is a cause of concern for experts. This is a type of attack that involves the injection of malicious code on e-commerce sites, a code that will record the credentials and credit card data, which are then sold on the Dark Web. British Airways and Ticketmaster cases, when 380,000 and 40,000 profiles were respectively violated.
Cloud-related risks also increase, an increasingly attractive target for cyber criminals since adoption has grown exponentially. According to the data presented by Symantec, the cloud is, in effect the new PC: if until a few years ago the computers of employees were the main vulnerability for companies, today they are the wrong configurations of corporate clouds, as shown phenomenon of stolen buckets, that is data containers hosted on Amazon’s S3 and not adequately protected.
Furthermore, with the spread of IoT devices, attacks on this type of device are increasing, which in most cases do not offer an acceptable level of security. We think, for example: of the vulnerabilities discovered in Amazon’s voice assistant and in Philips smart light bulbs, but also to more sensitive systems, such as SCADA, which control industrial machinery and have been targeted by hackers and espionage services for some years.
Symantec concludes the report by offering some data on iOS and Android apps. We are not talking about viruses or malware, in this case, but about privacy risks that still escape many users: 44% of the Android app and 48% of the is once require access to the contact list and even the 45% of the app on Play Store requires access to the device’s location to function, even when not strictly necessary for operation (for example: as could be the case with a satellite navigator).
The full report is available on the Symantec website.