2 min

A report by F5 Labs shows that formjacking, in which cybercriminals falsify online forms, caused almost three-quarters of all data breaches in the past year.

The technique is used by criminals to forge login pages, online shopping carts and similar online forms. In this way they try to get their hands on financial data, which they then use for malicious purposes.

The report, which investigated 760 reports of data breaches, reports that three-quarters of these breaches were the result of this technique. David Warburton, Senior Threat Evangelist at F5 Networks, reports that the technique has grown enormously in popularity over the past two years. He goes on to say that one of the main reasons is that web applications often outsource important parts of their code. In other words, these components are not developed by companies themselves, which increases the risk of injection attacks and thus unsafe applications.

The figures

This year, 83 of these types of incidents have already been observed in the area of online shopping trolleys. As a result, more than a million payment cards were hit. Of all the successful attacks, about half took place in the retail industry. 14 percent were provided by business services and 11 percent by manufacturing companies. The report also states that one of the main victims was the transport industry. More than two-thirds of all thefts with credit card details took place in that industry.

“Injection changes with our behavior,” says Warburton. “The adequate detection and reduction of injection errors now depends on the adaptation of assessments and controls – and not only on the repair of code. The more code we transfer to external parties, the less visibility and control we have over it.”

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.