When returns on ransomware and cryptojacking started to decline, cyber-criminals had to get creative with alternative methods of making money, according to Symantec’s newly released Internet Security Threat Report.
The report found that, on average, 4,800 websites were compromised with formjacking code each month. “Incidents of formjacking –the use of malicious JavaScript code to steal credit card details and other information from payment forms on the checkout web pages of eCommerce sites – trended upwards in 2018.”
Dubbed the breakthrough threat of 2018, formjacking grew in popularity largely because of its simplicity, giving attackers the chance to earn money easily and quickly. The report suggests that tens of millions of dollars may have been stolen in 2018 as a result of these attacks.
Also prevalent last year were supply chain attacks, which saw a 78% surge. Nearly half (48%) of all malicious email attachments were office files, which represents an enormous jump from only 5% in 2017. Web attacks were also up by 56%, with the report noting that one in 10 URLs was malicious.
Last year did see an ebb and flow of different attack vectors. Cryptojacking events dropped by 52% last year, which coincided with a 90% drop in the value of Monero, the cryptocurrency of choice for cyber-criminals. Despite a 12% rise in enterprise ransomware and a 33% spike in mobile ransomware, the overall number of ransomware attacks actually fell by 20% in 2018.
“While this may have led some of the initial adopters of cryptojacking to turn to other ways to make money, such as formjacking, it’s clear a significant cohort of cyber criminals still think cryptojacking is worth their time,” the report said.
“We also saw some cryptojacking criminals targeting enterprises in 2018, with the WannaMine (MSH.Bluwimps) cryptojacking script, which uses the Eternal Blue exploit made famous by WannaCry to spread through enterprise networks, rendering some devices unusable due to high CPU usage.”
The study also found that more than 70 million records were stolen or leaked due to poorly configured S3 cloud storage buckets, highlighting cloud resources as an increasingly easy target for digital thieves and a dangerous weak point for organizations.
“Unless organizations take action to properly secure their cloud resources, such as following the advice provided by Amazon for securing S3 buckets, they are leaving themselves open to attack,” the report said.