close
magnifying glass
Get Started
magnifying glass
Support
chevron
Support Language
close
  • Why Netskope chevron

    Changing the way networking and security work together.

  • Our Customers chevron

    Netskope serves more than 3,400 customers worldwide including more than 30 of the Fortune 100

  • Our Partners chevron

    We partner with security leaders to help you secure your journey to the cloud.

A Leader in SSE. Now a Leader in Single-Vendor SASE.

Learn why Netskope debuted as a leader in the 2024 Gartner® Magic Quadrant™️ for Single-Vendor Secure Access Service Edge

Get the report
Customer Visionary Spotlights

Read how innovative customers are successfully navigating today’s changing networking & security landscape through the Netskope One platform.

Get the eBook
Customer Visionary Spotlights
Netskope’s partner-centric go-to-market strategy enables our partners to maximize their growth and profitability while transforming enterprise security.

Learn about Netskope Partners
Group of diverse young professionals smiling
Your Network of Tomorrow

Plan your path toward a faster, more secure, and more resilient network designed for the applications and users that you support.

Get the white paper
Your Network of Tomorrow
Netskope Cloud Exchange

The Netskope Cloud Exchange (CE) provides customers with powerful integration tools to leverage investments across their security posture.

Learn about Cloud Exchange
Aerial view of a city
  • Security Service Edge chevron

    Protect against advanced and cloud-enabled threats and safeguard data across all vectors.

  • SD-WAN chevron

    Confidently provide secure, high-performance access to every remote user, device, site, and cloud.

  • Secure Access Service Edge chevron

    Netskope One SASE provides a cloud-native, fully-converged and single-vendor SASE solution.

The platform of the future is Netskope

Security Service Edge (SSE), Cloud Access Security Broker (CASB), Cloud Firewall, Next Generation Secure Web Gateway (SWG), and Private Access for ZTNA built natively into a single solution to help every business on its journey to Secure Access Service Edge (SASE) architecture.

Go to Products Overview
Netskope video
Next Gen SASE Branch is hybrid — connected, secured, and automated

Netskope Next Gen SASE Branch converges Context-Aware SASE Fabric, Zero-Trust Hybrid Security, and SkopeAI-powered Cloud Orchestrator into a unified cloud offering, ushering in a fully modernized branch experience for the borderless enterprise.

Learn about Next Gen SASE Branch
People at the open space office
SASE Architecture For Dummies

Get your complimentary copy of the only guide to SASE design you’ll ever need.

Get the eBook
SASE Architecture For Dummies eBook
Go to Solutions Overview
Go to Solutions Overview
Go to Solutions Overview
Make the move to market-leading cloud security services with minimal latency and high reliability.

Learn about NewEdge
Lighted highway through mountainside switchbacks
Safely enable the use of generative AI applications with application access control, real-time user coaching, and best-in-class data protection.

Learn how we secure generative AI use
Safely Enable ChatGPT and Generative AI
Zero trust solutions for SSE and SASE deployments

Learn about Zero Trust
Boat driving through open sea
Netskope achieves FedRAMP High Authorization

Choose Netskope GovCloud to accelerate your agency’s transformation.

Learn about Netskope GovCloud
Netskope GovCloud
  • Resources chevron

    Learn more about how Netskope can help you secure your journey to the cloud.

  • Blog chevron

    Learn how Netskope enables security and networking transformation through secure access service edge (SASE)

  • Events and Workshops chevron

    Stay ahead of the latest security trends and connect with your peers.

  • Security Defined chevron

    Everything you need to know in our cybersecurity encyclopedia.

Security Visionaries Podcast

Navigating Data Sovereignty
Max Havey chats with Michael Dickerson, CEO of TSC Global and founder of Dickerson Digital, about the critical topic of data sovereignty.

Play the podcast Browse all podcasts
Latest Blogs

Read how Netskope can enable the Zero Trust and SASE journey through secure access service edge (SASE) capabilities.

Read the blog
Sunrise and cloudy sky
SASE Week 2024 On-Demand

Learn how to navigate the latest advancements in SASE and zero trust and explore how these frameworks are adapting to address cybersecurity and infrastructure challenges

Explore sessions
SASE Week 2024
What is SASE?

Learn about the future convergence of networking and security tools in today’s cloud dominant business model.

Learn about SASE
  • Company chevron

    We help you stay ahead of cloud, data, and network security challenges.

  • Careers chevron

    Join Netskope's 3,000+ amazing team members building the industry’s leading cloud-native security platform.

  • Customer Solutions chevron

    We are here for you and with you every step of the way, ensuring your success with Netskope.

  • Training and Accreditations chevron

    Netskope training will help you become a cloud security expert.

Go to Customer Solutions
Netskope Training
Supporting sustainability through data security

Netskope is proud to participate in Vision 2045: an initiative aimed to raise awareness on private industry’s role in sustainability.

Find out more
Supporting Sustainability Through Data Security
Help shape the future of cloud security

At Netskope, founders and leaders work shoulder-to-shoulder with their colleagues, even the most renowned experts check their egos at the door, and the best ideas win.

Join the team
Careers at Netskope
Netskope dedicated service and support professionals will ensure you successful deploy and experience the full value of our platform.

Go to Customer Solutions
Netskope Professional Services
Secure your digital transformation journey and make the most of your cloud, web, and private applications with Netskope training.

Learn about Training and Certifications
Group of young professionals working

Could formjacking affect your organization?

Mar 12 2019
By Paolo Passeri
Tags
ecommerce
formjacking
formjacking attack
IaaS
javascript
Magecart group
security governance


Threat actors are always one step ahead, so after ransomware and cryptojacking, they have latched to a new, high-return attack: formjacking.

Incidents of formjacking attacks – where hackers inject malicious JavaScript code into a website to skim data – rose steadily in the second half of last year. These small lines of code are very hard to detect but very effective. While formjacking can scrape data from any element of web browsing, it’s mostly targeted at ecommerce sites. One researcher, Willem de Groot, estimates that at least 50 e-merchants a day were being hacked between November and February.  

Formjacking tools, like those used by the hacker collective, the Magecart group, are exceptionally flexible and can compromise hundreds of thousands of websites, often via extensions, making it a very profitable attack method for criminals.

What’s more, the Magecart group exploits new vulnerabilities very quickly. Worryingly, it seems that when organisations discover new vulnerabilities in their ecommerce software, they also find that these have already been exploited.

Many CISOs at large enterprises may be wondering, “What has this got to do with me?” In today’s cloud-based world, where one interaction can affect thousands of others, that attitude conjures up imagery of an ostrich with its head in the sand.

It’s true that formjacking is currently focused on e-commerce and the theft of credit card details, but as we’ve seen, the targets of cyber-attacks are continually evolving. It’s worth remembering that formjacking can target any type of data entered into a form, via the web, including log-in information and employee details.

At the same time, nearly nine in ten organisations are currently undertaking at least one cloud-based digital transformation project (IDC). As these enterprises progress their digital transformation strategies, they are increasingly developing apps via infrastructure-as-a-service (IaaS). This makes them vulnerable to formjacking attacks, which can prey on any type of web-based data collection. To me this isn’t just a red-flag, it’s another point of evidence to convince board-room colleagues that it’s time to embark upon a security transformation programme.  

It’s clear that forward-thinking CISOs need to have formjacking on their radar. Here are three simple steps you can take to help protect your organisation from these attacks:

  • As a first step I recommend reviewing and strengthening your security governance process; so, it’s both proactive and reactive. Consistency is key here. It’s important you follow the same security procedures and guidelines for all plug-in modules and extensions ensuring strong levels of security are embedded in the development process for all web applications.  As well as keeping abreast of security bulletins and patches accordingly, it’s important to perform your own regular vulnerability assessments. It can be useful to pilot any new software updates in small test environments because this helps highlight unusual behaviour in the script.
  • It’s important that businesses developing apps via cloud-based infrastructure ensure that they rethink their legacy security solutions.  Traditional security approaches do not cover the myriad attack surfaces of a cloud-enabled enterprise.  One approach is to consider a Cloud Access Security Broker (CASB). Businesses are increasingly turning to CASB to address cloud service risks, providing visibility, compliance, granular access control, threat protection, data leakage prevention, and encryption, even when cloud services are beyond their perimeter and out of their direct control.
  • With current formjacking attacks, merchants are often blissfully unaware of the vulnerabilities in their installed extension base. They may have fantastic security governance and have patched everything while following all security guidance. However, if they haven’t been told by their vendor that there are newly discovered vulnerabilities, they may still be running vulnerable component and therefore be unprotected. This underlines the importance of your supplier relationship – something that is as salient to enterprise CISOs as it is to ecommerce merchants. It’s not enough to investigate the credibility of a supplier before using their software. You’re entering into a long-term working partnership with them and therefore, it’s vital to invest time making this a strong relationship based on mutual trust, where you can be open about potential vulnerabilities and work to address them together.

For more information on how to protect your business against formjacking, visit our solutions page

< Platform, Products, & Services
Next Story >
< Back
Next >
author image
Paolo Passeri
Paolo supports Netskope’s customers in protecting their journey to the cloud and is a security professional, with 20+ years experience in the infosec industry.
Paolo supports Netskope’s customers in protecting their journey to the cloud and is a security professional, with 20+ years experience in the infosec industry.
Read More
More Articles by Paolo Passeri
Read full Bio
More articles

Related Articles

card shape
Platform, Products, & Services

Unlock Seamless Log Shipping via Integration with Microsoft Sentinel

By Melody Nouri
chevron Read the blog
card shape
Platform, Products, & Services

10 Insights from 10 Years of Okta Businesses at Work

By Tom Clare
chevron Read the blog
card shape
Platform, Products, & Services

Enabling Proactive IT: How AI is Transforming Network Visibility

By Francisca Segovia
chevron Read the blog
Show More

Stay informed!

Subscribe for the latest from the Netskope Blog