A Netskope foi nomeada Líder no Quadrante Mágico do Gartner™ de 2022 para Security Service Edge. Obtenha o Relatório

  • Produtos

    Os produtos Netskope são construídos na Netskope Security Cloud.

  • Plataforma

    Visibilidade incomparável e proteção de dados e contra ameaças em tempo real na maior nuvem privada de segurança do mundo.

Netskope é nomeada Líder no Relatório do Quadrante Mágico™ do Gartner de 2022 para SSE

Obtenha o Relatório Vá para a plataforma
Netskope gartner mq 2022 sse leader

A Netskope oferece uma pilha de segurança na nuvem moderna, com capacidade unificada para proteção de dados e ameaças, além de acesso privado seguro.

Explore a nossa plataforma
Birds eye view metropolitan city

Mude para serviços de segurança na nuvem líderes de mercado com latência mínima e alta confiabilidade.

Saiba mais
Lighted highway through mountainside switchbacks

Previna ameaças que muitas vezes contornam outras soluções de segurança usando uma estrutura SSE de passagem única.

Saiba mais
Lighting storm over metropolitan area

Soluções de zero trust para a implementação de SSE e SASE

Saiba mais
Boat driving through open sea

A Netskope permite uma jornada segura, inteligente e rápida para a adoção de serviços em nuvem, aplicações e infraestrutura de nuvem pública.

Saiba mais
Wind turbines along cliffside
  • Customer Success

    Proteja a sua jornada de transformação digital e aproveite ao máximo as suas aplicações na nuvem, na web e privadas.

  • Atendimento ao cliente

    Suporte proativo e o compromisso em otimizar seu ambiente da Netskope e acelerar seu sucesso.

  • Treinamento e certificação

    Os treinamentos da Netskope vão ajudar você a ser um especialista em segurança na nuvem.

Confie na Netskope para ajudar você a enfrentar ameaças emergentes, novos riscos, mudanças tecnológicas, mudanças organizacionais e de rede, e novos requisitos regulatórios.

Saiba mais
Woman smiling with glasses looking out window

Contamos com engenheiros qualificados no mundo todo, com experiências variadas em segurança na nuvem, redes, virtualização, entrega de conteúdo e desenvolvimento de software, prontos para prestar assistência técnica oportuna e de alta qualidade.

Saiba mais
Bearded man wearing headset working on computer

Proteja sua jornada de transformação digital e aproveite ao máximo seus aplicativos de nuvem, web e privados com o treinamento da Netskope.

Saiba mais
Group of young professionals working
  • Recursos

    Saiba mais sobre como a Netskope pode ajudá-lo a proteger sua jornada para a nuvem.

  • Blog

    Saiba como a Netskope viabiliza a segurança e a transformação de redes através do security service edge (SSE).

  • Eventos e workshops

    Esteja atualizado sobre as últimas tendências de segurança e conecte-se com seus pares.

  • Security Defined

    Tudo o que você precisa saber em nossa enciclopédia de segurança cibernética.

Podcast Security Visionaries

Episódio bônus: a importância do Security Service Edge (SSE)

Reproduzir o podcast
Black man sitting in conference meeting

Leia as últimas novidades sobre como a Netskope pode viabilizar a jornada Zero Trust e SASE por meio dos recursos do security service edge (SSE).

Leia o Blog
Sunrise and cloudy sky

SASE Week

Netskope is positioned to help you begin your journey and discover where Security, Networking, and Zero Trust fit in the SASE world.

Saiba mais
SASE Week

O que é o Security Service Edge?

Explore o lado de segurança de SASE, o futuro da rede e proteção na nuvem.

Saiba mais
Four-way roundabout
  • Empresa

    Ajudamos você a antecipar os desafios da nuvem, dos dados e da segurança da rede.

  • Por que Netskope

    A transformação da nuvem e o trabalho em qualquer lugar mudaram a forma como a segurança precisa funcionar.

  • Liderança

    Nossa equipe de liderança está fortemente comprometida em fazer tudo o que for preciso para tornar nossos clientes bem-sucedidos.

  • Parceiros

    Fazemos parceria com líderes de segurança para ajudá-lo a proteger sua jornada para a nuvem.

A Netskope possibilita o futuro do trabalho.

Saiba mais
Curvy road through wooded area

A Netskope está redefinindo a nuvem, os dados e a segurança da rede para ajudar as organizações a aplicar os princípios de Zero Trust para proteger os dados.

Saiba mais
Switchback road atop a cliffside

Pensadores, construtores, sonhadores, inovadores. Juntos, fornecemos soluções de segurança na nuvem de última geração para ajudar nossos clientes a proteger seus dados e seu pessoal.

Meet our team
Group of hikers scaling a snowy mountain

A estratégia de comercialização da Netskope, focada em Parcerias, permite que nossos Parceiros maximizem seu crescimento e lucratividade enquanto transformam a segurança corporativa.

Saiba mais
Group of diverse young professionals smiling
Blog Plataforma, Produtos, & Serviços Could formjacking affect your organization?
Mar 12 2019

Could formjacking affect your organization?


Threat actors are always one step ahead, so after ransomware and cryptojacking, they have latched to a new, high-return attack: formjacking.

Incidents of formjacking attacks – where hackers inject malicious JavaScript code into a website to skim data – rose steadily in the second half of last year. These small lines of code are very hard to detect but very effective. While formjacking can scrape data from any element of web browsing, it’s mostly targeted at ecommerce sites. One researcher, Willem de Groot, estimates that at least 50 e-merchants a day were being hacked between November and February.  

Formjacking tools, like those used by the hacker collective, the Magecart group, are exceptionally flexible and can compromise hundreds of thousands of websites, often via extensions, making it a very profitable attack method for criminals.

What’s more, the Magecart group exploits new vulnerabilities very quickly. Worryingly, it seems that when organisations discover new vulnerabilities in their ecommerce software, they also find that these have already been exploited.

Many CISOs at large enterprises may be wondering, “What has this got to do with me?” In today’s cloud-based world, where one interaction can affect thousands of others, that attitude conjures up imagery of an ostrich with its head in the sand.

It’s true that formjacking is currently focused on e-commerce and the theft of credit card details, but as we’ve seen, the targets of cyber-attacks are continually evolving. It’s worth remembering that formjacking can target any type of data entered into a form, via the web, including log-in information and employee details.

At the same time, nearly nine in ten organisations are currently undertaking at least one cloud-based digital transformation project (IDC). As these enterprises progress their digital transformation strategies, they are increasingly developing apps via infrastructure-as-a-service (IaaS). This makes them vulnerable to formjacking attacks, which can prey on any type of web-based data collection. To me this isn’t just a red-flag, it’s another point of evidence to convince board-room colleagues that it’s time to embark upon a security transformation programme.  

It’s clear that forward-thinking CISOs need to have formjacking on their radar. Here are three simple steps you can take to help protect your organisation from these attacks:

  • As a first step I recommend reviewing and strengthening your security governance process; so, it’s both proactive and reactive. Consistency is key here. It’s important you follow the same security procedures and guidelines for all plug-in modules and extensions ensuring strong levels of security are embedded in the development process for all web applications.  As well as keeping abreast of security bulletins and patches accordingly, it’s important to perform your own regular vulnerability assessments. It can be useful to pilot any new software updates in small test environments because this helps highlight unusual behaviour in the script.
  • It’s important that businesses developing apps via cloud-based infrastructure ensure that they rethink their legacy security solutions.  Traditional security approaches do not cover the myriad attack surfaces of a cloud-enabled enterprise.  One approach is to consider a Cloud Access Security Broker (CASB). Businesses are increasingly turning to CASB to address cloud service risks, providing visibility, compliance, granular access control, threat protection, data leakage prevention, and encryption, even when cloud services are beyond their perimeter and out of their direct control.
  • With current formjacking attacks, merchants are often blissfully unaware of the vulnerabilities in their installed extension base. They may have fantastic security governance and have patched everything while following all security guidance. However, if they haven’t been told by their vendor that there are newly discovered vulnerabilities, they may still be running vulnerable component and therefore be unprotected. This underlines the importance of your supplier relationship – something that is as salient to enterprise CISOs as it is to ecommerce merchants. It’s not enough to investigate the credibility of a supplier before using their software. You’re entering into a long-term working partnership with them and therefore, it’s vital to invest time making this a strong relationship based on mutual trust, where you can be open about potential vulnerabilities and work to address them together.

For more information on how to protect your business against formjacking, visit our solutions page

author image
About the author
Paolo supports Netskope’s customers in protecting their journey to the cloud and is a security professional, with 20+ years experience in the infosec industry. He is the mastermind behind hackmageddon.com, a blog detailing timelines and statistics of all the main cyber-attacks occurred since 2011. It is the primary source of data and trends of the threat landscape for the Infosec community.
Paolo supports Netskope’s customers in protecting their journey to the cloud and is a security professional, with 20+ years experience in the infosec industry. He is the mastermind behind hackmageddon.com, a blog detailing timelines and statistics of all the main cyber-attacks occurred since 2011. It is the primary source of…