Cyber-thieves set sights on hijacking payment data

British-Airways-cyber-attack-update-800x445.jpg

British Airways: Cyber-thieves set sights on hijacking payment data | Thousands of websites hit by cyber-thieves Last September, British Airways suffered a sophisticated data breach when hackers carried out a “malicious criminal attack” on its website, compromising its security systems. The airline promised compensation to it's customers, while confirming that financial details of customers making or changing bookings had been compromised. Approximately 380,000 transactions were been affected, but the stolen data did not include travel or passport details. British Airways cyber attack update This week, five months after the cyber attack, the BBC reported... Thousands of websites are being hit by cyber-thieves who implant code to scoop up payment card numbers, research suggests. Security giant Symantec found more than 4,800 websites were being hit by these “form-jacking” attacks every month. High-profile victims of these attacks include airline BA and Ticketmaster. Online crime groups had turned to the attacks as other more established techniques proved less and less lucrative, Symantec said.

‘Attack code’

“It’s a sign we’re in a world where security is tighter and tighter and it’s getting harder to carry out this type of activity,” said Orla Cox, director of Symantec’s security response unit. Formerly profitable ventures involving ransomware and mining crypto-currencies now made gangs much less money, she said. Instead, they were now inserting “attack code”, either when sites failed to update core software to close loopholes or via insecure third-party apps, such as chat apps, analytics packages or other extras. “It’s a tiny line of code in there and that’s enough for attackers to monitor payment card info being entered and they siphon it off,” she said.

Its often not obvious that the website has been compromised. ...To the naked eye everything would look fine.

Make money

Last year, Symantec had stopped more than 3.7 million form-jacking attacks, said Ms Cox, adding that the figure was a measure of the technique’s sudden popularity. “Cyber-criminals are continuing to find new ways to make money,” she said. “And when they do, they pile in.” Ransomware was also still widely used, said Ms Cox, but better back-up practices by businesses and home users meant it was harder for criminals to secure a payday. And infections from ransomware had fallen by 20% over the past year. “In a lot of cases people are not paying up because its got easier for them to get their data back as they often have it in the cloud somewhere,” she said. Sources and credits:BBC News