Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan
Credits: BBC
Security giant Symantec found more than 4,800 websites were being hit by these “form-jacking” attacks every month.
High-profile victims of these attacks include airline BA and Ticketmaster.
Online crime groups had turned to the attacks as other more established techniques proved less and less lucrative, Symantec said.
‘Attack code’
“It’s a sign we’re in a world where security is tighter and tighter and it’s getting harder to carry out this type of activity,” said Orla Cox, director of Symantec’s security response unit.
Formerly profitable ventures involving ransomware and mining crypto-currencies now made gangs much less money, she said.
Instead, they were now inserting “attack code”, either when sites failed to update core software to close loopholes or via insecure third-party apps, such as chat apps, analytics packages or other extras.
“It’s a tiny line of code in there and that’s enough for attackers to monitor payment card info being entered and they siphon it off,” she said.
“Its often not obvious that the website has been compromised.
“To the naked eye everything would look fine.”
Make money
Last year, Symantec had stopped more than 3.7 million form-jacking attacks, said Ms Cox, adding that the figure was a measure of the technique’s sudden popularity.
“Cyber-criminals are continuing to find new ways to make money,” she said. “And when they do, they pile in.”
Ransomware was also still widely used, said Ms Cox, but better back-up practices by businesses and home users meant it was harder for criminals to secure a payday. And infections from ransomware had fallen by 20% over the past year.
“In a lot of cases people are not paying up because its got easier for them to get their data back as they often have it in the cloud somewhere,” she said.
www.extremehacking.org
Sadik Shaikh | Cyber Suraksha Abhiyan, Ethical Hacking Training Institute, CEHv10,CHFI,ECSAv10,CAST,ENSA, CCNA, CCNA SECURITY,MCITP,RHCE,CHECKPOINT, ASA FIREWALL,VMWARE,CLOUD,ANDROID,IPHONE,NETWORKING HARDWARE,TRAINING INSTITUTE IN PUNE, Certified Ethical Hacking,Center For Advanced Security Training in India, ceh v10 course in Pune-India, ceh certification in pune-India, ceh v10 training in Pune-India, Ethical Hacking Course in Pune-India