Quicktake: What is crypto-jacking and form-jacking?

Cyber criminals use a bewildering array of techniques to con businesses and private users

A bearded man studying computer displays depicting global trends with figures, the screens being reflected in his glasses as well as behind him on a black glass wall. The subject matter on the screens pertains to ecology, economics and global trends.
Powered by automated translation

Internet users are becoming more aware of old scams such as ransomware and phishing. So cyber criminals are switching to innovative techniques - crypto-jacking and form-jacking - to extort money.

A report by US tech giant Microsoft says last year there was a 73 per cent decrease in ransomware attacks on organisations across the world.  These scams threaten to publish the victim's data or block access to systems unless a ransom is paid.

Technological advances are also proving facilitators to criminals as they shift their focus to new targets to better monetise their illegal activities.

The National explains the different fraudulent methods..

What is form-jacking?

In this rip-off, cyber criminals input malicious code into retail websites to steal debit card or credit card details of shoppers. When customers enter the payment information, the hackers can copy everything. More than 4,800 websites are compromised with form-jacking code every month, according to American software company Symantec, which blocked about 3.7 million such attacks last year.

One in 344 form-jacking incidents were blocked in the UAE, indicating a serious threat for both local businesses and consumers, said Gordon Love, vice president of Europe, Middle East and Africa at Symantec.

Which industries are more prone to form-jacking?

Cyber experts say it is usually small and medium-sized retailers, selling goods ranging from clothing to garden equipment, which have had form-jacking code infect their websites. This is a global problem with the potential to affect any business that accepts payments from customers online.

What is crypto-jacking?

Crypto-jacking is the unauthorised use of someone else's computer to mine cryptocurrency. The malware stays hidden in the victim's device for months, or even years. It can take over the entire computing resource, such as memory and electricity to mint virtual currencies such as Bitcoin.

Incidents of crypto-jacking tripled in 2018, according to a report by Internet Society in the US. It says these techniques are increasingly attractive to criminals as they represent a "direct path from infiltration to income and are difficult to detect".

How pervasive is crypto-jacking?

In 2018, Symantec blocked almost 69 million crypto-jacking attacks - more than four times as many as in 2017 (16 million).

Unlike threats such as ransomware or phishing, which immediately interrupt victims' devices, crypto-jacking could remain in the background for a long time before users detect what is happening. It can cause a slowdown in device performance, overheating of batteries and higher overhead costs due to increased use of electricity.

Will the era of 5G devices increase the chance of cyber attacks?

Industry experts say the growing popularity and usage of 5G equipment will increase the spectrum for attacks. US tech company Hewlett-Packard says that 70 per cent of Internet of Things devices - essential 5G network carriers - are vulnerable to hacking. As more fifth-generation IoT devices enter the market, they will connect directly to the network rather than via a Wi-Fi router, making the devices more vulnerable to direct attack.