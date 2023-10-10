Air Europa is exposed to a new fine. Today’s cyberattack is but the latest example of how large companies still do not apply required security standards. The airline has asked its customers to cancel their credit cards because some may have been compromised. According to the email sent to some clients, not only have the names and numbers been leaked, also the safety CVV.

How is it possible that data as sensitive as this has been obtained by cyber attackers? Experts such as Luis Corrons, Security Evangelist at Avast, point out that the ‘formjacking’ technique has been applied. We tell you what it is and why Air Europa could have avoided a situation like the one it is now experiencing.

En qué consiste el ‘formjacking’

It is a technique that mainly affects e-commerce pages and aims to obtain credit card data. What they do is infiltrate the company’s systems or website and add malicious code without it being detected. A type of ‘Man-in-the-middle’ attack, as it is popularly known.

That is, an attacker gains access to the website through a vulnerability and adds a malicious script next to the payment gateway. With this code, When a user adds their data they are also sending it to an external server where attackers receive information that was secure a priori.

Image: Feroot

They are usually based on JavaScript and in vulnerabilities of some browsers. When a company does not have the latest security patches installed, it is susceptible to its systems being attacked. Once inside, what they do with this malicious code is that when the user enters their credit card details, they are also being sent in parallel to another server controlled by the cyber attackers.

Air Europa seems to follow in the footsteps of British Airways, the airline that in 2018 suffered a similar cyberattack using this technique, compromising the data of 380,000 operations and was fined 213 million euros.

In that case, the potential risk of ‘formjacking’ was confirmed. It was discovered by Lancaster University that It only took about 20 lines of code and that the operation of obtaining credit card data was carried out in milliseconds, which helped the cyberattack go unnoticed by the airline.

Who is affected

According to a Symantec report with data from 2019, more than 4,800 websites per month are affected by this type of attack. Another known case was that of Ticketmaster in 2018.

The majority of companies affected are those that opt ​​for their own platform or e-commerce with extensions, such as WordPress or Magento, but where the mistake of not having it updated with the latest security patches.

Here it is the full responsibility of the company’s cybersecurity team to ensure that all security protocols are met and the website code has been well analyzed. Just as the outgoing traffic of the site must be monitored to detect strange data that is being transferred where it does not belong.

Although most ecommerce sites keep the CVV data in a separate database, the ‘formjacking’ technique allows this data to be stolen if the user adds it from an internal page.

Some attackers, such as the Magecart group, even purchased paid SSL certificates from Comodo to make the websites look like legitimate servers and HTTPS certifications would continue to be passed.

On the company’s part, there are tools to detect these attacks such as Feroot, which analyze third-party scripts and when data is being sent to other servers.

What can we do to prevent it

It is difficult to protect yourself 100% from these attacks. But that is why there are large companies that offer solutions to the rest. Are the payment gateways of major banksfrom platforms such as Paypal or systems such as Google Pay, among others.

With these systems, banking information is not shared with the e-commerce website, so at least in this way it is protected. For there to be a problem, these payment systems would have to be the ones directly affected and of course, companies like Paypal or Google have many more resources to avoid them.

As users, we must always pay attention when paying. No company, no matter how protected it is, can perfectly assure us that its systems are secure. As users we have to pay attention to what type of website we are looking at when inserting the data and try not to give them on screens that are far from the safe platforms that we know.

It is recommended to check our credit card regularly and monitor if a strange payment has been made. In that case, you must contact the banking entity that has the obligation to refund the payment if we were not the ones who did it.

In addition to virtual cards, in recent years banks such as BBVA have begun to offer credit cards with a dynamic CVV which changes every several minutes. An additional measure that we can ask our bank if is available and would help avoid security compromises such as the one that occurred with Air Europa.

Image | Shamin Haky

