Criminals will inject malicious code into a legitimate web page to steal a user's data. Typically this technique is used on check-out or payment forms on e-commerce sites.
This type of attack has been employed in the recent Ticketmaster and BA data breaches, but these are only a couple of examples of high profile incidents, it's very likely that there are a huge number of websites which may currently be at risk.
Formjacking can be difficult to detect for both user and vendor. Web pages will look and function the same to the user, and the information entered into a form is still sent through to the vendor. It's only in the background that the attacker is copying the data.
Training and Awareness - in some cases, formjacking requires a user to click on a malicious link or visit a malicious website which will prompt them to fill in sensitive data. It's important that you and your colleagues can recognise when attackers are employing this tactic. Make sure to check that the URLs of websites in the address bar are what they should be (e.g. look for misspellings, numbers instead of letters, irregular domain endings).
Ensure that your firewalls have been correctly configured, so that known suspicious websites are not accessible. If you are not responsible for this, ask your IT manager/provider to confirm this has been done.
Where a legitimate website is compromised, it can be very difficult to protect against. Formjacking can be a type of Supply Chain Attack, in that criminals can target companies through the web services that they use. This should serve as a reminder to always do your due diligence when deciding which online services you use, and how you use them. Think about what security measures they have in place e.g. are they Cyber Essentials certified? How would they notify/work with you in the event of a cyber incident?
FOR DEVELOPERS / IT ADMINS
Always integrate security into the development process. Scan internal codebases at different stages of the development cycle for anomalies.
Access Controls - ensure that only employees who need to have the ability to edit important source code can do so.
Strong Content Security Policies - control which domains are allowed to communicate with your website, and how. If done correctly, CSPs can prevent malicious code from sending compromised data to other servers.
Check CiSP! - the Cyber Security Information Sharing Partnership is regularly updated with example code and other Indicators of Compromise (IOCs) to help identify these types of threats.