Sophos has published research, “Phishing and Malware Actors Abuse Google Forms for Credentials, Data Exfiltration,” describing how cyberattackers – from entry-level scammers to advanced adversaries – abuse Google Forms to implement a wide range of attacks, targeting both organizations and individuals.
“The extent to which cyberattackers abuse Google Forms came to light while we were researching how malware abuses encryption to conceal its activities and communications,” said Sean Gallagher, Senior threat researcher at Sophos. “Google Forms offer cyberattackers an attractive proposition: the forms are easy to implement and trusted by both organizations and consumers; the traffic to and from the service is secured with Transport Layer Security (TLS) encryption so it can’t be easily inspected by defenders, and the whole set up essentially provides a free attack infrastructure.
“Our analysis shows that while most abuse of Google Forms by cyberattackers remains firmly in the low-skill phishing and fraud spam space, there are increasing signs that adversaries are taking advantage of the platform for more sophisticated attacks. Sophos’ examples of this include attackers using Google Forms to exfiltrate data and for malware command-and-control.”
Below are the seven ways that Sophos researchers have identified cyberscammers and malware operators abusing Google Forms:
“Google frequently shuts down accounts associated with a mass abuse of applications, including Google Forms,” said Gallagher. “However, the kind of low-volume, targeted use of Forms by some malware could stay under the radar. Business defenders need to be alert to this threat and apply caution whenever they see links to Google Forms, or any other legitimate services trying to obtain credentials, and they should not inherently trust TLS traffic to ‘known good’ domains such as docs.google.com.”
Sophos products, including Intercept X for endpoints, defend against most malicious spam that carry forms-based phishing campaigns and detect the behaviors of system information collection discussed in the new research.
Sophos also advises consumers to install a security solution, such as Sophos Home, on the devices that they and their families use for online communications and gaming to protect everyone from malware and cyberthreats.
Molly is a versatile and detail-oriented writer with a background in journalism & PR. She is passionate about technology, science, arts, and culture. She delves into extensive research and writing. She is a Published Author
Stalled Subsidy Scheme Causes Tanzania its Sunflower Industry boost for 2024
#ConnectedSummit2023 To launch Free Public WiFi in a Major CSR in Kwale County
Ex-Jumia Execs launch Kapu e-Commerce
Meta Launches ‘Creators of Tomorrow’ Campaign Celebrating Talents Across SSA
Sophos Acquires Cloud Based Security Alert Automation, Amping Up Battle Against Cybercrime In Kenya
Is Your Personal Data Safe With Government Institutions?