Cybersecurity (opens in new tab) researchers have identified over half a dozen ways in which cyber scammers and malware (opens in new tab) operators abuse Google Forms (opens in new tab), as part of a wide range of attacks.
The researchers at Sophos (opens in new tab) discovered cybercriminals’ affinity for Google Forms while researching how malware operators were evading detection by increasingly adopting encrypted communication protocols.
“Our analysis shows that while most abuse of Google Forms by cyberattackers remains firmly in the low-skill phishing (opens in new tab) and fraud spam space, there are increasing signs that adversaries are taking advantage of the platform for more sophisticated attacks,” shared Sean Gallagher, senior threat researcher at Sophos.
We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.
>> Click here to start the survey in a new window (opens in new tab) <<
- Here’s our collection of the best survey tools (opens in new tab)
- Protect your devices with these best antivirus software (opens in new tab)
- These are the best malware removal (opens in new tab) software on the market
Gallagher adds that they have in fact spotted threat actors using Google Forms for everything from helping exfiltrate data to using it to host a malware command and control (C2) server.
Use and scoot
Sophos has identified (opens in new tab) seven malicious ways threat actors use Google Forms to conduct their spiteful activities.
In addition to its use to facilitate traditional phishing campaigns, entry-level scammers use the online survey administration software’s ready-made design templates to craft fake e-commerce pages to steal payment details.
“Google Forms offer cyberattackers an attractive proposition: the forms are easy to implement and trusted by both organizations and consumers; the traffic to and from the service is secured with Transport Layer Security (TLS) encryption so it can’t be easily inspected by defenders; and the whole set up essentially provides a free attack infrastructure,” reasons Gallagher.
The researchers add that it appears the attackers are conscious of Google’s policy of shuttering accounts that abuse its apps, including Google Forms, on a mass scale. The researchers observed that the low-volume, targeted use of the service helps the abuse fly under the radar, and evade detection.
- We’ve also compiled a list of the best ransomware protection tools (opens in new tab)