The researchers at Sophos discovered cybercriminals’ affinity for Google Forms while researching how malware operators were evading detection by increasingly adopting encrypted communication protocols.
“Our analysis shows that while most abuse of Google Forms by cyberattackers remains firmly in the low-skill phishing and fraud spam space, there are increasing signs that adversaries are taking advantage of the platform for more sophisticated attacks,” shared Sean Gallagher, senior threat researcher at Sophos.
We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.
- Here’s our collection of the best survey tools
- Protect your devices with these best antivirus software
- These are the best malware removal software on the market
Gallagher adds that they have in fact spotted threat actors using Google Forms for everything from helping exfiltrate data to using it to host a malware command and control (C2) server.
Use and scoot
Sophos has identified seven malicious ways threat actors use Google Forms to conduct their spiteful activities.
In addition to its use to facilitate traditional phishing campaigns, entry-level scammers use the online survey administration software’s ready-made design templates to craft fake e-commerce pages to steal payment details.
“Google Forms offer cyberattackers an attractive proposition: the forms are easy to implement and trusted by both organizations and consumers; the traffic to and from the service is secured with Transport Layer Security (TLS) encryption so it can’t be easily inspected by defenders; and the whole set up essentially provides a free attack infrastructure,” reasons Gallagher.
The researchers add that it appears the attackers are conscious of Google’s policy of shuttering accounts that abuse its apps, including Google Forms, on a mass scale. The researchers observed that the low-volume, targeted use of the service helps the abuse fly under the radar, and evade detection.
- We’ve also compiled a list of the best ransomware protection tools