Powered by MOMENTUM MEDIA
cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Powered by MOMENTUM MEDIA
Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Explore

SECTIONS

MORE

search button

Cyber attackers manipulating Google Forms: Sophos

Malicious cyber actors are exploiting the survey software to launch attacks against individuals and organisations, new research has revealed.

user iconReporter
Tue, 28 Sep 2021 Culture
Cyber attackers manipulating Google Forms: Sophos
expand image

According to an analysis from cyber security company Sophos, both entry-level scammers and advanced cyber criminals are abusing Google Forms to undermine user security.

Sophos researchers have identified seven ways in which the program is being exploited:

  1. Convincing potential victims to enter their credentials into a Google Form laid out to resemble a login page;
  2. Launching spam-based phishing campaigns that target Microsoft online accounts, including Office365;
  3. Stealing payment data through faked ‘secure’ e-commerce pages;
  4. Using potentially unwanted applications (PUAs) to target Windows users;
  5. Using malicious Android applications to capture data without having to code a back-end website;
  6. Using malicious Windows applications leveraging web requests to Google Forms pages to ‘push’ stolen data from computers to a Google spreadsheet; and
  7. Employing PowerShell scripts to scrape Windows profiling data from a computer and submit it to a Google Forms form automatically.

“The extent to which cyber attackers abuse Google Forms came to light while we were researching how malware abuses encryption to conceal its activities and communications,” Sean Gallagher, senior threat researcher at Sophos, said.

“Google Forms offer cyber attackers an attractive proposition: the forms are easy to implement and trusted by both organisations and consumers; the traffic to and from the service is secured with Transport Layer Security (TLS) encryption so it can’t be easily inspected by defenders; and the whole set up essentially provides a free attack infrastructure.

“Our analysis shows that while most abuse of Google Forms by cyber attackers remains firmly in the low-skill phishing and fraud spam space, there are increasing signs that adversaries are taking advantage of the platform for more sophisticated attacks.”

Gallagher warned that while Google frequently shuts down accounts associated with a mass abuse of applications, some activity could “stay under the radar”.

“Business defenders need to be alert to this threat and apply caution whenever they see links to Google Forms, or any other legitimate services trying to obtain credentials, and they should not inherently trust TLS traffic to ‘known good’ domains such as docs.google.com,” he said.

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.
CD Logo

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

STAY CONNECTED

Be the first to hear the latest developments in the cyber industry.

Copyright © 2007-2024 MOMENTUMMEDIA
Copyright & DisclaimersPrivacy PolicyTerms & Conditions
momentummedia media
most innovative companies awards

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

CATEGORIES

STAY CONNECTED

Copyright © 2024 MOMENTUMMEDIA