![]() Sophos has intercepted a number of spam-based phising campaigns that targeted Microsoft online accounts, including Office365. Malicious spam campaigns: One of the largest sources of Google Forms links in spam were “unsubscribe” links in scam-related marketing emails. These forms were often tied to malicious spam campaigns. Phishing: Despite the fact that Google warns users on every page of a form not to enter password details, Sophos found several examples where attackers tried to convince potential victims to enter their credentials into a Google Form laid out to resemble a login page. ![]() Sophos’ examples of this include attackers using Google Forms to exfiltrate data and for malware command-and-control.”īelow are the seven ways that Sophos researchers have identified cyberscammers and malware operators abusing Google Forms: “Our analysis shows that while most abuse of Google Forms by cyberattackers remains firmly in the low-skill phishing and fraud spam space, there are increasing signs that adversaries are taking advantage of the platform for more sophisticated attacks. “Google Forms offer cyberattackers an attractive proposition: the forms are easy to implement and trusted by both organizations and consumers the traffic to and from the service is secured with Transport Layer Security (TLS) encryption so it can’t be easily inspected by defenders and the whole set up essentially provides a free attack infrastructure. “The extent to which cyberattackers abuse Google Forms came to light while we were researching how malware abuses encryption to conceal its activities and communications,” said Sean Gallagher, senior threat researcher at Sophos. Sophos, a global leader in next-generation cybersecurity, has published research, “Phishing and Malware Actors Abuse Google Forms for Credentials, Data Exfiltration,” describing how cyberattackers – from entry-level scammers to advanced adversaries – abuse Google Forms to implement a wide range of attacks, targeting both organizations and individuals.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |