Connect with us

Tech

Sophos Uncovers Top 7 Ways Cyberscammers, Malware Operators Abuse Google Forms

Published

3 years ago

on

Sophos, a global leader in next-generation cybersecurity, has published research, “Phishing and Malware Actors Abuse Google Forms for Credentials, Data Exfiltration,” describing howcyberattackers – from entry-level scammers to advanced adversaries – abuse Google Forms to implement a wide range of attacks, targeting both organizations and individuals. 

“The extent to which cyberattackers abuse Google Forms came to light while we were researching how malware abuses encryption to conceal its activities and communications,” said Sean Gallagher, senior threat researcher at Sophos. “Google Forms offer cyberattackers an attractive proposition: the forms are easy to implement and trusted by both organizations and consumers; the traffic to and from the service is secured with Transport Layer Security (TLS) encryption so it can’t be easily inspected by defenders; and the whole set up essentially provides a free attack infrastructure.

 “Our analysis shows that while most abuse of Google Forms by cyberattackers remains firmly in the low-skill phishing and fraud spam space, there are increasing signs that adversaries are taking advantage of the platform for more sophisticated attacks. Sophos’ examples of this include attackers using Google Forms to exfiltrate data and for malware command-and-control.”

Below are the seven ways that Sophos researchers have identified cyberscammers and malware operators abusing Google Forms: 

1.       Phishing: Despite the fact that Google warns users on every page of a form not to enter password details, Sophos found several examples where attackers tried to convince potential victims to enter their credentials into a Google Form laid out to resemble a login page. These forms were often tied to malicious spam campaigns.

2.       Malicious spam campaigns: One of the largest sources of Google Forms links in spam were “unsubscribe” links in scam-related marketing emails. Sophos has intercepted a number of spam-based phising campaigns that targeted Microsoft online accounts, including Office365. The spam claimed that recipients’ email accounts were about to be shut down if they were not immediately verified, and offered a link to a Google Form that asked the user to enter their Microsoft credentials. These Google Forms pages were decorated with Microsoft graphics but, still, clearly a Google Form.

3.       Payment card data theft: Entry-level scammers use Google Forms’ ready-made design templates to attempt to steal payment data through faked “secure” e-commerce pages.

4.       Potentially Unwanted Applications (PUAs), such as adware: The researchers discovered a number of PUAs targeting Windows users. These apps use Google Forms pages surreptitiously, with the web requests collected and submitted to forms automatically without any need for user interaction.

5.       Fake user interfaces for malicious Android apps: Sophos found some malicious Android applications that made use of Google Forms to capture data without having to code a back-end website. Most of these were adware or PUAs. For instance, the researchers found “SnapTube,” a video app that generates revenue for the developer through web advertising fraud and which includes a Google Forms page for user feedback.

6.       Data removal: The researchers uncovered a number of more sophisticated threats abusing Google Forms. This included malicious Windows applications that used web requests to Google Forms pages to ‘push’ stolen data from computers to a Google spreadheet via Google Forms.

7.       Part of the wider malicious cyberattack infrastructure: Sophos telemetry has detected a number of PowerShell scripts interacting with Google Forms. We were able to prototype how PowerShell scripts could be used to scrape Windows profiling data from a computer and submit it to a Google Forms form automatically. 

“Google frequently shuts down accounts associated with a mass abuse of applications, including Google Forms,” said Gallagher. “However, the kind of low-volume, targeted use of Forms by some malware could stay under the radar. Business defenders need to be alert to this threat and apply caution whenever they see links to Google Forms, or any other legitimate services trying to obtain credentials, and they should not inherently trust TLS traffic to ‘known good’ domains such as docs.google.com.”

Sophos products, including Intercept X for endpoints, defend against most malicious spam that carry forms-based phishing campaigns and detect the behaviors of system information collection discussed in the new research. 

Sophos also advises consumers to install a security solution, such as Sophos Home, on the devices that they and their families use for online communications and gaming to protect everyone from malware and cyberthreats.

Related Topics:

Justice Okamgba is journalist at Grassroots.ng

Continue Reading

Tech

Google To Delete Billions Of Browser Records To Settle ‘Incognito’ Lawsuit

Published

2 weeks ago

on

April 2, 2024

By

CNN reported that Google will delete billions of data records as part of a settlement for a lawsuit that accused the tech giant of improperly tracking the web-browsing habits of users who thought they were browsing the internet privately.

The suit was originally filed in 2020 and accused Google of misrepresenting the kind of data it collects from users who browsed the internet via “Incognito” private browsing mode in Chrome. Google agreed to settle the suit late last year, but the terms of the settlement were first disclosed in a filing on Monday.

As part of the settlement, Google must delete “billions of data records” that reflect the private browsing activities of users in the class action suit, according to court documents filed Monday in San Francisco federal court.

Google will also update its disclosure to inform users about what data it collects each time a user initiates a private browsing session. Google has already started implementing these changes.

For the next five years, Google will also let private browsing users block third-party cookies as part of the settlement. Google also will no longer track people’s choices to browse the internet privately.

Continue Reading

Tech

NIN-SIM Linkage: NCC Directs Telecommunication Operators To Bar Non-Compliant Subscribers

Published

3 weeks ago

on

March 29, 2024

By

The Nigerian Communications Commission (NCC) has confirmed that it would not be reviewing its deadline to bar owners of more than four SIM cards whose SIM registration data failed to match their National Identity Number (NIN) data.

A source within the Commission explained that the Commission’s position was hinged on its objective to clean the country’s SIM ownership database, and ensure that criminals could not take advantage of having multiple unlinked SIMs to carry out their nefarious activities.

“We are not standing back on our decision. March 29th is sacrosanct. Our resolve is hinged on the need to close in on the chaos of untoward ownership of multiple SIM cards with unverified NIN details. We have instances where a single individual has over 10,000 lines linked to his NIN. In some cases, we have seen a single person with 1,000 lines, some 3,000 plus lines. What are they doing with these lines?

“From our interim findings, the owners of these lines did not purchase them for decent purposes or to undertake legitimate activities.

“We have given them enough time to make the decision of which of their lines they want to keep, and discard the others. They did not. All lines in this category with unverified NINs will be barred. They will be then expected to go to their operators and decide which of the lines they want to keep, as well as submit correct NIN details.

“Some people would say they want to use it for car trackers, or for IoTs, but provision has been made for these services already. They are not under the ‘Max-4 Rule.’

“Across the world, no country allows you to have 1,000 SIM cards to make calls or texts.”

The Max-4 Rule announced by the Federal Government in April 2021 provides that telecom subscribers cannot have more than four lines per mobile network operator.

The NCC has also provided Mobile Network Operators (MNOs) an extension till July 31st 2024 within which they are expected to verify all NINs submitted by subscribers with four (4) or less SIMs, as well as bar those whose NIN fail verification with NIMC.

An authoritative source within the Commission who is familiar with the matter stated that the Commission’s management arrived at the decision at a crucial meeting it held today to review requests from the major Mobile Network Operators requesting for extension for the verification of NINs submitted.

The source also stated that the Commission is mulling the idea to approve an online application solution for MNOs where their subscribers whose NIN verification failed due to biometric mismatch can update their records on the app, while existing subscribers can register additional lines.

Continue Reading

Business

Kingsley Adonu’s Journey: A Tale of Hard Work and Dedication in the Telecom Industry

Published

2 months ago

on

March 1, 2024

By

In the fast-paced world of telecommunications, success is often attributed to those who demonstrate exceptional dedication and hard work. Kingsley Adonu’s remarkable journey stands as a testament to these qualities, paving the way for him to become a valuable partner with MTN, a leading global telecommunications company.

Adonu’s story begins with a humble background, where he cultivated a strong work ethic from an early age. His relentless pursuit of excellence caught the attention of industry leaders, setting the stage for a career marked by determination and resilience.

One of the key factors that propelled Adonu to success was his unwavering commitment to learning and staying ahead of industry trends. He immersed himself in the dynamic world of telecommunications, acquiring the knowledge and skills needed to navigate the rapidly evolving landscape. Adonu’s continuous pursuit of knowledge not only enhanced his expertise but also positioned him as a visionary in the field.

As he climbed the career ladder, Adonu faced numerous challenges, but his tenacity and commitment to overcoming obstacles set him apart. His ability to adapt to changing market dynamics and capitalize on emerging opportunities made him a standout professional in the telecom sector.

Adonu’s pivotal moment came when he aligned his efforts with MTN, a global telecom giant known for innovation and cutting-edge technology. Recognizing Adonu’s track record of hard work and dedication, MTN saw a valuable partner in him. The partnership marked a significant milestone in Adonu’s career, opening doors to new possibilities and avenues for growth.

The success of Adonu’s collaboration with MTN can be attributed to his strategic vision and innovative thinking. As a partner, he played a crucial role in steering the company toward continued success, contributing to its expansion and influence in the telecommunications market.

Kingsley Adonu’s journey serves as an inspiration for aspiring professionals in the telecom industry. His story underscores the importance of hard work, dedication, and a passion for continuous improvement. Adonu’s ascent to becoming an MTN partner is a testament to the transformative power of perseverance and a relentless pursuit of excellence in the dynamic world of telecommunications.

Continue Reading

Trending