Attack Simulator for Office 365

Attack Simulator for Office 365

Microsoft has released Attack Simulator (currently in Preview) to allow Office 365 Global Administrators to simulate phishing campaigns and other attack simulations.

Prerequisites

·       Your organization’s email is hosted in Exchange Online (Attack simulator is not available for on-premises email servers)

·       You have an E5 license or have signed up for an E5 trial license (here)

·       You have the security administrator role or Global Administrator role assigned to you

·       You have multi-factor authentication enabled (make sure to first read the MFA prerequisites here, such as enabling oAuth via Powershell)

Getting Started

To access Attack Simulator, in the Security & Compliance Center, choose Threat management > Attack simulator. If you don’t see it yet, you can browse to it directly here:

https://protection.office.com/#/attacksimulator

There are currently three attackers offered by Attack Simulator:

1.     Display name spear-phishing attack

2.     Brute Force password attack

3.     Password spray attack

Display name spear-phishing attack

One of the more common and successful phishing methods is to spoof the Display Name field in Outlook. This is very effective because the Sender Policy Framework (SPF)only protects the RFC 5321. Mail From field, and does not protect against spoofing of the Display Name. Only Domain-based Message Authentication, Reporting & Conformance (“DMARC” – RFC 7489) protects against the Display Name field (RFC 5322.From Field). However, since very few organizations have implemented DMARC, then this simulated phishing attack is very effective.

Carrying out the phishing simulation is a straight-forward wizard in the documentation found (here). Basically you enter the email address that you want to spoof and the targeted users that you want to send the fake email to. You can pick from a few pre-built templates, then you can do some customization of the email that would be sent out. After running the campaign, you can monitor to see which users clicked on the link, and which users went a step further and gave away their credentials.

Recent Articles

How to configure restriction for Users from creation of Office 365 groups, Plans & Microsoft teams.

Connect-AzureAD Create new Security Group "AllowedtoCreateGroups" Get-AzureADGroup -SearchString "AllowedtoCreateGroups" $GroupName = "<SecurityGroupName>" $AllowGroupCreation = "False" Connect-AzureAD $settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id if(!$settingsObjectID) { $template = Get-AzureADDirectorySettingTemplate | Where-object...

Attack Simulator for Office 365

Microsoft has released Attack Simulator (currently in Preview) to allow Office 365 Global Administrators to simulate phishing campaigns and other attack simulations. Prerequisites ·       Your organization’s email...

What is Advanced Threat Analytics?

Advanced Threat Analytics (ATA) is an on-premises platform that helps protect your enterprise from multiple types of advanced targeted cyber-attacks and insider threats. How ATA...

How to remove Office 365 Groups permanently ?

  Hi Guys, Here is process how to remove office 365 groups or soft deleted groups from your office 365 tenant. Step-1 you need to connect with Azure...

How to solve the issue of guest users access in Office 365 when you applied restriction on office 365 groups creation tenant wide?

Connect-AzureAD via powerShell Run the following command: $template = Get-AzureADDirectorySettingTemplate | ? {$_.displayname -eq "group.unified"} See if you already have an AzureADDirectorySetting object,...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Stay on op - Ge the daily news in your inbox