Did you know:
Microsoft allows admins to “simulate attacks” to test your defences and how likely your employees are to click on phishing links without actually putting your business at risk?
There are three cyber-attack types used as part of typical “kill chain”, since these are never used in isolation when attempting to penetrate and attack an organisation. These are inspired by the type of tests that Microsoft uses across its own services before they can be exploited.
Now Office 365 can be used to help you run realistic phishing attempts, such as spear phishing and password attacks, to identify vulnerable users within your organisation. Like real hacks and phishing attacks, you can make this look as realistic and as customised as you like. You can then see how successful your attack simulation was.
Here’s the three main core attacks you can run simulated attacks against – all of which form a vital part of the kill chain.
1. Spear Phishing (Credentials Harvest) Account Breach
A spear-phishing attack is a targeted attempt to acquire sensitive information, such as user names, passwords, and credit card information, by masquerading as a trusted entity. This attack will use a URL to attempt to obtain user names and passwords. We recommend you run this against high profile users – such as execs and managers.
2. Brute Force Password (Dictionary Attack) Account Breach
A brute-force attack dictionary is an automated, trial-and-error method of generating multiple passwords guesses from a dictionary file against a user’s password. This helps you test password robustness for admin or privileged accounts.
3. Password Spray Attack Account Breach
A password spray attack is an attempt to try commonly used passwords against a list of user accounts. This helps you test for common or weak passwords in use by users that can make your environment vulnerable.
Find out more
This is just one of the powerful services that Microsoft Provides as part of Office 365 Security and Compliance to help keep your users and data secure. To find out more about how Cisilion and Microsoft 365 can help you, sign up for one of our Innovation Centre Security Experiences.