Attack Simulation Training

For decades successful intrusions have occurred by tricking a user to either execute something or leak sensitive information like passwords or other secrets.
As our security solutions are improved and protection increases, we can clearly see how attacks in the form of social engineering like phishing (Email/IM), smishing (SMS), vishing  (Voice calls) increases.

Basically, if the attacker wants something that could be hard to get by attacking a system it is often easier to contact some internal user(s) either by email/IM or phone and let them do the work. Like getting someone from the inside to open the locked door to your environment.

If we look at how most ransomware attacks are performed, it is usually about tricking a user into clicking on a link or executing a code. This concerns both users in working life and in private, where we know that the consequences can be devastating.

So, what can we do to prevent this?

It’s mostly about education, training, and awareness! We need to continue educating our new and existing employees. Teach them how to identify anomalies in the message so they become more careful. They need to be able to validate the sender, the text and above all the reasonableness/probability of the message they receive.
This need to be done with a combination of training and practice.
This is where Microsoft Defender Attack Simulations comes in. Attack simulation training in the Microsoft 365 Defender can run realistic attack scenarios in your organization. These simulated attacks can help you identify and find vulnerable users to prevent a real attack.image

A simulated attack like this phishing attempt from DHL can either be based on a predefined template

Attack simulation also allows us to customized one in a local language, in this case from the local service desk.

AttackSimulationEmailCredTheft

We also get predefined trainings to choose from to educate the users.

AttackSimulation2

Note that this video is fast-forwarded and cropped to show the user experience.

Let’s take a look how this is done from the M365 Defender Portal

We find Attack simulation training on the Email & Collaboration chapter in the Security portal.
Here we can simulate attacks and follow up the result of current and previous simulations.

image

This solution is continuously updated to reflect several of the attacks we see in real life.

At the time of writing, we have the following techniques to choose from when simulating an attack.

image

For the moment we have 91 prepared payloads that we can choose from.

image

We also have the possibility to create our own payload. This can be helpful for simulating a scenario from our own organization as well in our own language.

We define what source the email should have; we can set whatever email address we like for the purpose of the simulation

image

We can either import an existing email or create one our self and attach a phishing link

image

Based on the simulated technique we got recommended trainings to choose from.

image

We can assign the training to either all users or only the one that got phished (clicked on the email or shared their credentials)

image

We can customize the existing default landing page, create our own or use a custom URL.

image

We can schedule the training and make it region aware to reflect real case scenarios.

image

Will my email protection solution block these emails?

No, these emails are placed directly in the user’s inbox and never passes the Exchange/Mail servers.

3 important steps to get started

  1. Plan your simulation well, make sure it sanctioned by the business and its management
  2. Combine the training with information campaigns and explain the “why” and background why this is important
  3. This is not a one-shot, the training must be recurring in order to maintain both the attention of our existing and new employees.
Detta inlägg publicerades i Microsoft Defender och märktes . Bokmärk permalänken.

Kommentera

Fyll i dina uppgifter nedan eller klicka på en ikon för att logga in:

WordPress.com-logga

Du kommenterar med ditt WordPress.com-konto. Logga ut /  Ändra )

Google-foto

Du kommenterar med ditt Google-konto. Logga ut /  Ändra )

Twitter-bild

Du kommenterar med ditt Twitter-konto. Logga ut /  Ändra )

Facebook-foto

Du kommenterar med ditt Facebook-konto. Logga ut /  Ändra )

Ansluter till %s