Today post will be about very useful feature in exchange online – Attack Simulation Training. This feature allows to simulate phishing attack on organizational mail accounts. Phishing is most popular type of attack today. Despite that fact very users still is clicking and providing credentials on that attack.
Prerequisites
To have full functionality of AST you have to have license Microsoft 365 E5 or Microsoft Defender for Office 365 Plan 2. Without that, ATS will be available in basic functionality.
Simulation tool is available under this address: https://security.microsoft.com/attacksimulator
Before we go to creating simulation, you have to ensure that you are in one of that groups.
- attack payload author – creating payloads
- attack simulator administrators – compaigns management
- security administrator
- global administrator
Simulation create
As I have basic version, I have to use only one technique. Below I will shortly describe each of that.
- Credential Harvest – malicious mail has link to website which after clicking is gathering credentials. After clicking user see login form.
- Malware Attachment – mail has attachment. When you open it, on computer is executed malicious macro or another code.
- Link in Attachment – this attack has mail with attachment where is link where authentication is required.
- Link to Malware – mail has link to attachment stored on cloud. After clicking attachment id downloaded and then some changes are performing on computer.
- drive-by URL – mail has malicious url address. When user click will be moved to web and overthere will be executed malicious code.
Select payload
Send simulation
Last step we can test our simulation by sending test email.