Attack Simulator at Office 365 - run attack simulation
Run attack simulator to address resistance around Multi-factor authentication
Resistance to rolling out MFA in your organization? Earlier, I gave specific tips on how to engage MFA or Security Defaults.
In this blog, I provide concrete advice to substantiate why it's better for an organization to choose MFA. The steps below will give you a clear overview of the risks you face if you don't use Multi-factor Authentication.
Report
It is often the role of the IT organization to always be able to facilitate and report the risks. Of course with actual figures, you obtain these via a test with the attack simulator.
It is an organizational responsibility to act on the organization's risks. Map and record the risks so that the trends can be analyzed, and the necessary actions implemented.
Attack simulator
Activate a demo license of Microsoft 365 E5 via admin.microsoft.com and activate it on your current user.
Do an attack simulation in which you want to ask everyone in your organization to bring their paycheck or personal information up to date.
Obviously, you want to measure how many users enter their username & password. Usually more than 30%!
OK. Let's go! Browse to the attack-simulator page https://protection.office.com/attacksimulator
Launch a campaign (with a payroll update, for example)
Choose individuals in your organization, best everyone.
Enter data that connects with your organization.
Use URLs similar to your payroll or payroll processing URLs.
Fill a topic that connects with the current updates you use as an organization.
Customize the HTML file with the goal that this email looks as good as possible so that it doesn't deter within your organization.
Do the attack via attack simulator.
Users will receive an email as below.
They fill out (hopefully not) their account details.
Through this URL you can monitor the test-attack.
Summary
Measurability of the attack simulation allows you to report numbers to indicate how important an MFA implementation is.
This is not the only way credential-breaches or usernames and passwords are abused. There are other possibilities as well.
Related blogs
Millions of users risk increased vulnerability to attacks
Make legacy authentication transparent with Azure Log Analytics
Secure Score for Microsoft Azure
Microsoft Teams security setups in 4 steps
The 10 security recommendations we need to set up now that we're working from home!