Office 365 – A new attack simulator scenario is now available

As you may already know, about a year ago, Microsoft has introduced a security tool to Office 365 called Attack Simulator to help administrator and security teams to simulate attacks to their Office 365 tenant to find vulnerable accounts before a real attack occurs.

Well, the Office 365 Attack Simulator has been updated to include a new scenario: Attachment Attack.

This new scenario will help you evaluating and securing the security configuration of your organization against phishing and malicious attacks using attachment.

To get advantage of this feature, you must have an Advanced Threat Protection license (either ATP P2 or any subscription including the ATP plan.

To start using it, logon to your Security and Compliance portal (https://protection.office.com/) and reach the Threat Management\Attack Simulator blade

image_thumb

From there launch the new scenario called Spear Phishing (Attachment) Account Breach and follow the wizard to set the context of the attack simulation which mainly consists of setting up the targeted user(s), the (so called) phishing email details (from, attachment type [doc, docx or pdf)…)

image_thumb[1]  image_thumb[2]  image_thumb[3]

Once you have set the details, the attack simulation will run by sending the email to defined recipients

image_thumb[4]

NOTE keep in mind this attachment does not contain any malicious code; instead it display a detailed message explaining what happened. The file also contains a hidden image file which makes a call back to Microsoft’s servers to indicate that the user has opened the file

image_thumb[10]

You can than have the attack simulation result by accessing the attack details or the View Report link showing up; you will then be able to access the history (attack details) and results of the simulation

image_thumb[11]  image_thumb[6]  image_thumb[7]

Result of this attack simulation will then help you to reinforce communication and training to your end-users to report any suspicious email using the Report message add-in which is available on all Outlook client (desktop, OWA and even mobile)

image_thumb[8]  image_thumb[9]

Benoit Hamet
Benoit Hamet
Benoit is working on Microsoft collaborative technologies He has been awarded as MVP for more than 12 years Currently MVP on Office 365 after being awarded on SharePoint (2011-2012) and Windows client & server (2002-2007) Speaker at various Microsoft events (TechDays, TechNet seminars) and Quest Software He works on on-premises (Active Directory, RADIUS/NPS, Exchange, Skype for Business, SharePoint, SQL, Terminal Server, Windows client and Windows Server) or online (Azure, Intune, Office 365, Exchange Online, SharePoint Online, Skype for Business Online, Teams) technologies