攻击者如何针对网络钓鱼攻击

这是CSO在线的Susan Bradley。今天，我将讨论一些您可以理解攻击者如何追随您的信息和方式。首先，我要告诉您有关开源智能框架的信息。这是一个网站，以您可以了解人们如何获取信息，尤其是有关他们如何获取有关电子邮件地址和用户名的信息的方式来收集各种信息。当然，他们这样做的关键方法之一就是通过社交媒体进行。我敢肯定，每个听力的人都有一个关于LinkedIn的帐户。并考虑一下您在那里看到的所有信息可能被使用并可能收获。因此，提供了有关如何在组织中获取有关用户甚至电子邮件地址的信息的信息。如今，请记住Office 365电子邮件地址通常是该组织的用户名。因此，有类似的工具。 Linked int. Which is a tool that scrapes the information out of Lincoln. There's also scrapedin. Obviously that scrapes the information out using their API. And there's also in spy. Now all three of these obviously go against the terms of service of Linked In. But when do attackers read end of user license agreements and abide by such things. So think of how an attacker can use this information to go after you. First off they can figure out who's in a high position and possibly target that person. Or they can find out who's in an underlying position. Let's go after the secretary of the key muckety muck person. They can also harvest email addresses and as I said often times email addresses or the user name for an organization. So now that they have names and user names what else do they have. Well we can use a tool called Office 365 user enumeration. It scraped sound and validates user names from office three sixty five using active sync. The ability to get this information from active sync sync is not new. It's been around for quite a while and was quite often used in exchange server. Now they can use it online with Outlook Web application exchange Web services or link servers. Microsoft does not consider this to be a vulnerability. Obviously we need active Sync. And the system how it responds back and says whether or not an account does exist or does not exist. They do not consider to be a vulnerability. This attack also allows the attacker to understand or to know which users are using multi factor and which ones are not. So therefore they can target their phishing attacks against those accounts that do not have multi factor. So they'll know which ones are the weak links in your organization. You may want to consider evaluating your alerting to see if you can set up alerts such that if a user has failed bargains in a short timeframe that you're alerted of this that situation. Also be aware if you have a consultant that helps you in your office 365 implementation. Ensure that they are aware of the mandate that starting August 1st that they have to have multiple factor authentication setup. Needless to say Office 365 attacks are in the news. In fact there's even a presentation coming up at Black Hat talking about a attacks in the cloud such as account compromise, password spraying techniques and other topics we'll have to keep an eye out for that one. Password spraying techniques are so often used that even the U.S. CERT organization put out a recommendation about how you can take actions and get that against that. You want to make sure that you set up your password policies so that it's a much stronger password review and make sure that you're not allowing people to use easy to guess passwords that you're doing longer than eight characters that you're ensuring that their past phrases rather than passwords. And just reviewed the cert settings and make sure that you were following as best as you can their recommendations. As the white paper points out multi factor goes a long way to helping you out to keep you safe.
微软有一个四页，讨论了防御密码喷雾攻击的方法。

底线花时间来审查您的组织，并确保您不是一个弱的链接，并且您的用户也不是弱链接。然后抽出时间在YouTube上查看IDG技术谈话。