如何攻击者可以针对网络钓鱼攻击

这是苏珊·布拉德利CSO在线。今天我要谈的一些信息和方法，你可以了解攻击者是如何来追你。而首先，我要告诉你关于开源智能框架。这是一个网站，那种云集的的方式信息种种，你可以了解人们如何获取信息，特别是关于他们如何获得有关电子邮件地址和用户名信息。和关键途径课程之一，他们这样做是经过社会化媒体。我敢肯定，每个人听，对LinkedIn的账户。想想所有的，你看到了有可能被使用，可能会有所收获的信息。然后，因此对如何获取有关用户的信息，甚至可能在电子邮件地址是组织中的信息。并牢记这些天与Office 365的电子邮件地址通常是用户名进入该组织。因此，有工具，如。 Linked int. Which is a tool that scrapes the information out of Lincoln. There's also scrapedin. Obviously that scrapes the information out using their API. And there's also in spy. Now all three of these obviously go against the terms of service of Linked In. But when do attackers read end of user license agreements and abide by such things. So think of how an attacker can use this information to go after you. First off they can figure out who's in a high position and possibly target that person. Or they can find out who's in an underlying position. Let's go after the secretary of the key muckety muck person. They can also harvest email addresses and as I said often times email addresses or the user name for an organization. So now that they have names and user names what else do they have. Well we can use a tool called Office 365 user enumeration. It scraped sound and validates user names from office three sixty five using active sync. The ability to get this information from active sync sync is not new. It's been around for quite a while and was quite often used in exchange server. Now they can use it online with Outlook Web application exchange Web services or link servers. Microsoft does not consider this to be a vulnerability. Obviously we need active Sync. And the system how it responds back and says whether or not an account does exist or does not exist. They do not consider to be a vulnerability. This attack also allows the attacker to understand or to know which users are using multi factor and which ones are not. So therefore they can target their phishing attacks against those accounts that do not have multi factor. So they'll know which ones are the weak links in your organization. You may want to consider evaluating your alerting to see if you can set up alerts such that if a user has failed bargains in a short timeframe that you're alerted of this that situation. Also be aware if you have a consultant that helps you in your office 365 implementation. Ensure that they are aware of the mandate that starting August 1st that they have to have multiple factor authentication setup. Needless to say Office 365 attacks are in the news. In fact there's even a presentation coming up at Black Hat talking about a attacks in the cloud such as account compromise, password spraying techniques and other topics we'll have to keep an eye out for that one. Password spraying techniques are so often used that even the U.S. CERT organization put out a recommendation about how you can take actions and get that against that. You want to make sure that you set up your password policies so that it's a much stronger password review and make sure that you're not allowing people to use easy to guess passwords that you're doing longer than eight characters that you're ensuring that their past phrases rather than passwords. And just reviewed the cert settings and make sure that you were following as best as you can their recommendations. As the white paper points out multi factor goes a long way to helping you out to keep you safe.
微软有一个四页谈论如何从密码喷雾攻击防守。

底线抽时间检查一下您的组织的时间，并确保你不是一个薄弱环节，你的用户是不是薄弱环节为好。然后抽出时间来看看在YouTube上的IDG技术讲座。