The best attackers start one step at a time, leveraging whatever little advantage they have at each phase. Once combined, the final impact can be staggering. And this latest in my Anatomy of an Attack series demonstrates that premise quite well.
We are going to start with a phishing email that prompts the user to a resource in Office 365. The user will actually be taken to a malicious web page crafted to look like their company-branded Office 365 logon page. In the process, the user will be prompted for multi-factor-authentication on their phone either via an OTP or a push request. After the user responds, we grab the session token and can now access any resources they have access to in Office 365.
Having access to anything in their mailbox, SharePoint Online, OneDrive and beyond is bad enough, but we won’t stop at the cloud. You will watch us jump from a compromised account in the cloud to the victim’s internal network and datacenter. Posing as the employee we’ve compromised, we’ll spread an infected Word doc, move laterally and ultimately compromise systems on the company’s on-premise network.
This is going to be a fascinating and technical hacking session that reveals the very real-world threats in today’s hybrid environments.
While it may be the first time for many of you to have seen this MitM attack, the other individual techniques in this attack aren’t that interesting by themselves, but it’s the progressive combination of them that is particularly compelling and hence the point I made at the top. For instance, we’ll see how using Office macros in the right context makes a big difference in how likely the technique is to succeed.
Our sponsor is Varonis Systems and Ryan O’Boyle will briefly show how their unique data-centric approach allows them to detect suspicious behavior based on a very different take on the concept of “what’s normal”.
Please join us for this real training for free event.