Attack Simulator for Office 365 Threat Intelligence

Attack Simulator, an Office 365 service that allows administrators to launch test security attacks against users and gauge their reactions, has been released.

The service supports three attack types: spear-phishing (convincing users to enter their password using an e-mailed link), password spray (where many user log-ons are tested with a default password), and brute force (where a few users are tested with a dictionary of passwords).

After launching the attacks, Attack Simulator reports which users would have likely had their passwords compromised in a real attack; organizations can work with these users to improve their security awareness.

While the service could help organizations avoid common security attacks, it could also alert unscrupulous administrators to types of attacks that would work against specific users. Password spray test results could also inadvertently expose which individuals have a specific password to the administrator.

Attack Simulator is a component of Office 365 Threat Intelligence, which is available stand-alone or as part of Office 365 Enterprise E5.