開始使用攻擊模擬訓練Get started using Attack simulation training

重要

改良的 Microsoft 365 安全性中心現在可供公開預覽。The improved Microsoft 365 security center is now available in public preview. 這個新的體驗將適用於端點的 Defender、適用於 Office 365 的 Defender、Microsoft 365 Defender 和更多功能帶到 Microsoft 365 安全性中心裡面。This new experience brings Defender for Endpoint, Defender for Office, 365 Microsoft 365 Defender, and more into the Microsoft 365 security center. 了解新功能Learn what's new. 本主題僅適合適用於 Office 365 的 Microsoft Defender 和 Microsoft 365 Defender。This topic might apply to both Microsoft Defender for Office 365 and Microsoft 365 Defender. 請參閱 [適用於] 區段,並且尋找此文章中可能有所不同的特定圖說文字。Refer to the Applies To section and look for specific call outs in this article where there might be differences.

如果您的組織有 Microsoft 365 E5 或 Microsoft Defender for Office 365 Plan 2 (包括 威脅調查和回應功能),您可以使用 Microsoft Security Center 中的「攻擊模擬訓練」,在您的組織中執行現實的攻擊案例。If your organization has Microsoft 365 E5 or Microsoft Defender for Office 365 Plan 2, which includes Threat Investigation and Response capabilities, you can use Attack simulation training in the Microsoft Security Center to run realistic attack scenarios in your organization. 這些模擬的攻擊可協助您找出並找出有漏洞的使用者,而真實的攻擊會影響您的下一行。These simulated attacks can help you identify and find vulnerable users before a real attack impacts your bottom line. 若要深入瞭解,請閱讀本文。Read this article to learn more.

注意

攻擊模擬訓練會取代 Microsoft Defender For Office 365 中所述的舊攻擊模擬器 v1 體驗。Attack simulation training replaces the old Attack Simulator v1 experience that's described in Attack Simulator in Microsoft Defender for Office 365.

開始之前有哪些須知?What do you need to know before you begin?

  • 若要開啟 Microsoft 安全中心,請移至 https://security.microsoft.com/To open the Microsoft Security Center, go to https://security.microsoft.com/. 攻擊模擬訓練可在 電子郵件和協同 作業的 > 攻擊模擬訓練 中取得。Attack simulation training is available at Email and collaboration > Attack simulation training. 若要直接進入攻擊模擬訓練,請開啟 https://security.microsoft.com/attacksimulatorTo go directly to Attack simulation training, open https://security.microsoft.com/attacksimulator.

  • 如需不同 Microsoft 365 訂閱中的攻擊模擬訓練可用性的相關資訊,請參閱 Microsoft Defender For Office 365 service descriptionFor more information about the availability of Attack simulation training across different Microsoft 365 subscriptions, see Microsoft Defender for Office 365 service description.

  • 您必須在安全性 & 合規性中心或 Azure Active Directory 中指派許可權,才能執行本文中的程式。You need to be assigned permissions in the Security & Compliance Center or in Azure Active Directory before you can do the procedures in this article. 具體說來,您必須是 組織管理安全性管理員 或下列其中一個角色的成員:Specifically, you need to be a member of Organization Management, Security Administrator, or one of the following roles:

    • 攻擊模擬器管理員:建立及管理攻擊類比活動的所有層面。Attack Simulator Administrators: Create and managed all aspects of attack simulation campaigns.
    • 攻擊模擬器的「負載作者」:建立系統管理員可以稍後再啟動的攻擊負載。Attack Simulator Payload Authors: Create attack payloads that an admin can initiate later.

    如需詳細資訊,請參閱 安全性 & 規範中心的許可權有關系統管理員角色For more information, see Permissions in the Security & Compliance Center or About admin roles.

  • 攻擊模擬訓練沒有對應的 PowerShell Cmdlet。There are no corresponding PowerShell cmdlets for Attack simulation training.

  • 攻擊類比和訓練相關的資料會與其他 Microsoft 365 服務的客戶資料一起儲存。Attack simulation and training related data is stored with other customer data for Microsoft 365 services. 如需詳細資訊,請參閱 Microsoft 365 資料位置For more information see Microsoft 365 data locations. 目前無法使用下列地區的攻擊模擬: SGP、UAE、ZAF、GER、BRA 及 CHE。Attack simulation is currently not available in the following regions: SGP, NOR, UAE, ZAF, GER, BRA, and CHE.

類比Simulations

網路釣魚 是一種常見的電子郵件攻擊術語,可嘗試竊取看似來自合法或信任寄件者的郵件中的機密資訊。Phishing is a generic term for email attacks that try to steal sensitive information in messages that appear to be from legitimate or trusted senders. 網路釣魚 是指我們歸類為 社交工程 的技術子集的一部分。Phishing is a part of a subset of techniques we classify as social engineering.

在攻擊模擬訓練中,有多種類型的社交工程技術可供使用:In Attack simulation training, multiple types of social engineering techniques are available:

  • 認證收集:攻擊者會傳送包含 URL 的郵件給收件者。Credential harvest: An attacker sends the recipient a message that contains a URL. 當收件者按一下 URL 時,會進入網站,其中通常會顯示對話方塊,詢問使用者輸入使用者的使用者名稱和密碼。When the recipient clicks on the URL, they're taken to a website that typically shows a dialog box that asks the user for their username and password. 通常,目的頁面會有主題代表已知的網站,以便在使用者中建立信任。Typically, the destination page is themed to represent a well-known website in order to build trust in the user.

  • 惡意程式碼附件:攻擊者會傳送包含附件的郵件給收件者。Malware attachment: An attacker sends the recipient a message that contains an attachment. 當收件者開啟附件時,會 (任何程式碼,例如,在使用者的裝置上執行宏) ,以協助攻擊者安裝其他程式碼或進一步 entrench 自己。When the recipient opens the attachment, arbitrary code (for example, a macro) is run on the user's device to help the attacker install additional code or further entrench themselves.

  • 附件中的連結:這是認證搜集的混合。Link in attachment: This is a hybrid of a credential harvest. 攻擊者會傳送包含附件內之 URL 的郵件給收件者。An attacker sends the recipient a message that contains a URL inside of an attachment. 當收件者開啟附件並按一下 URL 時,他們會進入網站,其中通常會顯示對話方塊,詢問使用者輸入使用者的使用者名稱和密碼。When the recipient opens the attachment and clicks on the URL, they're taken to a website that typically shows a dialog box that asks the user for their username and password. 通常,目的頁面會有主題代表已知的網站,以便在使用者中建立信任。Typically, the destination page is themed to represent a well-known website in order to build trust in the user.

  • 惡意程式碼連結:攻擊者會傳送收件者一封郵件,其中包含已知檔案共用 (網站上附件的連結(例如,SharePoint 線上或 Dropbox) )。Link to malware: An attacker sends the recipient a message that contains a link to an attachment on a well-known file sharing site (for example, SharePoint Online or Dropbox). 當收件者按一下 URL 時,附件隨即開啟,並隨意執行程式碼 (例如,在使用者的裝置上執行宏) ,以協助攻擊者安裝其他程式碼或進行進一步的 entrench。When the recipient clicks on the URL, the attachment opens and arbitrary code (for example, a macro) is run on the user's device to help the attacker install additional code or further entrench themselves.

  • 磁片磁碟機-依 url:攻擊者會傳送包含 url 的郵件給收件者。Drive-by-url: An attacker sends the recipient a messages that contains a URL. 當收件者按一下 URL 時,會進入嘗試執行背景代碼的網站。When the recipient clicks on the URL, they're taken to a website that tries to run background code. 此背景程式碼會嘗試收集收件者的相關資訊,或在其裝置上部署任意程式碼。This background code attempts to gather information about the recipient or deploy arbitrary code on their device. 通常,目的地網站是眾所周知的網站,已遭到損害或眾所周知的網站複本。Typically, the destination website is a well-known website that has been compromised or a clone of a well-known website. 熟悉此網站可協助說服使用者可安全地按一下連結。Familiarity with the website helps convince the user that the link is safe to click. 此技術也稱為「 watering 洞」攻擊This technique is also known as a watering hole attack.

注意

在網路釣魚活動中使用 URL 之前,請先檢查支援的網頁瀏覽器中模擬之網路釣魚 URL 的可用性。Check the availability of the simulated phishing URL in your supported web browsers before you use the URL in a phishing campaign. 雖然我們與許多 URL 信譽廠商合作,以無條件允許這些類比 URLs,但我們並不一定會有完整的覆蓋範圍 (例如,Google Safe 流覽) 。While we work with many URL reputation vendors to always allow these simulation URLs, we don't always have full coverage (for example, Google Safe Browsing). 大部分廠商都會提供指引,讓您無條件允許特定 URLs (例如, https://support.google.com/chrome/a/answer/7532419) 。Most vendors provide guidance that allows you to always allow specific URLs (for example, https://support.google.com/chrome/a/answer/7532419).

下列清單說明攻擊模擬訓練所用的 URLs:The URLs that are used by Attack simulation training are described in the following list:

建立模擬Create a simulation

如需如何建立及傳送新模擬的逐步指示,請參閱 模擬網路釣魚攻擊For step by step instructions on how to create and send a new simulation, see Simulate a phishing attack.

建立有效載荷Create a payload

如需如何建立用於類比的負載的逐步指示,請參閱 建立攻擊模擬訓練的自訂負載For step by step instructions on how to create a payload for use within a simulation, see Create a custom payload for Attack simulation training.

取得洞察力Gaining insights

如需如何透過報告取得深入瞭解的逐步指示,請參閱 透過攻擊模擬訓練取得深入瞭解。For step by step instructions on how to gain insights with reporting, see Gain insights through Attack simulation training.