microsoft

You expect a phishing test… and then the real stuff kicks in… some quick tips to block evasion techniques

I see more and more phishing exercise fatigue kicking in at my customers…

But it’s more than ever required to be vigilant for new techniques that try to circumvent the typical URL blocking and the other protection layers you put in place.

You’re the best firewall.

What is going on?

You know, these companies that first announce a #phishing test…

which go unnoticed because they are caught by the 𝐬𝐩𝐚𝐦 𝐟𝐢𝐥𝐭𝐞𝐫…

And a few weeks later you get the 𝐫𝐞𝐚𝐥 𝐬𝐭𝐮𝐟𝐟 𝐢𝐧 𝐲𝐨𝐮𝐫 𝐢𝐧𝐛𝐨𝐱 from the same company.

With ridiculous worse quality than the actual test… but still its in the inbox ready to click (DON’T!).

You assume phase 2 of the phishing test…another round, right? (you think: “yeah, right, not me.”).

Because the new mail comes with ridiculous bad quality (⚠️1) than the actual test…

Nowadays you expect smart mails from these criminals…

But still it doesn’t feel OK …you start to realize that this might the real stuff…

Checking for some more phishing indicators (⚠️)

A mail with you in bcc…. (⚠️2)

Addressed to a very strange (New-Zealand) mail address (⚠️3)

with a PDF alike icon image embedded (⚠️4)

via a google drive link (⚠️5)….

SPOILER: I crippled the link mentioned in previous screenshot to avoid any accidents…

SPOILER 2: DO NOT, EVER CLICK these links…

Still, If you can’t control your curiosity, you might peek into the link via alternative methods (see later).

The display of unrelated content, with payment instructions (⚠️6), isn’t really what you would expect.

Because if you even dare to click the links you get another link (⚠️7)… and this time the browser malware detection (Smartscreen filtering) kicks in .. at last… so I’ll stop the curiosity here…

Why is this an issue?

The main issue here is: the phishing links are pointing to well-known (like Google drive, Microsoft OneDrive, Dropbox…) for hosting malware, which usually escape or bypass the malware URL detection…

Security tips

Rule nr 1: Don’t click links in unexpected mails

Curiosity kills the cat: Please withstand the urge to click the links to satisfy your curiosity….

If you don’t expect the mail, be very cautions, don’t click the links.

Control your curiosity: test the links in isolated mode

If you can’t control your curiosity, don’t ever click the links on your main computer.

But copy the link and open it

  • in a Windows sandbox
  • virtual machines or test machine… not your production machine
  • mobile device

Use Windows Sandbox

Since Windows 10 (Pro) you can use Windows Sandbox (free), that is a virtual, isolated environment. So you can test some interesting things without damaging your production host machine.

By stopping the Sandbox, the machine forgets all settings and returns to default state, pristine.

More info: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview

Run a quarantined client in virtual machine

Use Microsoft Hyper-V (free) or Oracle Virtual box (free) and install a client OS in the virtual machine.
Snapshot the machine before the test, perform the test, return to snapshot to avoid any left overs of malware.

Run the link on a mobile phone

Less secure, but better than running malware on your most important machine, is running the link on a browser on your mobile device. There is lower risk of infection and less impact than loosing your primary working machine, although… be aware, there is still a small risk of infection even for smartphones…

Additional security measures

To permit some stupidity and protect against accidents, please make sure

  • to implement all the latest OS security updates, patch on a continuous basis
  • have an anti-malware and anti-virus that is updated continuously
  • keep the default OS security features enabled including local system firewall and malware detection
  • consider a paid antivirus subscription, it’s worth the money and keep it up to date every hour
  • get a mail protection against malware, tracking, phishing and ransomware (like Windows defender for 365) have regular backups (1 online and 1 offline) and test the restores
  • use cookie/tracking/advertisement blockers
  • use a DNS blackhole system to protect your network from accessing suspicious URLs (including tracking and phishing websites, advertisements, C&C Command and control malware domains, …)

You’re the best firewall

Don’t get caught.

Don’t be curious.

Suspect everything you don’t expect.

Don’t click the links.

And if you’re curious, keep it safe and secure.

Note-to-self: #DPIA for cloud – reference material (focus on #Microsoft cloud)

In interesting set of reference material, that is regularly coming back in data protection, cybersecurity and information security discussions I lately had with peers and colleagues.
May you can use it too…

Feel free to provide some feedback yourself, if you know additional pointers I should add.

You know where to find me.

Change history

2022-04-27 14:00: Added EDPB announcement to references section

Governmental DPIAs

Netherlands

2018-12-06: DPIA on Microsoft Office 2016 & 365

https://iapp.org/news/a/dutch-government-commissioned-dpia-on-microsoft-office-pro-plus/

Direct download of PDF:

2022-02-22: DPIA on Microsoft Office 365

https://www.dataguidance.com/news/netherlands-dutch-government-publishes-dpia-microsoft

Press release by Dutch Government:

2022-02-21 https://www.rijksoverheid.nl/documenten/publicaties/2022/02/21/public-dpia-teams-onedrive-sharepoint-and-azure-ad

Publication of DPIA by Dutch Government

2022-02-21 : https://www.rijksoverheid.nl/documenten/publicaties/2022/02/21/public-dpia-teams-onedrive-sharepoint-and-azure-ad

Source: Beltug news https://www.beltug.be/news/7430/Dutch_government_publishes_DPIA_and_DTIA_for_Microsoft/

2022-02: The Dutch Ministry of Justice and Security requested an analysis of US legislation in relation to the GDPR and Schrems II by GreenburgTraurig.

Switzerland

In a recent article (In French) by ICT journal, the Canton of Zurich published a

https://www.ictjournal.ch/articles/2022-04-26/comment-le-canton-de-zurich-a-estime-le-risque-de-passer-sur-le-cloud-de

Research

Researchgate

Data Protection Impact Assessment (DPIA) for Cloud-Based Health Organizations

https://www.researchgate.net/publication/349882283_Data_Protection_Impact_Assessment_DPIA_for_Cloud-Based_Health_Organizations

Guidelines

CNIL

https://www.cnil.fr/en/tag/Privacy+Impact+Assessment+(PIA)

https://www.cnil.fr/en/guidelines-dpia

IAPP

https://iapp.org/news/a/guidance-for-a-cloud-migration-privacy-impact-assessment/

Templates

IAPP

https://iapp.org/resources/article/transfer-impact-assessment-templates/

Referring to:

IAPP Templates

Supplier references

Microsoft

Data Protection Impact Assessment for the GDPR

2021-11-17: https://docs.microsoft.com/en-us/compliance/regulatory/gdpr-data-protection-impact-assessments

Data Protection Impact Assessments: Guidance for Data Controllers Using Microsoft Professional Services

Part 1: Determining whether a DPIA is needed

https://docs.microsoft.com/en-us/compliance/regulatory/gdpr-dpia-prof-services?view=o365-worldwide#part-1–determining-whether-a-dpia-is-needed

Part 2: Contents of a DPIA

https://docs.microsoft.com/en-us/compliance/regulatory/gdpr-dpia-prof-services?view=o365-worldwide#part-2-contents-of-a-dpia

Download Customizable DPIA document

https://www.microsoft.com/en-us/download/details.aspx?id=102398

(more to come, this article will be updated with additional references when necessary)

Other relevant references

EDPB (European Data Protection Board)

Launch of coordinated enforcement on use of cloud by public sector

https://edpb.europa.eu/news/news/2022/launch-coordinated-enforcement-use-cloud-public-sector_en

This award is for you, because YOU are my most valuable professional who made this possible.

I’m honored and humbled that I’m part of the Microsoft Most Valuable Professional (MVP) community award for another year.


As explained on the program page “MVPs, are technology experts who passionately share their knowledge with the community.” It’s an award for your Microsoft community work of the past year… you can find more details on the MVP website mentioned earlier.

But building community is not a one-person activity, not a job, …

It’s a passion, it’s fun, sharing knowledge and best practices with many people over the world, all eager to build community.

And last year (or longer) has been very challenging to keep the community running without face-2-face events, shifting to online only. It was hard work. And the MVP award renewal cycle has been very special this year, taking into account the Corona conditions.

But nevertheless, I can’t keep up this work without support of you, my dearest colleagues, partners, technology experts, community fellows, my audience, …
I won’t list any specific person, because I would not do honor to all the rest… too many to list.

Therefor a big shout out of gratitude for your support.

Thank YOU for supporting me, making this possible.

I dedicate this award to you, to your support. This is your award.


In the world of security, cyber- and cloud security, sharing knowledge is one of the most important principles to win the battle against cybercrime. Learn from the mistakes others have made.

I’m doing my best to keep up the work and to meet the bar of excellence, to be an community lead, to build community and to share knowledge.

This award and your appreciation gives me the extra motivation to keep going and do better next year!

Thank you!




Note-to-self: #ZeroTrust #maturity model assessment by #Microsoft

Have you ever assessed the maturity of #cybersecurity implementation?

The #ZeroTrust #maturity model assessment by #Microsoft provides you with great insights, where to start or which part of your security needs improvement.

Easy to use, easy to understand, great results and great guidance.

You can find the assessment tool here:

https://www.microsoft.com/en-us/security/business/zero-trust/maturity-model-assessment-tool

And if you need more info, then bookmark this Zero Trust resources page: https://www.microsoft.com/security/blog/2021/05/24/resources-for-accelerating-your-zero-trust-journey

Microsoft resources for GDPR

The page below is a (growing) overview of resources for GDPR info and compliance by Microsoft. The page is updated with other sources I find on my quest for GDPR.

General Resources

Trust Center

Microsoft 365 Enterprise

Online

Assess your readiness for GDPR now

MS partner network

https://partner.microsoft.com/en-us/marketing/details/gdpr#/

Compliance manager

Learn more about Compliance Manager.  Read the Tech Community blog

Sign up for the Compliance Manager public preview program

Blogs

Videos

Tools

Downloads

updated: 2020-12-29

Azure Active Directory Sync is now GA! #FIM2010 #DirSync #AADSync

Source: http://blogs.technet.com/b/ad/archive/2014/09/16/azure-active-directory-sync-is-now-ga.aspx

New Azure Active Directory Synchronization Services (AAD Sync) has reached general availability.

Here are more details about this – and here is the related documentation.

If you just want to get started, just click here to download AAD Sync.

As discussed on the release blog post:

“AAD Sync capabilities in this release include the following;

  • Active Directory and Exchange multi-forest environments can be extended now to the cloud.
  • Control over which attributes are synchronized based on desired cloud services.
  • Selection of accounts to be synchronized through domains, OUs, etc.
  • Ability to set up the connection to AD with minimal Windows Server AD privileges.
  • Setup synchronization rules by mapping attributes and controlling how the values flow to the cloud.
  • Preview AAD Premium password change and reset to AD on-premises.”

SCM Baselines for Windows 8.1, IE 11 and Windows Server 2012 R2 are now live!

Source: TechNet Blogs » Microsoft Security Guidance » SCM Baselines for Windows 8.1, IE 11 and Server 2012 R2 are now live!

Today the SCM team has finally released the SCM baselines for Windows 8.1, IE 11 and Windows Server 2012 R2.

To get the updates you can open the SCM tool and select the “Download Microsoft baselines automatically” in the tool:

SCM release

Please carefully read the Release Notes for these baselines in the Attachments/Guides section as there are a couple of known issues that may affect capabilities that worked in the past, but are no longer working with SCM and other related tools.

Alternatively, you can download all the CAB files directly from the following links:

8.1 Baseline and 8.1 Attachments

IE 11 Baseline and IE 11 Attachments

Windows Server 2012 Baseline and Windows Server 2012 Attachments

Lastly, a HUGE thank you goes to the SCM team, Aaron Margosis and Rick Munck who have put huge efforts to release these baselines.

They have also produced the SCM materials, along with a more extensive set of GPO’s and security guide here for customers to use: http://blogs.msdn.com/b/aaron_margosis/archive/2014/08/15/security-baselines-for-windows-8-1-windows-server-2012-r2-and-internet-explorer-11-final.aspx.

See also:

  • SCM Baselines for Windows 8.1, IE 11 and Server 2012 R2 are now live!
  • What’s New in Recommended Security Baseline Settings for Windows 8.1, Windows Server 2012 R2, and Internet Explorer 11
  • Changes in the Security Guidance for Windows 8.1, Server 2012 R2 and IE11 since the beta
  • Security baselines for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11 – FINAL

First beta release of #AADSync

The pre-release program of Azure AD Sync on Connect has been updated with the first beta release of AADSync.

The beta release is available on Connect from this link:

https://connect.microsoft.com/site433/Downloads/DownloadDetails.aspx?DownloadID=53361

Make sure to read the updated installation guide and release notes available on TechNet:

http://go.microsoft.com/fwlink/?LinkID=393942

As requested by the PG, please continue to provide feedback through Connect. This allows MS to deliver a high-quality product which is solving your scenarios.

The new RMS is now RELEASED (#TheNewRMS)

Microsoft has just announced general availability of their massively updated Microsoft Rights Management offering

Perfect timing given recent Edward Snowden press. Saying that a lot has changed is an understatement: RMS can now protect any file type and it lets you access content on iOS, Android, Windows Phone 8 in addition to Windows 7/8. There is even have a free offer for individuals that lets you share protected content with others who don’t have RMS (for free). Finally, they have a simple way to deploy the server by using a lightweight ‘RMS Connector’ that has your on-premises Exchange and SharePoint workloads using Azure RMS offering (complete with its hardware security modules — Thales HSMs — for unprecedented cloud-based RMS key protection).

 

Here is the information they have put together. I’d recommend looking at the whitepaper for some good insight on data security all up.  

There is already quite some interesting stuff posted on the RMS website.

RMS for Business Decision Makers: http://technet.microsoft.com/en-us/dn308547

And plenty of stuff on RMS for IT Professionals at: http://technet.microsoft.com/en-us/dn175751, to start with understanding and evaluating RMS:

What are you waiting for?

Planning the agenda for TechDays.be 2012

Planning to go to Tech Days 2012?

Got a ticket! See you there!

Don’t got a ticket, to bad! It’s sold out!

 

Did you plan for your agenda the next 3 days?

Here’s my favorites list for tomorrow:

image

08:45 – 10:15

How to achieve a more agile and dynamic IT environment.
Speaker: Ward Ralston | Level : 200 | Room : 9 |

10:45 – 12:00

What’s in Windows Server 8 for the ITPro – a demo tour
Speaker: Corey Hynes | Level : 200 | Room : 9 |

12:15 – 13:00

Office 365: Busting the Myths
Speakers: Koen Van Tolhuyzen , Ilse Van Criekinge | Level : 300 | Room : 6 |

13:00 – 14:15

Take the Spaghetti out of Windows Azure – an insight for IT Pro Techies Part 1
Speaker: John Craddock | Level : 300 | Room : 9 |

14:30 – 15:45

Take the Spaghetti out of Windows Azure – an insight for IT Pro Techies Part 2
Speaker: John Craddock | Level : 300 | Room : 9 |

16:15 – 17:30

10 Deadly Sins of Administrators about Windows Security
Speaker: Paula Januszkiewicz | Level : 300 | Room : 9 |

17:45 – 19:00

Windows 8 Dynamic Access Control
Speaker: John Craddock | Level : 300 | Room : 5 |

Stronghold to Strengthen: Advanced Windows Server Hardening
Speaker: Paula Januszkiewicz | Level : 300 | Room : 9 |

 

Any suggestion for this last session?
John of Paula, or hope the sessions are recorded…?