The threat vector calculation in Overe involves analyzing the security settings within Microsoft 365 and assessing the potential risks posed by misconfigurations or vulnerabilities. We take into account various attack scenarios that could exploit these security gaps. Here are some of the main attacks we consider in the calculation:
Phishing: This attack aims to deceive users into disclosing their login credentials or sensitive information through fraudulent emails, social media, or other communication channels.
Business Email Compromise (BEC): In a BEC attack, the attacker gains unauthorized access to a company's email system to impersonate employees, conduct fraudulent transactions, or obtain sensitive information.
Account Takeover: This attack involves unauthorized access to a user's Microsoft 365 account, allowing the attacker to steal information or carry out malicious activities.
Malware: The objective of a malware attack is to trick users into downloading or clicking on malicious payloads, enabling the attacker to gain access to their devices and conduct harmful actions. This is a common vector for Ransomware
Spam: Spam emails are often used to distribute malware or deceive users into clicking on malicious links, leading to device infections or unauthorized data access.
Data Loss Prevention: This attack focuses on stealing sensitive data from a victim's Microsoft 365 account and transferring it to an external location beyond the organization's control. Attackers may use various techniques, such as copying files to cloud storage or sending data through email or other channels.
By evaluating the presence or absence of security settings related to these attack vectors, Overe calculates the potential threat level and provides recommendations to mitigate the risks and enhance security posture. It's important to note that the threat vector calculation is designed to help users understand their exposure to different types of attacks and prioritize actions to protect their Microsoft 365 environment, it does not guarantee protection.