Today's top stories

From LinkedIn scraping to Office 365 attacks: How attackers identify your organization's weakest links

Understanding the techniques and tools attackers use in targeted phishing attacks.

Attackers use a variety of techniques to infiltrate corporate networks, but one tried and true way it to find out who works for a company and then target phishing attacks to those employees.

Famed hacker Kevin Mitnick reportedly used a paperback edition of the who’s who in Washington business owners to gain more information on local businesses, but these days we all have access to a much better database that exposes much more information: LinkedIn. The social network is often the starting place for determining who is a good target in an organization as well as a source for usernames and email addresses. 

From LinkedIn scraping to Office 365 attacks

As noted in the OSINTframework, there are several tools used by attackers to scrape information from LinkedIn.  Scraping tools such as LinkedInt, ScrapeIn, and Inspy allow the attacker to enumerate email addresses from domains. 

Once the attacker has the email addresses of targeted users, there are a number of techniques attackers can use to infiltrate a network. 

One tool that specifically targets Office 365, office365userenum allows an attacker to  go through a list of possible usernames and then observes the response. Given that many usernames start with the email address, the would-be attacker can first determine email addresses from social locations, and then use those emails to see if there are valid user accounts.  Once the attacker finds valid usernames, he can enumerate a list of valid users who can then be targeted for more attacks.   The tool sends a command to the activesync service, which then responds back with codes that attackers can use to determine if the username exists or not.

To continue reading this article register now

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!