Horizon3.ai NodeZero Phishing Impact Helps Organizations Understand The Exact Damage Phished Credentials Can Create
February 8, 2024 No CommentsDemonstrates Phishing’s Impact on Their Unique Systems and Network, Recovery Steps – Integrates with Top Phishing and Security Awareness Training Solutions.
Horizon3.ai’s Phishing Impact testing lets IT and security teams cut through popular C-Suite misconceptions such as: “They’re a junior employee with limited privileges – do they really need training? One bad click isn’t likely to put my company at risk.”
The Phishing Impact test lets IT and security teams accurately convey the “blast radius” of phished employee credentials in a successful attack, and the precise impacts consequences that a successful phishing campaign can have on the individual organization’s IT infrastructure and business operations, as well as the essential recovery steps and priorities to get back up and running as quickly as possible.
“I was super excited about the Phishing Impact test in NodeZero. It’s the exact thing we’ve been missing and will, no doubt, be eye-opening for our users and executive team,” said a Database Administrator for a public services organization.
Complements Phishing Awareness Solutions
“The NodeZero Phishing Impact test is the natural complement to supplement phishing tools such as KnowBe4, Proofpoint, InfosecIQ, Mimecast, and in-house initiatives, and it represents the next step in responsible cybersecurity diligence,” said Stephen Gates, Principal Security SME at Horizon3.ai. “Organizations can now prove the end-to-end impact when an intern’s credentials were phished during a training exercise.”
The NodeZero Phishing Impact test is resource-light: it’s easily conducted by IT and security team members by simply adding a few lines of JavaScript generated by NodeZero to their phishing page. Credentials of users “hooked by the lure” are automatically injected into a running NodeZero pentest via the JavaScript copied into the phishing page.
With legitimate credentials in hand, the test shows whether an attacker could:
– Find and gain access to private data stores
– Gain admin access to other hosts in the network
– Move laterally to compromise cloud environments
– Elevate their privileges and take over domains
– Exploit unpatched vulnerabilities in internal systems
– Conduct other malicious acts
The Phishing Impact test is conducted with Horizon3.ai’s secure methods that ensure clear text credentials are not maintained outside of the test’s ephemeral infrastructure. Each phished credential is added to the NodeZero platform as a “Notable Event” with a timestamp. Testers see the running list of credentials being tested in the Credentials window in the NodeZero UI.
By adding a few lines of JavaScript code provided by NodeZero to phishing pages created using popular testing tools, organizations can automatically channel captured credentials into an active NodeZero penetration test. This test then utilizes those phished credentials in conjunction with exploitable security weaknesses discovered by NodeZero as part of its attack against the network.
The outcome is a comprehensive report detailing the impact of each phished credential, offering organizations unprecedented insights into their security posture. This enhances the security team’s and full user community’s understanding of potential threats, and prioritizes the improvements needed to safeguard a company’s systems against real-world attacks.
Horizon3.ai Co-Founder and CEO Snehal Antani said: “Phishing is the most common type of cyberattack. Today there are over 1.35 million unique phishing sites detected worldwide. Every day, IT and security teams leverage sophisticated, state-of-the-art security training and in-house phishing tests to raise security awareness and identify susceptible human targets, yet every day, new attacks succeed because humans are naturally responsive, and attacks are increasingly sophisticated. Our Phishing Impact testing is first-to-market and gives you the ammunition required to drive meaningful improvements to reduce the credential attack surface of your organization.”
An Information Security Analyst for a large U.S. retail chain said: “We tested the new capability that NodeZero brings to the table against a group of people who we call our ‘clickers,’ and three users entered their valid credentials. NodeZero then used those credentials during its internal pentests, and the results were enlightening, to say the least. We do plan to incorporate this solution into our phishing program going forward. We love the perspective of using credentials to see what different users can access, and the integration with KnowB4 was very easy to implement.”
For a YouTube demonstration of a NodeZero Phishing Impact test, go to: https://www.youtube.com/watch?v=v3TBfpCwu9o
Sorry, the comment form is closed at this time.