Horizon3.ai, a pioneer in autonomous security solutions, today announced the launch of its first-to-market Phishing Impact testing capability within NodeZero. The new capability marks a significant advancement in penetration testing, addressing a critical gap in understanding the real-world implications of phished credentials.
Business leaders often dismiss the threat of entry-level employees who click on malicious links, leading to frustration by IT and security organizations. The Phishing Impact test delivered by NodeZero can help those IT and security teams accurately convey the “blast radius” of those phished credentials, proving that sensitive data was indeed at risk.
Easily Interoperates With Popular Phishing Awareness Solutions
The NodeZero Phishing Impact test is resource-light: it’s easily conducted by IT and security team members by simply adding a few lines of JavaScript generated by NodeZero to their phishing page. Credentials of users “hooked by the lure” are automatically injected into a running NodeZero pentest via the JavaScript copied into the phishing page.
With legitimate credentials in hand, this type of testing reveals if an attacker would next be able to:
- Find and gain access to private data stores
- Gain admin access to other hosts in the network
- Move laterally to compromise cloud environments
- Elevate their privileges and take over domains
- Exploit unpatched vulnerabilities in internal systems
- Conduct other malicious acts
The Phishing Impact test is conducted with Horizon3.ai’s secure methods that ensure clear text credentials are not maintained outside of the test’s ephemeral infrastructure.
Each phished credential is added to the NodeZero platform as a “Notable Event” with a timestamp. Testers see the running list of credentials being tested in the Credentials window in the NodeZero UI.
By adding a few lines of JavaScript code provided by NodeZero to phishing pages created using popular testing tools, organizations can automatically channel captured credentials into an active NodeZero penetration test. This test then utilizes those phished credentials in conjunction with exploitable security weaknesses discovered by NodeZero as part of its attack against the network.
The outcome is a comprehensive report detailing the impact of each phished credential, offering organizations unprecedented insights into their security posture. This not only enhances their understanding of potential threats but also drives effective improvements to safeguard their systems against real-world attacks.