We now exist in a world of ignored credential proliferation, and we're paying the price. We've spent millions in malware signature detection and sandbox execution, endpoint detection, threat indicators, vulnerability assessments and scans, proxies and firewalls... but none of these is useful for recognizing compromised credentials attacks.
Being vulnerable does NOT mean you are exploitable. That is why Horizon 3 AI focuses on attack vectors, chaining techniques an attacker uses with harvested credentials, technical misconfigurations, and exploitable software vulnerabilities and operationally context-scores the results based on an attacker's perspective of your environment.
And we prove it.
Join our Red Team for a deep Credential Attacks webinar where we'll share an attacker's perspective on this persistent global issue, and how Horizon 3 AI can help.
We now exist in a world of ignored credential proliferation, and we're paying the price.
And this isn't even counting the volume of credentials leveraged every day across an exponentially expanding attack surface with Work-From-Home, development in Git and Jenkins pipelines, cloud resources spinning up and down, and agent-oriented security products (such as SolarWinds and FireEye) requiring unlimited credentialed access in your environment.
Figure 1. Chaining multiple attack paths
Credential attacks are not detected by vulnerability scanners, endpoint detection, SOAR, SIEM, BAS tools, nor most penetration tests. These types of attacks led to the most financial damage, a little over $10B over the past 5 years:
For all intents and purposes, an attacker using credentials looks like a legitimate user. Coupled with the absence of malware, this type of attack is extremely difficult to detect. This is why ZeroTrust and BeyondCorp are such popular security models right now; both are an attempt to limit the blast radius of a compromised credential.
This matters even more now, because 51% of people use the same passwords for both work and personal accounts, and 39% of accounts use passwords that NEVER expire. In the Zoom attack, it is believed that attackers were able to use old stolen credentials, some from 2013, and compromised passwords from other accounts - i.e., credential stuffing. The ripple effects of these poor practices and policies carry into not just a personal account, but back to our work and the companies themselves.
More frustrating now is that attackers who employ credential-stealing tools aren't going after organizations who spend millions on cybersecurity... but the much weaker and more vulnerable and most valuable: hospitals and schools.
Horizon3.ai has seen this and - as a rainbow team - employed this attack path tactic with incredible success to help companies, hospitals and schools start fixing what matters.
Why?Because this matters.
Horizon 3 AI's own 2020 results bear this data out. In hundreds of rainbow operations this past year, across financial, medical, manufacturing, consulting, and even cloud-native big data industries, we found and verified weak and default credentials to lead our Top 10 list - by far. If we account for the sheer number of weak or default credentials found:
Being vulnerable doesn't mean you are exploitable. That's why Horizon 3 AI focuses on attack vectors, chaining techniques an attacker uses with harvested credentials, technical misconfigurations, and exploitable software vulnerabilities - regardless of CVSS score - and operationally context-scores the results based on an attacker's perspective of your environment.
And we prove it.
Figure 3. Attack Path Example
We're able to quickly conduct a credential attack against your organization, talk through the findings, and help you identify critical weaknesses.
This is an actual timeline for our Deep Red Team executing a medical company operation:
Horizon 3 AI confirmed administrator access to shares and a storage array, including "crown jewel" access which could lead to business IP data exposure, PII/PHI data leaks/infractions, ransomware risks, data destruction - all impacting reputation and revenue stream.
Every CEO and CISO and MSSP needs to ask and answer: "Are we vulnerable to credential attacks compromising our business and brand?"
Then verify the answer. Horizon 3 AI can help. Check us out at https://www.horizon3.ai/
Because if I appear legitimate, why would your defenses stop me?
Horizon 3 AI focuses on attack vectors, chaining methods an attacker manipulates such as harvested credentials, tech misconfigurations, exploitable software vulnerabilities, and operationally context-scores the results based on an attacker's perspective of your environment. Bottom Line: this ain't some CVE scanner. This is an attacker's perspective of what's most valuable and vulnerable.