Horizon3.ai - Automated Pen Testing as a Service

In the News

FBI Clears ProxyLogon Web Shells from Hundreds of Orgs

Threat Post: 4/14/21
Monti Knode, director of customer and partner success at Horizon3.AI, noted that the action illuminates just how dangerous the bugs are. “Government action is always predicated by an authority to act,” he said via email. “By specifically calling out ‘protected computers’ and declaring them ‘damaged’, that appears to have been enough to give the FBI a signed warrant to execute such an operation without notifying victims ahead of the operation execution. While the scale of the operation is unknown (redacted in court order), the fact that the FBI was able to execute in less than four days, and then publicly release this effort, demonstrates the potential national security risk posed by these exploited systems and the prioritized planning involved. This isn’t a knee-jerk reaction.”

Industry Reactions to FBI Cleaning Up Hacked Exchange Servers: Feedback Friday

Security Week: 4/16/21
Monti Knode, Director of Customer & Partner Success, Horizon3.AI: “Government action is always established by an authority to act. By explicitly calling out 'protected computers' and declaring them 'damaged', that appears to have been enough to give the FBI a signed warrant to execute such an operation without notifying victims ahead of the operation execution. While the scale of the operation is unknown (redacted in court order), the fact that the FBI was able to execute in less than four days, and then publicly release this effort, demonstrates the potential national security risk posed by these exploited systems and the prioritized planning involved. Ultimately we are digitally interconnected, and given the risk for supply chain attacks, it’s in each of our best interest to know our own cyber risk and act on them, hopefully before our government must.”

Hackers Leak Hacker Data in Swarmshop Breach

Security Boulevard: 4/12/21
Naveen Sunkavally, chief architect at Horizon3.ai, is more concerned about the proliferation of user credit card information, as well as online banking credentials, than hackers turning on their own. “Attackers can use these credentials against a variety of systems, rarely triggering any security events, because they look like legitimate users,” Sunkavally said. “In the end, regular users are the ones who lose the most.”

FBI Hacks Compromised Exchange Servers as More Stories of Companies Being Targeted Emerge

SiliconANGLE: 4/14/21
“While the scale of the operation is unknown (redacted in court order), the fact that the FBI was able to execute in less than four days and then publicly release this effort, demonstrates the potential national security risk posed by these exploited systems and the prioritized planning involved,” Monti Knode, director of customer & partner success at pentesting company Horizon3.AI Inc. told SiliconANGLE. “This isn’t a knee-jerk reaction.”

Biden Seeks to Boost CISA's Budget by $110 Million

Info Risk Today: 4/12/21
"The cost to attack is far cheaper than the cost to defend, and organizations are struggling to protect themselves," says Monti Knode, director of customer and partner success at the security firm Horizon3.ai, who's the former commander of the Cyberspace Operations Group at the U.S. Air Force. "Agencies like CISA must play a critical role in helping secure not only our federal government, but U.S. businesses and people - all part of a vital public-private supply chain - from cyberthreats. $110 million is a nominal down payment for what will be a long and expensive endeavor."

Swarmshop Breach: 600K+ Payment Card Records Leaked

Security Magazine: 4/9/21
Naveen Sunkavally, Chief Architect at Horizon3.AI, agrees this is nothing new. "This breach continues to show that no one is immune from cyberattacks, including cybercriminals themselves. What's most concerning is the proliferation of user credit card information and online banking credentials. Attackers don't need to hack in using zero days like in the movies; often they can just log in with credentials they've stolen from efforts like this. Now, factor in that many people reuse their credentials across different systems and all the open source information attackers have at their disposal. Attackers can use these credentials against a variety of systems, rarely triggering any security events, because they look like legitimate users. In the end, regular users are the ones who lose the most."

User and Credit Card Data Stolen from Darknet Marketplace Swarmshop

SiliconANGLE: 4/8/21
Naveen Sunkavally, chief architect at pentesting firm Horizon3.AI Inc., noted that the breach show that no one is immune from cyberattacks, including cybercriminals themselves. “What’s most concerning is the proliferation of user credit card information and online banking credentials,” Sunkavally added. “Attackers don’t need to hack in using zero-days like in the movies; often they can just log in with credentials they’ve stolen from efforts like this.”

Hackers Hit Nine Countries, Expose 623,036 Payment Card Records

SC Magazine: 4/8/21
This breach shows that no one is immune from a cyberattack, including the cybercriminals themselves, said Naveen Sunkavally, chief architect at Horizon3.AI. “What’s most concerning is the proliferation of user credit card information and online banking credentials,” Sunkavally said. “Attackers don’t need to hack in using zero days like in the movies. They often can just log in with credentials they’ve stolen from efforts like this. Now, factor in that so many people reuse their credentials across different systems and all the open source information attackers have at their disposal. Attackers can use these credentials against a variety of systems, rarely triggering any security events, because they look like legitimate users. In the end, regular users are the ones who lose the most.”

Probing Restrictions May Stilt Pentagon’s Vulnerability Disclosure Program for Contractors

SC Magazine: 4/6/21
“What is going to be interesting with this formal process is how fast industry partners and government can and are willing to fix a reported finding,” said Monti Knode, director of customer and partners success at penetration testing company Horizon3.AI.

Fortinet FortiOS VPN Likely Exploited by Hackers, Feds Say

Channel Futures: 4/5/21
Zach Hanley is senior red team engineer at Horizon3.AI. “Attackers are increasingly targeting critical external applications,” he said. “VPNs have been targeted even more this last year. These three vulnerabilities targeting the Fortinet VPN allow an attacker to obtain valid credentials, bypass multifactor authentication (MFA), and man-in-the-middle (MITM) authentication traffic to intercept credentials. The common theme here is once they are successful, they will look just like your normal users.”

Hackers are Actively Targeting FortiOS Vulnerabilities, Warn FBI and CISA

Silicon Angle: 4/5/21
“Attackers are increasingly targeting critical external applications, and VPNs have been targeted even more this last year,” Zach Hanley, senior Red Team engineer at pentesting company Horizon3.AI Inc., told SiliconANGLE. “These three vulnerabilities targeting the Fortinet VPN allow an attacker to obtain valid credentials, bypass MFA and man-in-the-middle authentication traffic to intercept credentials. The common theme here is: Once they are successful, they will look just like your normal users.”

FBI and CISA: APT Groups Targeting Government Agencies

Gov Info Security: 4/3/21
Zach Hanley, senior red team engineer at security firm Horizon3.ai, adds that the attackers can use the vulnerabilities to obtain valid credentials to perform man-in-the middle attacks, which will then help them to intercept authentication traffic. "The common theme here is: Once they are successful, they will look just like your normal users."

FBI and CISA Warn About APTs Targeting FortiOS VPN Vulnerabilities

Tech Nadu: 4/3/21
Zach Hanley, Senior Red team engineer at Horizon3.AI told us: “Attackers are increasingly targeting critical external applications – VPNs have been targeted even more this last year. These three vulnerabilities targeting the Fortinet VPN allow an attacker to obtain valid credentials, bypass multi-factor authentication (MFA), and man-in-the-middle (MITM) authentication traffic to intercept credentials. The common theme here is: once they are successful, they will look just like your normal users.”

FBI: APTs Actively Exploiting Fortinet VPN Security Holes

Threat Post: 4/2/21
“Attackers are increasingly targeting critical external applications – VPNs have been targeted even more this last year,” said Zach Hanley, senior red team engineer at Horizon3.AI, via email. “These three vulnerabilities targeting the Fortinet VPN allow an attacker to obtain valid credentials, bypass multifactor authentication (MFA), and man-in-the-middle (MITM) authentication traffic to intercept credentials.” Hanley added, “The common theme here is: once they are successful, they will look just like your normal users.”

Agency Issues 2nd Alert for Instant Quote Website Schemes

Data Breach Today: 4/2/21
Anthony Pillitiere, co-founder and CTO of security firm Horizon3.AI, notes that instant quote websites for financial services companies and auto insurers fail to offer basic security for information that can easily be gleaned by fraudsters with rudimentary skills. "People already give up enough information on their own through social media and the rest of their digital footprint," Pillitiere says. "The last thing they need is someone giving it away without them knowing about it. Criminals use any and all data available to them, from social media to receipts in their trash. … The relationships between that data create a picture that enables attackers to reach their goal."

CISA Orders Action Against Exchange Vulnerabilities

Security Boulevard: 4/2/21
There will be “a significant increase in serious cyberattacks throughout 2021 using ubiquitous software like Exchange and SolarWinds as the attack vector,” warned Anthony Pillitiere, co-founder and CTO at Horizon3. Pillitiere stressed that “organizations that lack a strong cybersecurity foundation will suffer, but organizations that have invested in the right talent, tools, processes and partners will weather the storm.” In special operations, he said, “we learned to master the fundamentals” and the same holds “true in cybersecurity – focus on getting the fundamentals right.” That way, organizations “can assess, detect, and respond to security threats faster.”

CISA Releases Supplemental Direction On Emergency Directive for Microsoft Exchange Server

Security Magazine: 4/2/21
According to Anthony Pillitiere, Co-Founder and CTO at Horizon3.AI, “We will continue to see a significant increase in serious cyber attacks throughout 2021 using ubiquitous software like Exchange and SolarWinds as the attack vector. Organizations that lack a strong cyber security foundation will suffer, but organizations that have invested in the right talent, tools, processes, and partners will weather the storm.”