Horizon3.ai
Horizon3.ai

Phishing Impact Testing

with NodeZero

What’s the true impact on your organization when an employee is phished?

Phishing is the most common type of cyberattack. There are over 1.35 million unique phishing sites detected worldwide. In response to this pervasive threat, it’s likely your ITOps and SecOps teams conduct security training and in-house phishing tests to raise security awareness and see who is susceptible. It’s time to go a step further.

  • Ensure that everyone in the organization understands the proven impact – not just the theoretical possibilities – of falling victim to a phishing scam.
  • Understand what assets are most vulnerable so that you can better protect them.
  • Efficiently evaluate systemic changes you can take to minimize your risks.
6

The NodeZero dashboard provides a consolidated summary of your Phishing Impact test, showing you the number of compromised credentials and the key weaknesses and impacts with detailed guidance about how to remediate them most effectively and efficiently.

Integrate with Your Phishing Campaign App

The NodeZero Phishing Impact test is designed to supplement your simulated phishing tools, such as KnowBe4, Proofpoint, InfosecIQ, and in-house efforts.

Simply copy the NodeZero script into your phishing landing page. Then the credentials of the users who responded to the lure will appear in the supporting NodeZero internal pentest you’ve created to run for the duration of the campaign.

Reveal Critical Impacts from Phished Credentials

Once you have set up your Phishing Impact test to interoperate with your phishing simulation, NodeZero automatically captures the credentials of the simulated phishing attack victims and uses them to pentest your internal network. You can use the report from this test to assess the business risk of a successful phishing attack, and identify security controls that can be put in place to mitigate this risk.

NodeZero Captures the Phished Credentials

As users are phished during the course of your integrated phishing campaign, their credentials are entered into NodeZero. By default, the phishing script will tell the user their login is incorrect in an attempt to gain additional credentials. You can see the phished credentials as they are added to the NodeZero Phishing Impact test in RealTime View both in the credentials list and the notable events log that gives you the timestamp for the addition of the credential. 

The Phishing Impact test is conducted with Horizon3.ai’s secure methods that ensure cleartext credentials are not maintained outside of the test’s ephemeral infrastructure.

6

The phishing script will tell the user their login is incorrect in an attempt to gain additional credentials.

NodeZero begins testing the impact of a phished credential as soon as it is captured.

6

Here is a RealTime View showing how each phished credential is added to the NodeZero platform as a “Notable Event” with a timestamp. You can also see the running list of credentials being tested in the Credentials window on the right.

NodeZero begins testing the impact of a phished credential as soon as it is captured.

Easily understand how a phished credential impacts your environment and what an attacker can access.

  • What type of data can the phisher access? Is it protected data? Crown jewels?
  • Can the phisher gain admin access to hosts in your network?
  • Can the phisher move laterally to cloud environments?
  • Can the phisher elevate privileges and compromise other credentials?

What Could an Attacker Do with This Phished Credential?

Once a phished credential is added to the test, NodeZero uses it to probe your environment just as an attacker would. The resulting test helps you easily understand how each phished credential can impact your environment, including the data and domain privileges it can obtain.

NodeZero UI: Phishing attack path
6

Your organization’s risk varies with the blast radius of the phished credential. In this attack path, a phished domain user credential leads to domain compromise.

6

NodeZero shows you exactly when domain user compromise was achieved as a proofpoint of the exploit.

Beyond Simulation: Proven Impacts

A core strength of NodeZero is that it shows you the proofs of weaknesses it exploited and their associated impacts. When NodeZero shows you how it was able to achieve domain compromise with a phished credential, you’ve moved beyond simulation, to demonstrated proof.

Test Your Access Policies, Test Your Responses

Not only does this NodeZero capability help users understand the potential gravity of being phished, it helps security teams assess their defenses. Learning that a phished intern could lead to domain compromise can inspire security teams to tighten their least privilege controls. 

6

You have numerous options to filter and drill into your results to understand the downstream impacts, such as the data that could be accessed by a phished employee credential.

6
You benefit from a concise summary of your organization’s phishing exposure for each credential, prioritization of the impacts, and detailed guidance about how to fix them.

Prioritize and Identify Systemic Issues

As a result of a Phishing Impact test, your organization will be able to easily understand which weaknesses need to be addressed to better protect your organization. NodeZero prioritizes your organization’s weaknesses and groups systemic issues so that you can address them holistically.

Interested in taking your Phishing simulations to the next level?

Request a demo.

Don't take our word for it.

"We used the test with a small group of people we call our ‘clickers’ and three users gave us valid creds. Long story short, we love this new test and plan to incorporate it into our phishing program going forward."

Information Security Analyst, Retail Industry

 

“We love that it uses phished credentials for an authenticated test to see what different users can access. The test defaults are tied to authentication attacks, but we have the granularity add other attack types to the test.”

Information Security Analyst, Retail Industry

 

“It's great how it ties into KnowBe4 really easily.”

Information Security Analyst, Retail Industry

 

“We appreciate how NodeZero manages the visibility and security of the compromised passwords.”

Information Security Analyst, Retail Industry

 

“The new phishing impacts can help leadership understand the actual real-world impact of successful social engineering attacks.”

Database Administrator, Public Services Organization

 

Six fishing poles mounted to the back of a motorized boat

Gone Phishing: How an Intern’s Credentials can be a Gateway to Your Crown Jewels

Industry Insight
by Snehal Antani, Co-Founder and CEO at Horizon3.ai

Learn more about other key NodeZero operations: