Rapid Threat Test Results
Overall Threat Level
There are a few threats and tasks to take care of, and they're starting to rise in volume or age. We recommend resolving them within the next week.
Note: This service is designed to be passive and lightweight. It may not find all issues and is for evaluation purposes only. The Havoc Shield Platform contains comprehensive scanning and monitoring beyond what you see here.
Staff Found in Data Breaches
We performed a scan of the tech your website uses and we noticed insecure software, exploitable mis-configurations, and/or vulnerabilities. This scanner uses widely-available tech that malicious actors can use as well, so if we know about these issues, it’s likely they know too.
Social Engineering & Phishing
OSINT refers to the information attackers can gather and use against your organization. Examples include discoverable archive or config files, media, or code repositories. Look-a-like domain names are used in targeted phishing and other types of social engineer attacks to gain the trust of your users or employees.
Sensitive OSINT Exists
20+ Look-a-like Domains
Available Look-a-Like Domains
These domain names look like yours and are still available to register and use against you. Havoc Shield automatically watches, alerts, and defends against look-a-like domains like these.
There are critical gaps in your defense that require prioritization, new tools, guidance, reconfiguration, and enforcement across your team. Most software and services “ship” insecure by default, and that can cause big problems. Here are a few of them.
MFA not enforced
Without multi-factor authentication enabled across your ecosystem, company accounts are at significant risk. Discovery of services that support MFA, configuration and enforcement should be immediately remedied.
Lacking Virus/Malware Protection
Computers are still a favorite, and squishy target of attackers. Consumer-grade AV is not enough to defeat sophisticated threats like ransomware. A centrally managed, business-grade endpoint protection suite should be used on all machines.
Weak & Insecurely Shared Passwords
Staff trading plaintext passwords to company accounts over email are bound to end up in the wrong hands. Weak passwords are often reused personally and at work without a company-wide password manager to store unique logins and manage secure, shared access.
Home & Office Network Scan
Whether at home or at the office, the network you’re connecting from is constantly under attack. This scanner tries to locate open ports, unpatched networking equipment firmware, and insecure settings that attackers can use to take over your network or the machines connected to it.
No open ports
Possible equipment vulnerabilities
You have no open ports but your networking equipment may have unresolved vulnerabilities making it susceptible to attacks. A full scan should be completed.