Have you ever heard of “penetration testing” (or “pen testing”)? That’s when a security professional tries to hack into their own (or their client’s) environment to ensure that the security controls put in place are, in fact, functioning properly. It’s a great technique and can uncover some overlooked soft spots in an organization’s defense.
Historically, experts in the field using ad hoc tools and techniques have done this type of testing but the increasing availability of ready-made toolkits on the internet makes pen testing accessible to even those with less developed skill sets. The unfortunate result is that criminals, regardless of their skill level, can (and will) use these tools against their victims, allowing them to execute attacks essentially with the push of a button.
A particularly powerful example is the “Social Engineer Toolkit” (SET), it is a tool aimed at penetration testing around Social Engineering. Social Engineering refers to the manipulation of people into carrying out actions or revealing confidential information with the purpose of information gathering, fraud, or system access. Some examples of social engineering are: Baiting, Phishing, Spam, Spear phishing. SET is pre-loaded with these various attack sequence and more.
SET allows attackers to execute complicated attacks quickly and in rapid succession. These extremely sophisticated attacks are carried out using techniques that, previously, were only available to those with advanced skill sets.
The AlienVault Labs team has recently released several IDS signatures and a correlation rule to AlienVault USM to detect when a user in your network environment is being attacked with the Social Engineer Toolset. You can get more details on the latest USM threat intelligence updates here.