Detecting vulnerability scanning traffic from underground tools using machine learning

Intel Name: Detecting vulnerability scanning traffic from underground tools using machine learning

Date of Scan: October 3, 2024

Impact: Medium

Summary:
Researchers at Palo Alto Networks identified an automated scanning tool called Swiss Army Suite (S.A.S) during routine telemetry monitoring. This tool was used by attackers to conduct vulnerability scans on both customer web services and various online sites. An SQL injection detection model identified unusual traffic patterns linked to this tool, which may include payloads capable of bypassing web application firewalls. Further investigation revealed similar SQL injection attempts recorded by users across the internet. Understanding the tool’s behavior is crucial for enhancing defense strategies, whether they rely on signature-based or machine-learning detection methods.

More Details