Bitdefender unusual spike found in phishing events being generated for single URL

This rule is part of a beta feature. To learn more, contact Support.
bitdefender

Classification:

attack

Tactic:

TA0001-initial-access

Technique:

T1566-phishing

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください

Goal

Detects unusual spikes in phishing events being generated for a single URL.

Strategy

This rule monitors antiphishing logs to detect unusual spikes in phishing events being generated for a single URL.

Triage and Response

  1. Investigate logs and identify endpoints where the phishing attempts occurred.
  2. Validate if the phishing attempt was user-initiated or triggered by an automated script or compromised service.
  3. Review logs for systems or endpoints accessing the same URL to identify patterns of a broader phishing campaign.
  4. If necessary, block the URL at the network level.
  5. Notify impacted users about the phishing attempt and remind them not to interact with suspicious emails or links.