Bitdefender unusual spike found in phishing events being generated for single URL

This rule is part of a beta feature. To learn more, contact Support.
bitdefender

Classification:

attack

Tactic:

TA0001-initial-access

Technique:

T1566-phishing

이 페이지는 아직 한국어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Goal

Detects unusual spikes in phishing events being generated for a single URL.

Strategy

This rule monitors antiphishing logs to detect unusual spikes in phishing events being generated for a single URL.

Triage and Response

  1. Investigate logs and identify endpoints where the phishing attempts occurred.
  2. Validate if the phishing attempt was user-initiated or triggered by an automated script or compromised service.
  3. Review logs for systems or endpoints accessing the same URL to identify patterns of a broader phishing campaign.
  4. If necessary, block the URL at the network level.
  5. Notify impacted users about the phishing attempt and remind them not to interact with suspicious emails or links.