Trend Micro Email Security alert: High volume of emails to recipient

This rule is part of a beta feature. To learn more, contact Support.
trend-micro-email-security

Classification:

attack

Tactic:

TA0001-initial-access

Technique:

T1566-phishing

이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Goal

Detect an unusually high volume of emails received, which could indicate a potential spam campaign, compromised email account, or other malicious activities aimed at overwhelming email infrastructure or distributing harmful content.

Strategy

Monitor Trend Micro Email Security mail tracking logs to identify instances where a high volume of emails is received by a single recipient within a short period. This detection rule aims to identify potential threats early, enabling timely investigation and mitigation to protect email systems and recipients from spam or malicious content.

Triage and response

  1. Analyze email volume and pattern to differentiate between legitimate activities and potential threats.
  2. Look after the recipient email address {{@recipient}} for signs of compromise.
  3. Review the email content for indicators of malicious activity, like suspicious links, attachments, or unusual requests. Identify patterns such as similar subject lines, repetitive content, or external links.
  4. If the activity is deemed malicious, block the sender(s) and quarantine or delete the emails.
  5. Inform the recipient about the potential threat and provide guidance on handling similar emails in the future.
PREVIEWING: brett.blue/embedded-collector-release