Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
It is relatively easy and common for an attacker to run a botnet that delivers large amounts of spam to an email server. Spam emails might be part of a phishing campaign that is impersonating your organization to collect sensitive information, such as usernames and passwords. A spike in email traffic, related to either malicious activity or a mass of distribution list replies, might create a denial-of-service (DoS) scenario, which can have a significant impact to a business if email service is blocked for employees or customers.
The system might change the risk score for this detection.
Kill Chain
Risk Score
64
An attacker launches an email phishing campaign to gain access to sensitive information such as passwords, account numbers, or customer data. Email messages that look like legitimate requests for information are sent in large volumes to SMTP servers and might cause disruptions in regular email traffic.
Examine source traffic to locate botnet activity, malware, or compromised devices
Add multi-factor authentication to SMTP servers
Block source addresses of spam emails
Block ports and protocols targeted by spam emails
