Traffic to malicious infrastructure capturing credentials
Description
AlphaSOC detected network traffic to infrastructure known for capturing credentials. This indicates that a user or system within the network attempted to communicate with a domain, IP address, or service associated with credential harvesting. This finding may indicate phishing attempts, malicious redirects, or an unauthorized authentication request.
Impact
Traffic to credential-capturing infrastructure can lead to unauthorized access to user accounts, sensitive data, and systems. Compromised credentials enable adversaries to bypass security controls, escalate privileges, and move laterally within the network, resulting in data breaches.
Severity
| Severity | Condition |
|---|---|
High | Traffic to infrastructure capturing credentials |
Investigation and Remediation
Investigate the affected systems and user accounts associated with the detected traffic. Analyze network logs, browser history, and email communications to identify potential phishing attempts or compromised applications. Reset passwords for affected accounts, enable multi-factor authentication, and monitor for any signs of unauthorized access or data exfiltration. Block access to the identified malicious infrastructure at the network level.