Traffic to a TDS mechanism requiring investigation
Description
AlphaSOC detected traffic directed to a known Traffic Distribution System (TDS). TDS are networks used by cybercriminals to redirect victims to malicious content such as malware, phishing pages, and scams. These systems filter traffic based on various criteria and direct users to specific landing pages. They may be used by threat actors to distribute malware, including through exploit kits and drive-by downloads.
Impact
TDS traffic may indicate the presence of an active malware distribution campaign within your network. If left unaddressed, this can result in further malware downloads and execution.
Severity
Severity | Condition |
---|---|
Medium | Traffic to a TDS mechanism requiring investigation |
Investigation and Remediation
Analyze network logs to identify the source of suspicious TDS traffic. Investigate the initial infection vector by examining file downloads and email attachments. Isolate compromised systems to prevent further spread or data exfiltration, remove malicious software, and block associated destinations.