anomalous_traffic_mega
Explanation
This event is triggered by Netography's Fusion Portal when it detects a data transfer to the Mega file hosting service exceeds an automatically determined baseline threshold. Auto Thresholding observes related network traffic to determine a baseline and then defines thresholds as a number of standard deviations from the typically observed traffic. This event specifically looks for data transfers to the Mega file hosting service that are multiple standard deviations greater than the learned baseline.
What to Look For
Anomalous traffic to the Mega file hosting service may be an indication that your network is compromised and attackers are stealing information by moving it (exfiltrating it) off your network. Attackers exfiltrate data using the Mega file hosting service because it is a low-cost, privacy-focused cloud storage service. Detections of anomalous traffic to the Mega file hosting service are worthy of investigation because they may be indicative of a ransomware attack or industrial espionage.
Investigate hosts that are the source of this sort of activity in order to make sure that it is authorized and expected, and the hosts have not been compromised. Ensure that hosts sending data to the Mega file hosting service are authorized to send data into a public cloud and that they are storing data in an approved destination. Check network logs for additional information to ensure that sensitive information is secure.
Related MITRE ATT&CK Categories
Updated 19 days ago