Workload executed a binary with cryptomining configuration data

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Description

A workload spawned a process that executed unique arguments linked with Bitcoin or other cryptocurrency-mining related activity.

Attackers often compromise cloud infrastructure to deploy high-capacity compute resources to mine cryptocurrency. These compromises negatively impact business costs and the availability of resources.

Remediation

  1. Contain the incident by isolating or terminating the resource. Consider snapshotting to enable further analysis.
  2. Review the associated vulnerabilities and misconfigurations on the resource to determine the root cause for the compromise
  3. Patch or fix the vulnerabilities and misconfigurations on the relevant infrastructure deployment mechanism (Terraform, helm, etc) or apply the most recent software patch available to prevent future continual compromise.
  4. Reference the AWS Incident Response Playbook for cryptomining for further guidance.

Requires agent version 7.27 or greater