Workload executed a binary with cryptomining configuration data
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
Description
A workload spawned a process that executed unique arguments linked with Bitcoin or other cryptocurrency-mining related activity.
Attackers often compromise cloud infrastructure to deploy high-capacity compute resources to mine cryptocurrency. These compromises negatively impact business costs and the availability of resources.
- Contain the incident by isolating or terminating the resource. Consider snapshotting to enable further analysis.
- Review the associated vulnerabilities and misconfigurations on the resource to determine the root cause for the compromise
- Patch or fix the vulnerabilities and misconfigurations on the relevant infrastructure deployment mechanism (Terraform, helm, etc) or apply the most recent software patch available to prevent future continual compromise.
- Reference the AWS Incident Response Playbook for cryptomining for further guidance.
Requires agent version 7.27 or greater