Workload executed a binary with cryptomining configuration data

이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Description

A workload spawned a process that executed unique arguments linked with Bitcoin or other cryptocurrency-mining related activity.

Attackers often compromise cloud infrastructure to deploy high-capacity compute resources to mine cryptocurrency. These compromises negatively impact business costs and the availability of resources.

Remediation

  1. Contain the incident by isolating or terminating the resource. Consider snapshotting to enable further analysis.
  2. Review the associated vulnerabilities and misconfigurations on the resource to determine the root cause for the compromise
  3. Patch or fix the vulnerabilities and misconfigurations on the relevant infrastructure deployment mechanism (Terraform, helm, etc) or apply the most recent software patch available to prevent future continual compromise.
  4. Reference the AWS Incident Response Playbook for cryptomining for further guidance.

Requires agent version 7.27 or greater