Workload executed a binary with cryptomining configuration data
이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.
Description
A workload spawned a process that executed unique arguments linked with Bitcoin or other cryptocurrency-mining related activity.
Attackers often compromise cloud infrastructure to deploy high-capacity compute resources to mine cryptocurrency. These compromises negatively impact business costs and the availability of resources.
- Contain the incident by isolating or terminating the resource. Consider snapshotting to enable further analysis.
- Review the associated vulnerabilities and misconfigurations on the resource to determine the root cause for the compromise
- Patch or fix the vulnerabilities and misconfigurations on the relevant infrastructure deployment mechanism (Terraform, helm, etc) or apply the most recent software patch available to prevent future continual compromise.
- Reference the AWS Incident Response Playbook for cryptomining for further guidance.
Requires agent version 7.27 or greater