Cryptomining indicating infection or resource abuse
Description
AlphaSOC detected network traffic to a known cryptocurrency mining pool destination. This activity indicates that cryptocurrency mining software may be operating within the network. Cryptocurrency mining consumes significant computational resources and can be a sign of compromised systems being exploited for financial gain. Threat actors often deploy crypto miners on compromised hosts to monetize their access while remaining undetected.
Impact
Unauthorized cryptocurrency mining can degrade system and network performance, reduce productivity, and increase energy costs.
Severity
Severity | Condition |
---|---|
High | Cryptomining traffic |
Investigation and Remediation
Identify the source of the mining activity, including affected systems and processes. Terminate the mining processes, remove the software, and conduct a thorough security assessment of the affected systems.
Known False Positives
- Network traffic to domains that share infrastructure with known mining pools but serve different purposes