A security analyst is reviewing performance logs for a critical web server and notices several anomalies. The server's baseline performance is well-established. Which of the following observations is the strongest indicator of a potential cryptomining malware infection?
A sustained and unusually high processor (CPU) utilization that does not correlate with legitimate user traffic or scheduled tasks.
Intermittent web application service interruptions and crashes.
A gradual but steady increase in drive capacity consumption over several days.
A sudden, sharp spike in outbound network bandwidth consumption.
A sustained and unusually high processor (CPU) utilization is the most direct and strongest indicator of cryptomining malware. This type of malware performs complex mathematical calculations that are CPU-intensive, leading to significant and persistent resource consumption. While increased network traffic, drive capacity usage, and service interruptions can be indicators of compromise, they are more characteristic of other threats like data exfiltration, ransomware, or denial-of-service attacks, respectively, and are not the primary indicator for cryptojacking.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are unauthorized or malicious processes?
Open an interactive chat with Bash
What does an increase in processor consumption indicate?