A security analyst is reviewing performance logs for a critical web server and notices several anomalies. The server's baseline performance is well-established. Which of the following observations is the strongest indicator of a potential cryptomining malware infection?
A sudden, sharp spike in outbound network bandwidth consumption.
A sustained and unusually high processor (CPU) utilization that does not correlate with legitimate user traffic or scheduled tasks.
Intermittent web application service interruptions and crashes.
A gradual but steady increase in drive capacity consumption over several days.
A sustained and unusually high processor (CPU) utilization is the most direct and strongest indicator of cryptomining malware. This type of malware performs complex mathematical calculations that are CPU-intensive, leading to significant and persistent resource consumption. While increased network traffic, drive capacity usage, and service interruptions can be indicators of compromise, they are more characteristic of other threats like data exfiltration, ransomware, or denial-of-service attacks, respectively, and are not the primary indicator for cryptojacking.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is cryptomining malware?
Open an interactive chat with Bash
Why is high CPU utilization a strong indicator of cryptomining malware?
Open an interactive chat with Bash
How can a security analyst detect cryptomining malware beyond observing high CPU utilization?