A security analyst at a financial services company is reviewing performance logs for a critical database server. They observe that a process named db-updater.exe, which is not a known part of the database software, is consistently consuming over 90% of the CPU's resources, even during off-peak hours. The database application itself is responding slowly, and users are reporting performance degradation. Which of the following is the MOST likely explanation for this activity?
A legitimate, but poorly optimized, background reporting tool is running.
The database is experiencing a software bug causing a memory leak.
The server is undergoing a normal, but resource-intensive, software update.
Unusually high and sustained CPU consumption by an unknown or unauthorized process is a strong indicator of malicious activity. In this scenario, the process db-updater.exe is likely cryptojacking malware, which uses the server's processing power to mine cryptocurrency for an attacker. This directly impacts the performance of legitimate applications. While a software bug or a legitimate process could cause high CPU usage, the presence of an unknown process makes malware the most probable cause. A failed update or a reporting tool would typically not sustain such high CPU usage continuously or be an unrecognized executable.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are some common indicators of malicious activity related to CPU usage?
Open an interactive chat with Bash
How can I differentiate between legitimate high CPU usage and malicious activity?
Open an interactive chat with Bash
What actions should I take if I suspect malicious activity due to high CPU usage?