A systems administrator is investigating a performance degradation issue on a public-facing web server. The server's CPU utilization is consistently above 90%, causing slow response times for legitimate web traffic. A review of running processes reveals an unfamiliar process that is consuming most of the CPU cycles. Additionally, network monitoring tools show a persistent, high-volume outbound data stream to an unknown IP address over a non-standard port. A full antivirus scan has not reported any threats. Which of the following is the MOST likely cause of these issues?
The correct answer is cryptomining malware. The combination of symptoms-sustained high CPU utilization from an unknown process, slow system performance, and persistent outbound network traffic to an unknown destination-is characteristic of a cryptojacking attack. In this type of attack, malware uses the server's processing power to mine for cryptocurrency and sends the results to the attacker's server or mining pool. This malware is often designed to evade detection by traditional antivirus software.
A DDoS attack typically involves a flood of inbound traffic, not a single process generating outbound traffic. A corrupted system driver could cause high CPU usage or system instability, but it would not explain the specific, persistent outbound network connection. A misconfigured performance monitoring agent could cause high CPU usage, but it would be a known process and would not be communicating with an unknown external IP address in this manner.