jeff on 24 Jan 2019 07:30:51 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Mining for Cycles

On 1/24/19 10:07 AM, Victor wrote:
On 1/24/19 8:39 AM, Rich Freeman wrote:
WHEN you get hacked, how will you know that it has happened?

So what is the best advice for identifying a compromise? In this case
the only thing that tipped off OP was high CPU utilization for
cryptomining which might not be an attacker's end goal.

To be specific, it was high CPU by itself. I didn't discover it was phoning home til later.

Top of my head: In terms of detection of any compromise, I'd say know what your machine's load is in general and monitor. Watch traffic in and out. Scans with multiple tools at intervals (mine turned up nothing, ymmv). Like Rich said, hardening the browser and machine, lowering attack surface. Be very careful when browsing. Monitor CERT alerts and security news, if you don't already. Look for things that seem odd - use your intuition/force/spider-sense. Not sure if any of the current AVs offer on-access. It's a shame we need it.
Philadelphia Linux Users Group         --
Announcements -
General Discussion  --