How does GCP detect crypto mining within a VM?
Are they noticing this because 100% CPU usage? Or DNS queries from the instances?
This just happened to us and it would be super helpful to know how GCP can scan it before.
Are they noticing this because 100% CPU usage? Or DNS queries from the instances?
This just happened to us and it would be super helpful to know how GCP can scan it before.
I do not know the answer specifically as it pertains to GCP but I know that a couple other VPS providers just look for specific programs using a lot of CPU via their command-line and program name from the hypervisor. No scanning, just a process list and CPU usage in those cases. But I have no idea what GCP is specifically doing in your case. Simple monitoring tools can flag this.
> just look for specific programs using a lot of CPU via their command-line and program name from the hypervisor.
They would have to run this from within the guest, no? I don't like the thought of that.
You could look at anomalous ingress/egress patterns.
GCP detects crypto mining in VMs by monitoring unusual resource usage like high CPU or network activity. It analyzes logs for known mining software and suspicious process behavior. Machine learning and threat intelligence help flag abnormal VM activity. Tools like Security Command Center and VPC Flow Logs assist in detection. If mining is detected, GCP alerts the user and may recommend or take action.
AI?