Cryptomining is an intentionally difficult, resource-intensive business. Its complexity was designed to ensure that the number of blocks mined each day would remain steady. So it’s par for the course that ambitious yet unscrupulous miners make amassing the computing power of large enterprises — a practice known as cryptojacking — a top priority.
The common tell that indicates a cryptomining attack has been successful is a significant decrease in the performance of a system or systems. As the cryptomining client runs, it is going to consume 100% of the available CPU process and occasionally the GPU. Where the GPU is hit, the main issue experienced will be significant overheating of the system
The best defense against cryptomining attacks is authenticated vulnerability scanning to identify vulnerabilities and then regular and rapid patching. The Cyber Essentials standard states that patching should be conducted within 14 days of a patch being released, as we agree.
Detection is simple. If you have a well established monitoring program or are using a SOC, then they will detected the malware as a last resort. They should also be informing you in good time of vulnerabilities present in the environment.