Posted On: Nov 15, 2018

Amazon GuardDuty has added three new threat detections. Two of the detections help detect suspicious Tor Network-related activity, and the third helps identify cryptocurrency mining-related activity.

The two Tor Network-related findings expand the service’s ability to detect Amazon EC2 instances that may have been compromised and are communicating with the Tor Network. The new finding types are: UnauthorizedAccess:EC2/TorClient and UnauthorizedAccess:EC2/TorRelay.

The new cryptocurrency finding expands the service’s ability to detect Amazon EC2 instances querying IP addresses associated with cryptocurrency-related activity. The new finding type is: CryptoCurrency:EC2/BitcoinTool.B.

Available globally, Amazon GuardDuty continuously monitors for malicious or unauthorized behavior to help protect your AWS resources, including your AWS accounts and access keys. GuardDuty identifies unusual or unauthorized activity, like cryptocurrency mining or infrastructure deployments in a region that has never been used. Powered by threat intelligence and machine learning, GuardDuty is continuously evolving to help you protect your AWS environment.

You can enable your 30-day free trial of Amazon GuardDuty with a single-click in the AWS Management console. Please see the AWS Regions page for all the regions where GuardDuty is available. To learn more, see Amazon GuardDuty Findings and to start your 30-day free trial, see Amazon GuardDuty Free Trial.