Datadog CSM Threats is a solution designed to detect and stop unauthorized cryptomining activity on cloud workloads, which can quickly drive up computing costs and affect application performance. Cryptomining attacks are challenging to detect due to their ability to distribute software across multiple resources and encrypt outbound connections to mining pools. Signs of cryptomining activity include consistently high CPU usage, CPU overclocking, gradual decline in service performance, sudden spikes in cloud computing costs, and newly deployed clusters on infrequently used regions. Datadog CSM Threats identifies and proactively stops unauthorized mining processes via its Agent and built-in rules, providing context for developers, SREs, and dedicated security teams to confirm the process is no longer running, quarantine affected resources, and fix vulnerabilities or misconfigurations. To prevent future cryptomining attacks, teams can patch affected resources with the latest software updates, secure workloads by fixing overly permissive access controls, and configure resources with compliance best practices, which Datadog supports tracking across all cloud workloads.