It is advisable to configure Billing Alarms to identify potential attacks related to bitcoin mining or botnet instance deployments, and other unusual activity in your account. The alarm should not be about the billing of security services only, but mainly from the computer services such as EC2, ECS, EKS, Lambda, or on the total invoice.
Alarms should reach an actively monitored email account (distribution list with 2+ recipients), SMS or instant messaging.
You can also use AWS Cost Anomaly Detection to detect anomalies using Machine Learning without the need to establish thresholds, configuring alerts and making root cause analysis about costs.
https://aws.amazon.com/sns/pricing
https://aws.amazon.com/cloudwatch/pricing
AWS Cost Anomaly Detection is a free service.