Cryptojacking, or malicious ‘crypto mining’ as it is more commonly known, is the unauthorized use of someone else’s computer to mine cryptocurrency. Once considered a benign activity performed by young crypto enthusiasts, it is now a huge cause for concern for the entire crypto industry as the value of the major cryptocurrencies is on the higher end of the spectrum. Crypto mining is the new way attackers are hacking computers and utilizing the opportunity to mine cryptocurrencies at someone else’s expense. Attackers are now trying cryptojacking to deploy coin miners for malware campaigns to hit big enterprise servers, putting the big organizations at high risks. According to a recent report published, crypto mining attacks have increased drastically by 53% in the last quarter of 2020.
To address this issue, Microsoft has partnered with Intel to end these CPU-draining crypto mining malware by integrating the Threat Detection Technology (TDT) of Intel with Microsoft Defender for Endpoint. Microsoft Defender is a cloud-based security service solution formerly known as the “Microsoft Defender Advanced Threat Protection.”
With this new partnership, Microsoft Defender for Endpoint can spot crypto-mining malware and block the malware miners using data from Intel CPUs. The new malware blocking feature uses silicon-based threat detection technology to detect the endpoint and EDR (response) capabilities in Microsoft Defender for Endpoint. It targets that malware operating at the CPU level, below the OS (operating system) where traditional antivirus works. This ensures better detection of the cryptocurrency mining malware, even in case of obfuscated malware trying to evade security tools.
Intel TDT can detect anomalous activities by harnessing CPU telemetry and hardware. A powerful combination of CPU telemetry and machine learning (ML) heuristics helps the technology to detect any malware behavior. As soon as Intel TDT detects a threat, it sends a high-fidelity signal triggering the remediation workflow of EDR solutions for protecting the infected computer, thereby preventing any lateral movements across the enterprise. Microsoft’s endpoint solution seamlessly incorporates both the telemetry and ML heuristics so that multiple concurrent detectors can run parallelly. The TDT on the Windows system works with machines with Intel Core 6th Gen and the Intel vPro installed in them to enhance their threat detection capabilities. Intel TDT memory scanning was first available with Intel Core 6th Gen and Intel vPro platforms. Later, the Intel TDT cryptojacking and ransomware detection tool was introduced with Intel Core 10th gen and Intel vPro platforms.
Thus, Intel TDT’s collaboration with Microsoft has made cryptojacking a thing of the past. Customers choosing Intel vPro along with the Intel Hardware Shield can now seamlessly detect threats without any need for IT configuration.