Cryptocurrencies are dominating the headlines once again for various reasons, including retailers offering support for payment methods based on the technology. This increase in public interest in cryptocurrency also opens a new avenue, namely cryptojacking, for malicious actors. Today, Microsoft and Intel have jointly announced new capabilities in Microsoft Defender to detect cryptomining using the latter's Threat Detection Technology (TDT).
For those unaware, cryptojacking is a malicious practice in which attackers install malware on host devices, which then either uses the computer's resources to mine for cryptocurrencies - resulting in a performance hit - or steals cryptocurrency wallets. In some cases, this malware also acts as a worm and spreads to other endpoints on the network.
To tackle this problem, Microsoft Defender for Endpoint will now utilize Intel's TDT and CPU-based machine learning algorithms to detect cryptojacking. The solution makes use of CPU telemetry and machine learning heuristics to identify anomalous activity. Once it detects potentially malicious behavior, it sends a signal to endpoint detection and response (EDR) mechanisms, which in turn trigger remediation workflows to protect the infected PC and other devices on the network.
Karthik Selvaraj, principal security research manager at Microsoft, had the following to say about the partnership with Intel:
This partnership is one example of our ongoing investment and deep collaboration with technology partners across the industry. We work closely with chipmakers to explore and adopt new hardware-based defenses that deliver robust and resilient protection against cyberthreats. As organizations look to simplify their security investments, built-in platform-based security technologies, such as the integration of Intel TDT with Microsoft Defender for Endpoint, combine best of breed in a streamlined solution.
Intel has noted that TDT does not require customers to take a performance hit on their machines as the technology can delegate performance-intensive security workloads to the integrated graphics controller to reduce the impact to performance on the machine.