Intel, Microsoft team against cryptojacking

Business news | April 28, 2021

By Rich Pell

Authentication & Encryption Artificial Intelligence Digital Signal Processing Power Management MPUs/MCUs IoT Data Acquisition Software & Embedded tools Test and Measurement

Malicious cryptomining – or cryptojacking – where cybercriminals install malware into business and personal computers, laptops, and mobile devices to “hijack” a computer’s power and resources to mine for cryptocurrencies or steal cryptocurrency wallets can slow computers dramatically and keep them from operating normally. Some cryptojacking scripts have worming capabilities that allow them to infect other devices and servers on a network.

By leveraging Intel Threat Detection Technology, Microsoft Defender for Endpoint gains full stack visibility to detect advanced threats, such as cryptojacking, and can remediate the attacks before a user’s PC is affected. This move, say the companies, further accelerates endpoint detection and response for millions of customers without compromising experience.

“This is a true inflection point for the security industry as well as our SMB, mid-market and enterprise customers that have rapidly adopted Windows 10 with built-in endpoint protections,” says Michael Nordquist, senior director of Strategic Planning and Architecture in the Business Client Group at Intel. “Customers who choose Intel vPro with the exclusive Intel Hardware Shield now gain full-stack visibility to detect threats out of the box with no need for IT configuration. The scale of this CPU-based threat detection rollout across customer systems is unmatched and helps close gaps in corporate defenses.”

Intel TDT, part of Intel Hardware Shield’s suite of advanced capabilities on Intel vPro and also available on Intel Core platforms, equips endpoint detection and response (EDR) solutions with CPU heuristics for advanced memory scanning, cryptojacking, and ransomware detection. With nearly a billion Intel TDT-capable PCs in the market, says the company, these are the only CPU-based malware behavior-monitoring capabilities in market that go beyond signature and file-based techniques.

Intel TDT helps endpoint security solutions harness CPU telemetry and hardware acceleration to help identify threats and detect anomalous activity. It uses a combination of CPU telemetry and machine learning (ML) heuristics to detect specific behavior.

The CPU performance monitoring unit (PMU) sits below the applications, operating system and virtualized layers to provide a greater view into active threats across the stack. Intel TDT bolsters EDR solutions and improves visibility where it has historically been a challenge, says the company, including the increasing trend of malware attempts to cloak itself in a virtual machine.

Karthik Selvaraj, principal security research manager at Microsof says, “This partnership is one example of our ongoing investment and deep collaboration with technology partners across the industry. We work closely with chipmakers to explore and adopt new hardware-based defenses that deliver robust and resilient protection against cyberthreats. As organizations look to simplify their security investments, built-in platform-based security technologies, such as the integration of Intel TDT with Microsoft Defender for Endpoint, combine best of breed in a streamlined solution.”

As threats are detected, Intel TDT sends a high-fidelity signal that triggers remediation workflows of EDR solutions to help protect the infected PC and prevent lateral movement across the corporate fleet. The telemetry and ML heuristics are seamlessly incorporated as part of the endpoint solution and multiple concurrent detectors can run in parallel.

This advanced threat detection, say the companies, doesn’t create a performance hit requiring IT leaders to make a trade-off between better security or a good user experience. Intel TDT can offload performance-intensive security workloads to the integrated graphics controller and return performance back to the CPU, allowing for increased scanning and reduced impacts to the computing experience.

The threat detection capabilities are native to Intel Core and vPro platforms and operate seamlessly with EDR solutions without the need for installation or deployment IT configuration. When combined with remote monitoring and maintenance, rigorous cybersecurity defenses of Intel Hardware Shield, and no-contact deployment of the 11th Gen Intel Core vPro mobile processor, say the companies, customers are assured they have the world’s most comprehensive hardware-based security for business.

Intel
Microsoft