Cryptojacking Detectable in Microsoft Defender for Endpoints–Intel Technology Utilization

Microsoft has worked with Intel to add the ability to block crypto-jacking malware using Intel’s Threat Detection Technology (TDT) to Microsoft Defender for Endpoints (formerly known as Microsoft Defender Advanced Threat Protection). Cryptojacking is the act of cybercriminals mining virtual currencies (cryptographic assets) without permission using other people’s computing resources by exploiting problems such as vulnerabilities recently discovered in “Microsoft Exchange Server”. It is. Soaring prices of cryptocurrencies such as Bitcoin, Monero, Ethereum and Dogecoin are also major motivations for cryptojacking cybercriminals to attack powerful corporate servers. The new security feature, which combines Microsoft and Intel technologies, targets malware that runs at the CPU level, below the OS level at which traditional antivirus software runs. This new feature was developed in partnership with the two companies to address the rise of memory-resident malware. In a blog post by Microsoft, “Intel TDT applies machine learning to low-level hardware telemetry obtained directly from the CPU’s Performance Monitoring Unit (PMU) to execute malware code with minimal overhead at runtime. It detects a “fingerprint” that indicates that it is doing. TDT uses the rich performance profiling events provided by Intel’s SoC (system on chip) to monitor malware at the final execution point (CPU). And detect. ” This feature is available on machines with Intel’s 6th generation Core processors. The feature of this mechanism is that even malware hidden in the virtualized guest OS can be monitored. Microsoft says it will also improve its ability to detect side-channel attacks and ransomware.