Blocking Cryptojacking By Default in Windows 10
Cryptojacking is remote exploitation of target systems’ resources for mining cryptocurrencies and is beneficial for the threat actor performing it. Since cryptojacking is a resource-intensive process, it requires the miner to put a significant amount of computational power to make profits. As this isn’t feasible for an individual, he (threat actor) often infects several machines (including home/work PCs and severs) to draw their combined power. Installing a miner that mints cryptocurrencies for the threat actor from victims’ resources is growing; hence, Intel came up with a new Threat Detection Technology solution (TDT). As Intel said, this CPU-based TDT can detect malicious activities like cryptojacking, ransomware, or side-channel attacks on a system, by collecting and analyzing (with machine learning) the telemetry data from the CPU. Microsoft leveraged this technology to detect and block malicious processes running in its Windows 10 machines. As they announced, the Microsoft Defender for Endpoint (enterprise version) will use Intel’s CPU-based Threat Detection Technology to point and block the cryptojacking operations on a system. This tech in the future will be used for detecting other malware operations too and be effective in countering them even if any obfuscation methods are used. This tech will be available in all Intel CPUs of Core and vPro models, running on 6th generation and above. Finally, Intel assured that scanning for suspicious operations won’t affect the performance and user experience but will use the integrated graphics for resource-intensive works and communicate with the CPU for actions.