Microsoft Defender blocks crypto-jacking attempts

[German]Microsoft has added functionality to its Microsoft Defender for Endpoint to detect and eliminate attacks from crypto miners on protected systems. This uses Intel Threat Detection technology on Intel Core processors and the Intel vPro platform.


Advertising

Mining cryptocurrency (Bitcoins, Ethereum, Litecoin and Dogecoin & Co.) has now gone from being a nuisance to a problem. This is because mining algorithms take up machine resources. Moreover, it is the case that machines on which, without the knowledge and intervention of the owner/administrator, there appear to be vulnerabilities through which cyber criminals can install their minium software.

As cryptocurrency prices rise, many attackers now favor cryptojacking over ransomware. This increases the risks for enterprises as attackers use coin miners as payloads for malware campaigns. According to a recent study by Avira Protection Labs, there was a 53 percent increase in coin-miner malware attacks in the fourth quarter of 2020 compared to the third quarter of 2020.

On the other hand, detecting coin miners has become increasingly difficult lately as cyber criminals are getting better at disguising this software. That's why Microsoft and Intel partnered to provide chip-based miner detection. The goal was to enable endpoint detection and response (EDR) capabilities in Microsoft Defender for Endpoint to better detect cryptocurrency mining malware, even if the malware is obfuscated and attempts to evade security tools.

In this blog post, Microsoft has now unveiled the result in the form of Intel Threat Detection Technology (TDT) integration into Microsoft Defender for Endpoint. This is an addition that improves detection capabilities and protection against cryptojacking malware. Intel's TDT couples low-level hardware telemetry collected by the CPU's Performance Monitoring Unit (PMU) with machine learning to detect crypto miners at execution time.

This allows Microsoft Defender to block the malicious processes without having to use hypervisor introspection or code injection. This simply bypasses techniques such as code obfuscation measures used by malware creators to prevent detection of the malware.


Advertising

Microsoft also plans to use Intel TDT in the future to detect and stop other malware families and attack techniques such as ransomware and side-channel attacks. The new feature is available in Microsoft Defender for all systems using Intel Core processors and the 6th generation Intel vPro platform or higher. Details can be read in Microsoft's post Defending against cryptojacking with Microsoft Defender for Endpoint and Intel TDT. (via)


Advertising

This entry was posted in Security and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).