Intel and Microsoft: together against hidden mining

Hidden mining, also known as cryptojacking, is a malicious practice that involves the secret use of unsuspecting users’ computer resources to mine cryptocurrencies. This can lead to performance degradation, increased power consumption, overheating and even hardware damage. According to a Kaspersky report, stealth mining attacks increased by 400% in 2018, affecting millions of devices worldwide. (Microsoft)

To combat this threat, Intel and Microsoft have joined forces to develop a new solution that leverages Intel’s hardware-based security features and Microsoft’s software-based detection capabilities. The solution, called Intel Threat Detection Technology (Intel TDT), is designed to enhance the existing Windows Defender Advanced Threat Protection (Windows Defender ATP) service and provide a more robust and efficient way to detect and block hidden mining activities.

Intel DTT uses two main components: Accelerated Memory Scanning (AMS) and Advanced Platform Telemetry (APT). AMS enables Windows Defender ATP to scan system memory for malware signatures using Intel’s integrated graphics processor, rather than the main CPU. This reduces the impact on performance and power consumption, while increasing scanning speed and coverage. APT leverages Intel’s platform-level telemetry data to provide behavioral analysis and anomaly detection for hidden mining and other advanced threats. APT also helps reduce false positives and improve the accuracy of threat identification.

By combining Intel DTT with Windows Defender ATP, Intel and Microsoft aim to provide a comprehensive and proactive security solution that can protect users from stealth mining and other sophisticated attacks. The solution is expected to be available for Windows 10 devices with Intel processors later this year.

Cryptojacking: how Microsoft and Intel want to protect your PC from unwanted mining

Mining cryptocurrencies is a legitimate way to earn additional income with your computer. However, there is a growing threat of malicious software that hijacks your PC and uses it to mine without your consent. This practice, known as cryptojacking, can slow down your system, increase your electricity bill and expose you to security risks. To combat this problem, Microsoft and Intel have partnered to offer a new solution that leverages the power of Windows 10 and Intel processors.

The solution consists of two components: Microsoft Defender, the antivirus software integrated into Windows 10, and Intel Threat Detection Technology (TDT), a feature that uses the integrated graphics unit (iGPU) in Intel processors with vPro to analyze telemetry data with machine learning. In this way, the solution can detect hidden mining programs that attempt to evade traditional detection methods. When cryptojacking is detected, the solution notifies the operating system, which then instructs Microsoft Defender to quarantine or terminate the malicious process.

This solution is available for Intel processors from the Skylake generation, but only works with laptops with 10th generation (Ice Lake) or later core processors. The DTT feature is also unique to 10th generation or later. Older processors cannot be upgraded to support this feature. In addition, the solution is only compatible with the enterprise version of Microsoft Defender (Microsoft Defender for Endpoint). Users running Windows 10 Home will not be able to enable this protection and will have to resort to other methods to prevent cryptojacking, such as monitoring CPU usage in Task Manager.