The fervor of cryptocoin mining has consumed a large part of the semiconductor industry of late. The demands for high performance silicon to mine these virtual assets with value is one factor in a global shortage of available parts for computers, automobiles, defense, research, and other industries. One consistent element to cryptocoin mining over the last decade is the prevalence of hijacked machines and devices through malware, commonly known as botnets. Previously these armies of machines were co-opted to perform bandwidth attacks against various targets, but they have also been used for their compute resources – mining coins that have value for those that control the botnet. This week Intel and Microsoft are announcing an additional layer of protection against these sorts of attacks.

Commercial machines running Microsoft Windows, and managed through Microsoft Defender for Endpoint, can now be protected against CPU cryptocoin mining through an AI-backed protection mechanism. The security layer requires an Intel processor with Intel’s Hardware Shield (a vPro technology) and Threat Detection Technology enabled, which was introduced in 2018, and uses a combination of tools (such as CPU and GPU) to analyze the code being processed at a low level.

By performing consistent heuristic analysis through the CPU performance monitoring unit at a low level, the system can detect if it is mining without the owner’s consent. This can be detected either through a compromised hypervisor, virtual machine, or in the OS directly hidden as a separate process. If a threat is detected, an Endpoint detection and response solution is implemented to neutralize the mining utility, or quarantine it, and prevent the code from spreading across a network or fleet of managed systems.

Intel lists that over a billion CPUs can enable its Threat Detection Technology, from its 6th Generation processors onwards – Microsoft also highlights that Defender for Endpoint with TDT is supported on these systems. However both companies hide the fact in a footnote that the specific Cryptomining detection implementation is only possible on 10th Generation and newer platforms. It is also worth noting that this requires Intel’s Hardware Shield, which means vPro is also a requirement. So while there are a potential billion CPUs with some level of TDT in the market, this particular solution is only applicable to Windows based vPro machines managed at a corporate level. Still important, but not as big as the one billion number that Intel is promoting. Intel doesn’t list TDT as a feature on its main processor archive, ark.intel.com, either. It should also be noted that Intel TDT with memory scanning does consume integrated graphics resources to monitor the system – while this provides more power for CPU tasks, it undoubtedly raises the power consumption of systems when idle, which for mobile systems will reduce battery life. This is an ultimate tradeoff for security vs battery life.

Microsoft highlights that the ML-based technology used as part of TDT and Endpoint for Defender is a relative tip of the iceberg, providing a vehicle for more comprehensive protection against ransomware or side-channel attacks in future. These require pre-trained ML algorithms which Microsoft is currently working on and will roll-out as part of its Endpoint for Defender solution.

Despite the fact that low-end CPU cryptomining is not worth the effort for casual users, for those that control botnets of thousands of machines, it ends up earning them a few extra bucks using electricity they are not paying for, even in small IoT deployments such as security cameras. However there is a new class of cryptocurrency mining which is less compute reliant, and instead is storage based – the current system implemented by Intel and Microsoft seems to be focused on the current compute based cryptomining offerings. It will be interesting to hear if the new ML-based algorithms can also detect the newer coin types.

Related Reading

POST A COMMENT

17 Comments

View All Comments

  • Spunjji - Tuesday, April 27, 2021 - link

    Standard Intel caveats apply, then. We have this feature, but the most meaningful part only applies to the most recent subset of our products, and only for people who paid for this artificially segmented version of it 🤦‍♂️ Reply
  • WaltC - Tuesday, April 27, 2021 - link

    Yes, more Intel marketing shenanigans. Oh joy. Reply
  • ballsystemlord - Tuesday, April 27, 2021 - link

    MS is creating the machine learning algorithms. Why do they get this level of power?
    Why not develop the ML dataset at Intel or through opensource channels?
    The only answer I can think of is that MS wants to detect and block more than just crypto-miners.
    Reply
  • flyingpants265 - Tuesday, April 27, 2021 - link

    Better yet, why not ask: Why the hell do people keep using Microsoft Windows for 30 plus years? Why not just.. build an alternative?

    The obvious answer is: They can't, because they suck.

    I have been advocating for a "free Linux alternative to Windows" since 2003. FSF has done it since.. 1983?! Today, Linux has... 1% consumer market share. People are still using Microsoft Windows. Nobody ever created a real alternative. Why? Because they suck.

    If you'd like my specific outline on how to build a proper, free, open-source alternative to Windows, I'll post it, but the fact is that people just don't want to hear it. They want to keep doing what they're doing, they enjoy various forms of slavery and ignorance. The Linux developers especially don't want to hear it, because they have a personal bias towards the Asperger's syndrome OS that nobody uses worldwide.
    Reply
  • luisxao - Tuesday, April 27, 2021 - link

    Greetings, please i would like to read your opinion about a real alternative to windows in the medium and long term, it's like your mentioned everybody wants to keep use the same OS and not care about a real solution, thanks Reply
  • Operandi - Tuesday, April 27, 2021 - link

    No, no please do not encourage more posts likening an entire OS user base to cultural immoralities such as "slavery" and intellectual deficiencies such as "ignorance". Reply
  • ripbeefbone - Thursday, April 29, 2021 - link

    "they suck"
    wow thank you for imparting this moody 14 year old's genius insight.
    Reply
  • charlesg - Tuesday, April 27, 2021 - link

    I'm a bit uneasy about this as well.
    I don't trust Microsoft, and certainly not their "AI" monitoring my computer.
    Sooner or later I'm going to have to find a way to be productive without Windows.
    Reply
  • sonny73n - Wednesday, April 28, 2021 - link

    I'm with you. Reply
  • Operandi - Tuesday, April 27, 2021 - link

    Can this be turned off? Hopefully its not significant but it just sounds like my system level overhead that the enthusiast doesn't need running on their system.

    Also any chance of false positives with work loads from WCG or Folding@home? That would be supremely uncool.
    Reply

Log in

Don't have an account? Sign up now