Microsoft and Intel Enable AI-Backed Protection Against CPU Cryptocoin Miningby Dr. Ian Cutress on April 27, 2021 7:10 AM EST
The fervor of cryptocoin mining has consumed a large part of the semiconductor industry of late. The demands for high performance silicon to mine these virtual assets with value is one factor in a global shortage of available parts for computers, automobiles, defense, research, and other industries. One consistent element to cryptocoin mining over the last decade is the prevalence of hijacked machines and devices through malware, commonly known as botnets. Previously these armies of machines were co-opted to perform bandwidth attacks against various targets, but they have also been used for their compute resources – mining coins that have value for those that control the botnet. This week Intel and Microsoft are announcing an additional layer of protection against these sorts of attacks.
Commercial machines running Microsoft Windows, and managed through Microsoft Defender for Endpoint, can now be protected against CPU cryptocoin mining through an AI-backed protection mechanism. The security layer requires an Intel processor with Intel’s Hardware Shield (a vPro technology) and Threat Detection Technology enabled, which was introduced in 2018, and uses a combination of tools (such as CPU and GPU) to analyze the code being processed at a low level.
By performing consistent heuristic analysis through the CPU performance monitoring unit at a low level, the system can detect if it is mining without the owner’s consent. This can be detected either through a compromised hypervisor, virtual machine, or in the OS directly hidden as a separate process. If a threat is detected, an Endpoint detection and response solution is implemented to neutralize the mining utility, or quarantine it, and prevent the code from spreading across a network or fleet of managed systems.
Intel lists that over a billion CPUs can enable its Threat Detection Technology, from its 6th Generation processors onwards – Microsoft also highlights that Defender for Endpoint with TDT is supported on these systems. However both companies hide the fact in a footnote that the specific Cryptomining detection implementation is only possible on 10th Generation and newer platforms. It is also worth noting that this requires Intel’s Hardware Shield, which means vPro is also a requirement. So while there are a potential billion CPUs with some level of TDT in the market, this particular solution is only applicable to Windows based vPro machines managed at a corporate level. Still important, but not as big as the one billion number that Intel is promoting. Intel doesn’t list TDT as a feature on its main processor archive, ark.intel.com, either. It should also be noted that Intel TDT with memory scanning does consume integrated graphics resources to monitor the system – while this provides more power for CPU tasks, it undoubtedly raises the power consumption of systems when idle, which for mobile systems will reduce battery life. This is an ultimate tradeoff for security vs battery life.
Microsoft highlights that the ML-based technology used as part of TDT and Endpoint for Defender is a relative tip of the iceberg, providing a vehicle for more comprehensive protection against ransomware or side-channel attacks in future. These require pre-trained ML algorithms which Microsoft is currently working on and will roll-out as part of its Endpoint for Defender solution.
Despite the fact that low-end CPU cryptomining is not worth the effort for casual users, for those that control botnets of thousands of machines, it ends up earning them a few extra bucks using electricity they are not paying for, even in small IoT deployments such as security cameras. However there is a new class of cryptocurrency mining which is less compute reliant, and instead is storage based – the current system implemented by Intel and Microsoft seems to be focused on the current compute based cryptomining offerings. It will be interesting to hear if the new ML-based algorithms can also detect the newer coin types.
- Intel Launches 11th Gen vPro For Tiger Lake Mobile CPUs, Adds CET Security Tech
- “Microsoft Pluton Hardware Security Coming to Our CPUs”: AMD, Intel, Qualcomm
- AMD Issues Updated Speculative Spectre Security Status: Predictive Store Forwarding
- Hot Chips 31 Live Blogs: Intel/Tsinghua Xeon Jintide Security CPU
- BlackBerry Acquires Cylance, Gets AI & ML Security Technology
- Intel Announces Chip-Level Security Initiatives, iGPU-Based Malware Scanning
Post Your CommentPlease log in or sign up to comment.
View All Comments
Spunjji - Tuesday, April 27, 2021 - linkStandard Intel caveats apply, then. We have this feature, but the most meaningful part only applies to the most recent subset of our products, and only for people who paid for this artificially segmented version of it 🤦♂️
WaltC - Tuesday, April 27, 2021 - linkYes, more Intel marketing shenanigans. Oh joy.
ballsystemlord - Tuesday, April 27, 2021 - linkMS is creating the machine learning algorithms. Why do they get this level of power?
Why not develop the ML dataset at Intel or through opensource channels?
The only answer I can think of is that MS wants to detect and block more than just crypto-miners.
flyingpants265 - Tuesday, April 27, 2021 - linkBetter yet, why not ask: Why the hell do people keep using Microsoft Windows for 30 plus years? Why not just.. build an alternative?
The obvious answer is: They can't, because they suck.
I have been advocating for a "free Linux alternative to Windows" since 2003. FSF has done it since.. 1983?! Today, Linux has... 1% consumer market share. People are still using Microsoft Windows. Nobody ever created a real alternative. Why? Because they suck.
If you'd like my specific outline on how to build a proper, free, open-source alternative to Windows, I'll post it, but the fact is that people just don't want to hear it. They want to keep doing what they're doing, they enjoy various forms of slavery and ignorance. The Linux developers especially don't want to hear it, because they have a personal bias towards the Asperger's syndrome OS that nobody uses worldwide.
luisxao - Tuesday, April 27, 2021 - linkGreetings, please i would like to read your opinion about a real alternative to windows in the medium and long term, it's like your mentioned everybody wants to keep use the same OS and not care about a real solution, thanks
Operandi - Tuesday, April 27, 2021 - linkNo, no please do not encourage more posts likening an entire OS user base to cultural immoralities such as "slavery" and intellectual deficiencies such as "ignorance".
ripbeefbone - Thursday, April 29, 2021 - link"they suck"
wow thank you for imparting this moody 14 year old's genius insight.
Oxford Guy - Sunday, May 9, 2021 - linkWindows 10 is the worst version of Windows.
It has pioneered more than incredible UI abominations like 'Let's shut down the computer for our updates while you're working!' There is the incredible ever-changing UI — like the way grocery stores now constantly change the location of items, the force-feeding of Internet accounts, the revoltingly patronizing force-fed start-up configuration moded-me-in experience, and on and on.
People choose to use Windows 10, not because it's a superior operating system, but for other reasons. However, that said... Linux is hilariously inept in the user experience department after so much time.
The only company that gets UI reasonably right is Apple and its history with OS X/macOS is a disaster by my standards. That said, Apple has done operating system UI better than the competition since the Lisa, at least. The same can't be said for many of its software programs, though.
What people need is a steering wheel that doesn't change color, shape, and behavior every few months because someone decided it's their turn at the wheel. It would be one thing if the changes were improvements but, far far too often, they're downgrades — with no way to regain the prior look/feel/functionality. One example with Windows 10, of so many, is the new 'white on slightly/barely darker whitish grey' highlighting.
The mice in their wheels, though, have demonstrated a rather extreme level of docility. They even applaud when things are changed in a spurious manner. The pundits among them will use Orwellian nonsense like 'fresh' to describe these regressions.
Oxford Guy - Sunday, May 9, 2021 - link'What people need is a steering wheel that doesn't change color, shape, and behavior every few months because someone decided it's their turn at the wheel.'
And, that goes for Apple is far far too many examples, too. One of those is the way the company reversed the direction of scrolling, claimed it's now the 'natural' way to scroll, and made that the default rather than a new, user-initiated, option. That sort of extreme heavy-handedness is, unfortunately, the norm for these companies.
charlesg - Tuesday, April 27, 2021 - linkI'm a bit uneasy about this as well.
I don't trust Microsoft, and certainly not their "AI" monitoring my computer.
Sooner or later I'm going to have to find a way to be productive without Windows.