The ability to protect devices from script jacking that uses third-party devices to mine crypto assets by Microsoft and Intel on April 26, 2021 (local time) for Microsoft Defender for Endpoint, an enterprise security platform. Announced that it has incorporated.
In recent years, due to the rise in the price of virtual currency including bitcoin, malicious codes that execute script jacking that use third-party devices to mine virtual currency are increasing rapidly. Malicious code that executes scriptjacking is becoming increasingly difficult to elaborate searches to avoid typical anti-malware measures.
Therefore, Microsoft and Intel worked together to develop a function using CPU-based threat detection that protects the device by detecting signs of script jacking even if the malicious code is obfuscated. The new functionality is based on Intel Threat Detection Technology (TDT), an Intel silicon-level set of threat detection features, and is integrated into Microsoft Defender for Endpoints, an enterprise security platform.
In recent years, with the rise of virtual currency, script jacking is increasing rapidly, and a survey found that in the fourth quarter of 2020, script jacking increased by 53% compared to the third quarter. Since script jacking brings the resources necessary for virtual currency mining without permission, problems such as slowing down the device speed occur.
The scriptjacking malware attempts to circumvent typical security software by shielding the virtual machine or embarrassing Biner. When the user device installs the script jacking malware, virtual currency mining is performed on the body or virtual machine. Telemetry data on instruction performance and the like processed by the CPU are recorded by the CPU performance monitoring device PMU.
TDT, Intel’s threat detection technology, detects peculiar signs when malicious code is executed with minimal processing by applying machine learning to the data sent by the PMU. CPU-based monitoring is a structure that can detect script jacking regardless of security software measures such as obfuscation of malicious codes and use of virtual machines.
Microsoft Defender for endpoints with integrated TDT shut down software and processes executing script jacking in seconds, preventing wasted device computing power. The new features will be available to users using Intel Core processors and Intel VPro platforms after the 6th generation. Microsoft said the partnership is an example of continued investment in OEM and technology partner collaboration. It is revealed that it is doing. Related information can be found here.