Approx. read time: 2.5 min.
Post: New detection method identifies cryptomining and other fileless malware attacks
New detection method identifies cryptomining and other fileless malware attacks. SentinelOne and Intel announced a new method to detect cryptomining and cryptojacking attacks using hardware-based detection technology.
Cryptomining and cryptojacking attacks have been on the rise since 2018, largely supplanting ransomware as the attack method of choice for malicious actors. The potential income from a pool of devices mining for cryptocurrency is higher than that from ransomware. This increased popularity coincides with improved obfuscation methods used by criminals to avoid detection.
New detection method identifies cryptomining and other fileless malware attacks. SentinelOne and Intel announced a new method for detecting these attacks on Wednesday. Using a combination of Intel’s silicon-level Threat Detection Technology (TDT) security technology and SentinelOne’s autonomous endpoint protection console. A joint press release touts the new memory-based attack detection method as:
“a 10x improvement in scanning time with no increase in CPU usage,”
This translates to a significant increase in detection rates.
At first glance, this may seem underwhelming. The tendency of cryptomining attacks to consume the resources of an entire CPU core, combined with the performance degradation for legitimate tasks this entails, makes manually identifying these attacks relatively simple. Viewing and stopping a mysterious, resource-consuming task in Windows Task Manager or Linux equivalents such as top is relatively trivial.
However, the level of obfuscation utilized by malicious actors makes this approach less than straightforward. Memory-based attacks—also known as fileless malware—make manual detection and traditional dictionary-based antimalware strategies less effective. “Malware, especially cryptominers, continually evolves to avoid detection, often hiding in memory or delivering malicious code directly into the memory of a system,” said Intel Security general manager Jim Gordon in a press release.
Intel TDT was first announced at the 2018 RSA security conference. Presently, TDT comprises two security products: Accelerated Memory Scanning, which uses the integrated graphics system to scan for malware in memory, and Advanced Platform Telemetry, which attempts to combine diagnostic information with machine learning to more reliably detect threats. TDT is available on 6th generation (Skylake) and newer processors.
Related Videos:
Related Posts:
Systematic approach to Problem Solving
Intel to buy Moovit for $1B to boost autonomous car division
Thousands of Android apps have been creating a permanent record of everything you do
1.8 Million Users Attacked by Android Banking Malware, 300% Increase Since 2017
Mastering SEO: From Keyword Research to Advanced Strategies and Beyond
Methods of teaching programming
Networking The Complete Reference, Third Edition
ATM hacking has gotten so easy, the malware’s a game
IoT devices pose a significant cybersecurity risk than most realize
Hacking Autonomous Vehicles: Is This Why We Don’t Have Self-Driving Cars Yet?
Alice Teaches OOP (Glossary of useful terms)
Introduction to JavaScript – Built-in Methods
Where automotive cyber security is headed
Protect Your Site from Malicious Requests
How To Build a Website With WordPress…Fast!
Cyberattacks on Canada have already begun
Related Posts
The Longevity Blueprint: AI-Powered Health Optimization
About the Author: Bernard Aybout (Virii8)
