BlackBerry partners with Intel to detect cryptojacking malware

The partnership leverages Intel's CPU telemetry data to more easily detect abnormal system behavior that indicates illicit cryptocurrency mining.

bitcoin-circuit.jpg

Image: Getty Images/iStockphoto

BlackBerry has added a new feature to its endpoint detection and response (EDR) platform Optics: An Intel-powered cryptojacking malware detection system. The update to Optics specifically adds CPU telemetry from Intel Threat Detection Technology (TDT), a hardware-based security solution that Intel said is necessary because "software-only cyber solutions are no longer enough."

BlackBerry claims its cryptojacking EDR has "virtually no processor impact" on Windows 10 systems that Optics runs on, allowing "organizations [to] detect and mitigate cryptojacking with greater precision and consistent results across all types of workloads."

Cryptojacking is a form of malware that, once installed, quietly mines cryptocurrencies like Bitcoin using the resources of the infected machine. Cryptocurrency mining is resource intensive, so the more computing resources you have available the faster you can mine, thus the more cryptocurrency you can make. 

Coin mining malware can slow down infected machines, increase electricity costs, and damage hardware, so while it may not be out to steal data it can still be just as damaging. 

SEE: Security Awareness and Training policy (TechRepublic Premium)

Cryptomining malware has been out of the spotlight since last year, when TechRepublic reported that it was still a threat despite declining popularity. The March 2019 closure of Coinhive, a JavaScript-based cryptocurrency site that was a favorite tool of cryptojackers, caused a massive blow to the cryptojacking process, which exploded by 8,500% in 2017.

AT&T security researcher Chris Dorman told TechRepublic in 2109, "There are Coinhive alternatives so the threat hasn't disappeared." Coupled with enhanced methods of avoiding detection, there's no reason to assume 2020 will be the year that cryptojacking ends. 

Josh Lemos, BlackBerry's VP of research and intelligence, said with the diminishing effectiveness of ransomware and costs associated with mining cryptocurrency "cryptojacking becomes an attractive option for threat actors to generate revenue." Lemos said that BlackBerry's goal is to create a turnkey solution for organizations concerned about the threat of cryptojacking.

As mentioned above, the big feature to get excited about in the new BlackBerry Optics/Intel TDT partnership is its hardware-based security that operates below the OS to protect computers at the firmware level.

SEE: VPN: Picking a provider and troubleshooting tips (free PDF) (TechRepublic)

BlackBerry Optics is powered by machine learning that can adapt to evolving security situations, in BlackBerry's words, "without human intervention." 

Despite claims that cryptojacking is losing its appeal, Kaspersky Labs told the Straits Times that cryptojacking attacks against countries in southeast Asia increased by 300% in the first three months of 2020. 

It may not be making the news as much anymore, but cryptojacking is still just as dangerous as it was, and if your systems are vulnerable to that particular threat it's likely they're at risk for other malware that does more than just drive up electricity bills and overheat desktops.  

Also see