{"id":40609,"date":"2021-04-26T15:00:43","date_gmt":"2021-04-26T15:00:43","guid":{"rendered":"https:\/\/www.microsoft.com\/security\/blog\/?p=93369"},"modified":"2021-04-26T15:00:43","modified_gmt":"2021-04-26T15:00:43","slug":"defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt\/","title":{"rendered":"Defending against cryptojacking with Microsoft Defender for Endpoint and Intel TDT"},"content":{"rendered":"<p>Cryptocurrency mining\u2014once considered no more than a nuisance, a relatively benign activity that was a drain on machine resources\u2014has been on the rise in recent years. This increase in cryptocurrency mining activity is driven by the increasing value of cryptocurrencies like Bitcoin, the growth in popularity of different kinds of cryptocurrency (Ethereum, Litecoin, and Dogecoin), and the volatility in these markets. As cryptocurrency prices rise, many opportunistic attackers now prefer to use <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2018\/03\/13\/invisible-resource-thieves-the-increasing-threat-of-cryptocurrency-miners\/\" target=\"_blank\" rel=\"noopener noreferrer\">cryptojacking over ransomware<\/a>. The risks for organizations have increased, as attackers deploy <a href=\"https:\/\/docs.microsoft.com\/en-us\/windows\/security\/threat-protection\/intelligence\/coinminer-malware\" target=\"_blank\" rel=\"noopener noreferrer\">coin miners<\/a> as a payload for malware campaigns. According to <a href=\"https:\/\/www.avira.com\/en\/press\/coinminers-target-vulnerable-users-as-bitcoin-hits-all-time-high\" target=\"_blank\" rel=\"noopener noreferrer\">recent research from Avira Protection Labs<\/a>, there was a 53 percent increase in coin miner malware attacks in Q4 2020 compared to Q3 2020.<\/p>\n<p>In addition, with malware evolving over the years to evade typical anti-malware defenses, detecting coin miners has become increasingly more challenging.<\/p>\n<p>This rising threat is why Microsoft and Intel have been partnering to deliver technology that uses silicon-based threat detection to enable endpoint detection and response (EDR) capabilities in Microsoft Defender for Endpoint to better detect cryptocurrency mining malware, even when the malware is obfuscated and tries to evade security tools.<\/p>\n<h2>Intel Threat Detection Technology in Microsoft Defender for Endpoint<\/h2>\n<p>Today, we are announcing the integration of <a href=\"https:\/\/www.intel.com\/content\/www\/us\/en\/architecture-and-technology\/threat-detection-technology-brief.html\" target=\"_blank\" rel=\"noopener noreferrer\">Intel Threat Detection Technology<\/a> (TDT) into Microsoft Defender for Endpoint, an addition that enhances the detection capability and protection against cryptojacking malware. This builds on our existing partnership and <a href=\"https:\/\/newsroom.intel.com\/editorials\/securing-digital-world-intel-announces-silicon-level-security-technologies-industry-adoption-rsa-2018\/#gs.za2ne0\" target=\"_blank\" rel=\"noopener noreferrer\">prior collaboration<\/a> to integrate Intel\u2019s Accelerated Memory Scanning with Defender.<\/p>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"alignnone wp-image-93372 size-full\" src=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2021\/04\/CoinMiner-Alert.png\" alt=\"Screenshot of a Microsoft Defender for Endpoint alert in the security center about a CoinMiner that was blocked.\" width=\"1101\" height=\"587\" srcset=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2021\/04\/CoinMiner-Alert.png 1101w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2021\/04\/CoinMiner-Alert-300x160.png 300w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2021\/04\/CoinMiner-Alert-1024x546.png 1024w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2021\/04\/CoinMiner-Alert-768x409.png 768w\" sizes=\"auto, (max-width: 1101px) 100vw, 1101px\"><\/p>\n<p><em>Figure 1: CoinMiner alert from Microsoft Defender for Endpoint.<\/em><\/p>\n<p>Intel TDT applies machine learning to low-level hardware telemetry sourced directly from the CPU performance monitoring unit (PMU) to detect the malware code execution \u201cfingerprint\u201d at runtime with minimal overhead. TDT leverages a rich set of performance profiling events available in Intel SoCs (system-on-a-chip) to monitor and detect malware at their final execution point (the CPU). This happens irrespective of obfuscation techniques, including when malware hides within virtualized guests, without needing intrusive techniques like code injection or performing complex hypervisor introspection. TDT can further offload machine learning inference to the integrated graphics processing unit (GPU), enabling continuous monitoring with negligible overhead. While we haven\u2019t seen any performance issues with the current deployments, we plan to enable the GPU offloading capabilities of Intel TDT in the near future.<\/p>\n<p>This technology is based on telemetry signals coming directly from the PMU, the unit that records low-level information about performance and microarchitectural execution characteristics of instructions processed by the CPU. Coin miners make heavy use of repeated mathematical operations and this activity is recorded by the PMU, which triggers a signal when a certain usage threshold is reached. The signal is processed by a layer of machine learning which can recognize the footprint generated by the specific activity of coin mining. Since the signal comes exclusively from the utilization of the CPU, caused by execution characteristics of malware, it is unaffected by common antimalware evasion techniques such as binary obfuscation or memory-only payloads.<\/p>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"alignnone wp-image-93373 size-full\" src=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2021\/04\/TDT-and-MD-Detect-and-Remediate-Malware.png\" alt=\"Architectural diagram showing the flow of how malware launches in the OS and cloaks as a lightweight VM, Intel monitors the CPU telemetry and the Intel TDT detects the OS and VM malware, at the end, Microsoft Defender for Endpoint remediates the malware.\" width=\"1432\" height=\"805\" srcset=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2021\/04\/TDT-and-MD-Detect-and-Remediate-Malware.png 1432w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2021\/04\/TDT-and-MD-Detect-and-Remediate-Malware-300x169.png 300w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2021\/04\/TDT-and-MD-Detect-and-Remediate-Malware-1024x576.png 1024w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2021\/04\/TDT-and-MD-Detect-and-Remediate-Malware-768x432.png 768w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2021\/04\/TDT-and-MD-Detect-and-Remediate-Malware-687x385.png 687w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2021\/04\/TDT-and-MD-Detect-and-Remediate-Malware-1083x609.png 1083w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2021\/04\/TDT-and-MD-Detect-and-Remediate-Malware-767x431.png 767w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2021\/04\/TDT-and-MD-Detect-and-Remediate-Malware-539x303.png 539w\" sizes=\"auto, (max-width: 1432px) 100vw, 1432px\"><\/p>\n<p><em>Figure 2: Diagram showing how Intel TDT and Microsoft Defender detect and remediate malware.<\/em><\/p>\n<p>Even though we have enabled this technology specifically for cryptocurrency mining, it expands the horizons for detecting more aggressive threats like side-channel attacks and ransomware. Intel TDT already has the capabilities for such scenarios, and machine learning can be trained to recognize these attack vectors.<\/p>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"alignnone wp-image-93374 size-full\" src=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2021\/04\/Malware-detection.png\" alt=\"Screenshot of a Windows desktop with a notification from Windows Security about a threat that was detected by Intel TDT and Microsoft Defender. \" width=\"1363\" height=\"870\" srcset=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2021\/04\/Malware-detection.png 1363w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2021\/04\/Malware-detection-300x191.png 300w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2021\/04\/Malware-detection-1024x654.png 1024w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2021\/04\/Malware-detection-768x490.png 768w\" sizes=\"auto, (max-width: 1363px) 100vw, 1363px\"><\/p>\n<p><em>Figure 3: Intel TDT and Microsoft Defender detect malware. The user is notified of a threat via a Windows Security notification.<\/em><\/p>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"alignnone wp-image-93375 size-full\" src=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2021\/04\/Malware-detection-2.png\" alt=\"Screenshot of the Windows Security protection history screen showing that a coinminer threat was blocked by Intel TDT and Microsoft Defender.\" width=\"1362\" height=\"864\" srcset=\"https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2021\/04\/Malware-detection-2.png 1362w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2021\/04\/Malware-detection-2-300x190.png 300w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2021\/04\/Malware-detection-2-1024x650.png 1024w, https:\/\/www.microsoft.com\/security\/blog\/wp-content\/uploads\/2021\/04\/Malware-detection-2-768x487.png 768w\" sizes=\"auto, (max-width: 1362px) 100vw, 1362px\"><\/p>\n<p><em>Figure 4: Windows security protection history showing CoinMiner threat blocked. Detected with Intel TDT and Microsoft Defender.<\/em><\/p>\n<p>This technology doesn\u2019t require any additional investments, IT configuration, or installation of agents. The Microsoft Defender for Endpoint and Intel TDT integrated solution works natively with Intel\u00ae Core\u2122 processors and the Intel vPro\u00ae<b> <\/b>platform, <a href=\"https:\/\/www.intel.com\/content\/www\/us\/en\/products\/docs\/processors\/core\/6th-gen-core-processor-family-overview.html?language=en_US&amp;wapkw=6th%20generation\" target=\"_blank\" rel=\"noopener noreferrer\">6th Generation<\/a> or later.<\/p>\n<p>Since the main signal used for this detection capability comes right from the hardware (the Intel CPU), it can detect coin miners running inside unprotected virtual machines and other containers. This <a href=\"https:\/\/aka.ms\/inteltdtvideo\" target=\"_blank\" rel=\"noopener noreferrer\">demo video<\/a> showcases how, in such a scenario, Microsoft Defender for Endpoint can stop the virtual machine itself or report virtual machine abuse, thus preventing the spread of an attack as well as saving resources. This is one step towards agentless malware detection, where the \u201cprotector\u201d can protect the asset from the \u201cattacker\u201d without having to be in the same OS.<\/p>\n<p>As we enable the technology on more and more supported platforms, we are getting valuable machine learning telemetry back, which informs and makes the existing models better and more effective.<\/p>\n<p>As organizations look to simplify their security investments, we\u2019re committed to our focus on built-in platform-based security technologies, delivering a best-of-breed and streamlined solution that empowers defenders to elevate their security and protect their organizations. This partnership is part of Microsoft\u2019s investment into collaborations with original equipment manufacturers (OEMs) and technology partners. We\u2019re working closely with chipmakers to always explore new possibilities for hardware-based defense hardening and deliver robust and resilient protection against cyber threats.<\/p>\n<h2>Learn more<\/h2>\n<p>For additional details, please read <a href=\"https:\/\/nam06.safelinks.protection.outlook.com\/?url=https%3A%2F%2Fwww.intel.com%2Fcontent%2Fwww%2Fus%2Fen%2Fnewsroom%2Fnews%2Fintel-microsoft-scale-threat-detection-cryptojacking.html&amp;data=04%7C01%7Cv-coujones%40microsoft.com%7C9e0ec6697f954e918dd008d906a2a7bb%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637548117936018236%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=PK0hCakqu8MJBN0t5ziQmYZtd%2FFnh0XupYf2NxGiXCM%3D&amp;reserved=0\" target=\"_blank\" rel=\"noopener noreferrer\">Intel\u2019s News Byte<\/a>.<\/p>\n<p>Microsoft Defender for Endpoint is an industry-leading, cloud-powered endpoint security solution offering vulnerability management, endpoint protection, endpoint detection and response, and mobile threat defense. With our solution, threats are no match. If you are not yet taking advantage of Microsoft\u2019s unrivaled threat optics and proven capabilities, <a href=\"https:\/\/www.microsoft.com\/en-us\/microsoft-365\/security\/endpoint-defender?rtc=1\" target=\"_blank\" rel=\"noopener noreferrer\">sign up for a free trial<\/a> of Microsoft Defender for Endpoint today.<\/p>\n<p>To learn more about Microsoft Security solutions <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\/solutions\" target=\"_blank\" rel=\"noopener noreferrer\">visit our website<\/a>.&nbsp;Bookmark the&nbsp;<a href=\"https:\/\/www.microsoft.com\/security\/blog\/\" target=\"_blank\" rel=\"noopener noreferrer\">Security blog<\/a>&nbsp;to keep up with our expert coverage on security matters. Also, follow us at&nbsp;<a href=\"https:\/\/twitter.com\/@MSFTSecurity\" target=\"_blank\" rel=\"noopener noreferrer\">@MSFTSecurity<\/a>&nbsp;for the latest news and updates on cybersecurity.<\/p>\n<p><strong><em>Amitrajit Banerjee, Andrea Lelli, Gowtham Animi Reddy, Karthik Selvaraj, Shweta Jha<\/em><\/strong><\/p>\n<p><em>Microsoft Defender for Endpoint Team<\/em><\/p>\n<p> READ MORE <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2021\/04\/26\/defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>With cryptocurrency mining on the rise, Microsoft and Intel have partnered to deliver threat detection technology to enable EDR capabilities in Microsoft Defender for Endpoint.<br \/>\nThe post Defending against cryptojacking with Microsoft Defender for Endpoint and Intel TDT appeared first on Microsoft Security. READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":40610,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[276],"tags":[347],"class_list":["post-40609","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-microsoft-secure","tag-cybersecurity"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Defending against cryptojacking with Microsoft Defender for Endpoint and Intel TDT 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Defending against cryptojacking with Microsoft Defender for Endpoint and Intel TDT 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-04-26T15:00:43+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/04\/defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1101\" \/>\n\t<meta property=\"og:image:height\" content=\"587\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Defending against cryptojacking with Microsoft Defender for Endpoint and Intel TDT\",\"datePublished\":\"2021-04-26T15:00:43+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt\/\"},\"wordCount\":968,\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/04\/defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt.png\",\"keywords\":[\"Cybersecurity\"],\"articleSection\":[\"Microsoft Secure\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt\/\",\"name\":\"Defending against cryptojacking with Microsoft Defender for Endpoint and Intel TDT 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/04\/defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt.png\",\"datePublished\":\"2021-04-26T15:00:43+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.threatshub.org\/blog\/defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt\/#primaryimage\",\"url\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/04\/defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt.png\",\"contentUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/04\/defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt.png\",\"width\":1101,\"height\":587},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.threatshub.org\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybersecurity\",\"item\":\"https:\/\/www.threatshub.org\/blog\/tag\/cybersecurity\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Defending against cryptojacking with Microsoft Defender for Endpoint and Intel TDT\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Defending against cryptojacking with Microsoft Defender for Endpoint and Intel TDT 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt\/","og_locale":"en_US","og_type":"article","og_title":"Defending against cryptojacking with Microsoft Defender for Endpoint and Intel TDT 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-04-26T15:00:43+00:00","og_image":[{"width":1101,"height":587,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/04\/defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt.png","type":"image\/png"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Defending against cryptojacking with Microsoft Defender for Endpoint and Intel TDT","datePublished":"2021-04-26T15:00:43+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt\/"},"wordCount":968,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/04\/defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt.png","keywords":["Cybersecurity"],"articleSection":["Microsoft Secure"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt\/","url":"https:\/\/www.threatshub.org\/blog\/defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt\/","name":"Defending against cryptojacking with Microsoft Defender for Endpoint and Intel TDT 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/04\/defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt.png","datePublished":"2021-04-26T15:00:43+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/04\/defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/04\/defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt.png","width":1101,"height":587},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Cybersecurity","item":"https:\/\/www.threatshub.org\/blog\/tag\/cybersecurity\/"},{"@type":"ListItem","position":3,"name":"Defending against cryptojacking with Microsoft Defender for Endpoint and Intel TDT"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/40609","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=40609"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/40609\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/40610"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=40609"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=40609"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=40609"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}