Windows ramps defenses against cryptojacking - what's that?
Microsoft released a note this week about how they've been working on defending against cryptojacking for your computer. Cryptojacking is a term describing a malicious attacker, a hacker, using your computer to mine cryptocurrency. Your computer's processing power – and potentially your internet data, if you're not on an "unlimited" plan – for their own profit, without your knowledge. This is bad, and Microsoft working to defend Windows against cryptojacking is good.
What is cryptojacking?
Even if you've never heard of cryptocurrency before, you've likely heard of Bitcoin. Bitcoin is one of a wide variety of cryptocurrencies in the world today. One way in which Bitcoin and other cryptocurrencies derive value is through cryptocurrency mining.
Cryptocurrency mining is effectively using your computer's processing power to do work, earning (or generating) cryptocoins for the effort. If we're being very, very general about the work your computer is doing, we could say that your computer is helping other computers to move cryptocurrency from one place to another.
The process is complicated by design, so that the movement of said cryptocurrency is secure. The complicated nature of the process also allows each individual worker to earn cryptocurrency – thus creating a process that can be profitable to the owner of the computer.
Why hackers cryptojack
Part of the reason a hacker might use cryptojacking is that it can be simple and relatively undetectable. When the first cryptojacking individual figured out the process, there was no effective defense against said process. They could set to work all the computers they wanted, and nobody was the wiser.
A hacker might also use cryptojacking to bypass the cost/benefit unbalance with some of the more popular cryptocurrencies. For example some cryptocurrencies require so much proccesing power to mine that the reward is less valuable than the cost to run the computer doing the processing. If a cryptojacker can set YOUR computer to do that mining, they have no cost and all profit.
What can I do?
You can do the usual – avoid downloading things from places you don't trust, don't open suspicious emails, don't click links in chat apps from people you don't know, and so forth. This week's news is that Microsoft Defender for Endpoint gained access to Intel Threat Detection Technology (TDT). So if you're looking for that sort of security, Microsoft Security is now rolling toward making defense against cryptojacking a reality for the masses.
For this update you'll need to sign up for Microsoft Defender for Endpoint. That's not everyone's piece of pie. But still – it's good to know defenses are mounting as cryptojacking moves from what Karthik Selvaraj, Principal Research Manager, Microsoft 365 Defender Research Team, describes as "once considered no more than a nuisance, a relatively benign activity that was a drain on machine resources," to a significant, serious force.