INSIDE BLACKBERRY BLOG

Cryptosmacking With BlackBerry Spark UES Suite and Intel TDT

At the most basic level, cryptomining is receiving digital currency in exchange for using processors to solve complex mathematical puzzles. Crypotojacking, or the use of unauthorized or stolen computing resources for cryptomining, is a subtle but serious threat to organizations worldwide. In 2018, machines infected with cryptomining malware surpassed ransomware as a top cyber threat.

Recently in Europe, multiple supercomputers in the U.K., Germany, Spain, and Switzerland were infected with cryptomining malware and were forced to shut down. While supercomputers and large processing centers make appealing targets for cryptojackers, many attackers prefer infecting business desktops, laptops, and mobile devices.

Businesses who prefer cloud computing will find no refuge, as cryptojackers have refined methods for creating cloud compute instances to run cryptomining code. In short, the threat from cryptojacking is increasingly becoming a significant issue for organizations, and effective solutions have been lacking – until now.

Symptoms and Effects of Cryptojacking

While cryptojacking is considerably less obtrusive than more aggressive cyber threats like ransomware, it is nonetheless of great concern to targeted organizations because it silently siphons resources and productivity and can operate undetected for long periods of time.

Threat actors have devised multiple ways to deliver crypotojacking malware to a wide variety of devices, which complicates detection and remediation efforts. Since cryptominers rely heavily upon processing power, the following symptoms may indicate a cryptojacking infection:

  • Unusually sluggish machine performance
  • Faster than usual battery depletion
  • High CPU or GPU utilization, especially during off hours
  • Inexplicable overheating
  • Outbound network traffic to cryptomining-related sites

Cryptojackers have a variety of negative impacts on an organization. They reduce the operational capacity of technology by stealing processing cycles to mine currency. The wear and tear inflicted on devices used for mining is likely to reduce their functional lifespan. Continuously running CPUs and GPUs at full power will cause hardware to overheat and likely result in permanent damage to the system. The additional power consumed by cryptomining activities will increase an organization’s utility costs.

Detecting cryptomining can be difficult, especially if only a few machines are infected. Machines mining cryptocurrency are often indistinguishable from those performing normal work operations without extensive analysis. This makes cryptojacking losses nearly invisible until they accrue to a large sum over time. Rather than taking an organization down in one bold stroke, cryptojacking bleeds them slowly, offering death by a thousand cuts.

“Cryptosmacking” with BlackBerry and Intel

To counter this threat, BlackBerry® and Intel® have teamed up to provide a robust defense against cryptojackers. BlackBerry has integrated the Intel® Threat Detection Technology (TDT) driver and machine learning model into BlackBerry® Optics. This advanced, AI-driven EDR solution is delivered through our innovative BlackBerry Spark® UES Suite, providing organizations with threat prevention and detection across every endpoint – fixed or mobile, inside or outside the network firewall, corporate managed or BYO.

Intel TDT is a set of security techniques adept at detecting cryptojacking malware. These techniques rely on hardware-supplied telemetry provided by Intel vPro CPUs. By monitoring performance counters, Intel TDT can detect processes that are likely mining cryptocurrencies. BlackBerry calls this process “cryptosmacking” as it effectively stops cryptojacking dead in its tracks. The Intel TDT is also capable of scanning system memory for memory-based attacks using only a fraction of the CPU required by other technologies.

This integration offers users a way to quickly detect cryptomining activity at the hardware level, without performing lengthy code analysis. It also provides security analysts the ability to create automated response actions for lightning-fast remediation.

BlackBerry Optics also provides remote response capabilities to streamline system information and actions by providing an interface for users to interactively execute scripts and run 'traditional' or 'native' commands to swiftly triage a system in near-real-time within the Console without navigating away to view returned data.

In addition to the superior EDR capabilities offered by BlackBerry Optics, the BlackBerry Spark UES Suite also includes:

  • BlackBerry® Protect: AI-driven threat prevention, combined with application and script control, memory protection, and device policy enforcement.
  • BlackBerry® Persona: AI-driven continuous authentication that dynamically adapts security policies based on user/entity location, device, and other factors.
  • BlackBerry® Protect for Mobile: AI-driven threat prevention, combined with application and script control, memory protection, and device policy enforcement for mobile devices.

Contact Us to Learn More

Cryptomining is a subtle and parasitic threat that has been quietly siphoning the resources of organizations for years. Today, BlackBerry and Intel are united in producing an AI-driven solution that will reliably detect this threat and shut it down.

BlackBerry delivers a Zero Trust architecture to provide over-the-horizon visibility and a predictive advantage against emerging threats, allowing teams to focus attention on initiatives that move an organization’s mission forward.

The BlackBerry legacy of innovation in delivering secure communications drives an intelligent security approach engineered to keep pace with modern IT environments that evolve with each new user, device, application, and advancing technology.

For more information on how you can protect your enterprise from cryptojackers, contact us.

Nigel Thompson

About Nigel Thompson

VP Product Marketing at BlackBerry