T1113 Screen Capture Mappings

Intel Threat Detection Technology (TDT), combined with CrowdStrike Falcon Accelerated Memory Scanning (CAMS), enhances cybersecurity defenses by enabling faster, real-time detection of screen capture attacks. This integrated solution strengthens CrowdStrike Falcon, improving its ability to detect and mitigate cyber threats earlier in the kill chain, all while minimizing system performance impact. Screen capture attacks involve adversaries using malicious software to secretly capture screenshots or screen recordings from compromised systems. These attacks often target sensitive information visible on the screen, such as login credentials, financial data, or personal information, and send it back to an external attacker-controlled server. Intel TDT plays a critical role in identifying these threats by providing real-time telemetry on program execution, memory access, and control flow, enabling rapid detection of abnormal behaviors such as unauthorized screen capture or the use of screen-grabbing utilities. Additionally, CAMS offloads the performance-intensive memory scanning workload from the CPU to the Intel Integrated GPU, ensuring faster and more efficient detection of malicious activity without impacting system performance. CAMS helps identify suspicious behaviors, such as the use of unauthorized screen capture software, interactions with the graphics subsystem, or attempts to capture sensitive on-screen data.