Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| intel-tdt | Intel Threat Detection Technology | CrowdStrike AMS | T1114 | Email Collection |
Comments
Intel Threat Detection Technology (TDT), combined with CrowdStrike Falcon Accelerated Memory Scanning (CAMS), enhances cybersecurity defenses by enabling faster, real-time detection of Email Collection (T1114). This integrated solution strengthens CrowdStrike Falcon, improving its ability to detect and mitigate cyber threats earlier in the kill chain while minimizing system performance impact.
Email Collection (T1114) involves adversaries targeting email clients or servers to gather sensitive information from email communications. This could include using malicious scripts, tools, or exploiting email protocols to harvest large amounts of email data, often for espionage or data theft. Intel TDT plays a critical role by providing real-time telemetry on program execution, memory access, and control flow, enabling the detection of abnormal behaviors associated with email client manipulation or unauthorized email access.
Additionally, CAMS offloads the memory scanning workload from the CPU to the Intel Integrated GPU, ensuring faster and more efficient detection of malicious activities related to email collection without impacting system performance. CAMS identifies suspicious behaviors such as unauthorized access to email accounts, unusual data retrieval patterns, or attempts to extract sensitive email content, providing proactive defense against email-based data exfiltration techniques
References
|