CAPEC-648: Collect Data from Screen Capture
CAPEC版本: 3.9
更新日期: 2023-01-24
攻击模式描述
An adversary gathers sensitive information by exploiting the system's screen capture functionality. Through screenshots, the adversary aims to see what happens on the screen over the course of an operation. The adversary can leverage information gathered in order to carry out further attacks.
前提条件
- The adversary must have obtained logical access to the system by some means (e.g., via obtained credentials or planting malware on the system).
所需技能
所需资源
- None: No specialized resources are required to execute this type of attack.
后果影响
影响范围: Confidentiality
技术影响: Read Data
说明: The adversary is able to capture potentially sensitive information and processes as they appear on the screen.
缓解措施
Identify potentially malicious software that may have functionality to acquire screen captures, and audit and/or block it by using allowlist tools.
While screen capture is a legitimate and practical function, certain situations and context may require the disabling of this feature.
分类映射
| 分类名称 | 条目ID | 条目名称 |
|---|---|---|
| ATTACK | 1113 | Screen Capture |
| ATTACK | 1513 | Screen Capture |