Adversaries may interrupt availability of system and network resources by inhibiting access to accounts utilized by legitimate users. Accounts may be deleted, locked, or manipulated (ex: changed credentials) to remove access to accounts.
Adversaries may also subsequently log off and/or reboot boxes to set malicious changes into place.(Citation: CarbonBlack LockerGoga 2019)(Citation: Unit42 LockerGoga 2019)
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name |
|---|---|---|---|---|
| azure_sentinel | Azure Sentinel | technique_scores | T1531 | Account Access Removal |
| cloud_app_security_policies | Cloud App Security Policies | technique_scores | T1531 | Account Access Removal |
| azure_ad_identity_secure_score | Azure AD Identity Secure Score | technique_scores | T1531 | Account Access Removal |