Adversaries may interrupt availability of system and network resources by inhibiting access to accounts utilized by legitimate users. Accounts may be deleted, locked, or manipulated (ex: changed credentials) to remove access to accounts.
Adversaries may also subsequently log off and/or reboot boxes to set malicious changes into place.(Citation: CarbonBlack LockerGoga 2019)(Citation: Unit42 LockerGoga 2019)
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name |
|---|---|---|---|---|
| CVE-2019-1689 | Cisco Webex Teams | secondary_impact | T1531 | Account Access Removal |
| action.hacking.variety.Unknown | Unknown | related-to | T1531 | Account Access Removal |
| attribute.integrity.variety.Unknown | Unknown | related-to | T1531 | Account Access Removal |
| amazon_guardduty | Amazon GuardDuty | technique_scores | T1531 | Account Access Removal |
| aws_security_hub | AWS Security Hub | technique_scores | T1531 | Account Access Removal |