T1640 Account Access Removal
Adversaries may interrupt availability of system and network resources by inhibiting access to accounts utilized by legitimate users. Accounts may be deleted, locked, or manipulated (ex: credentials changed) to remove access to accounts.
Procedure Examples
Mitigations
ID | Mitigation | Description |
---|---|---|
M1011 | User Guidance | Users should be taught that Device Administrator permissions are very dangerous, and very few applications need it. |
Detection
ID | Data Source | Data Component |
---|---|---|
DS0041 | Application Vetting | Permissions Requests |