Incident Response

The ability to regain ownership of a subscriber account and its associated information and privileges.

Availability is the property that systems and data are accessible and usable when needed.

Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Emails may also contain details of ongoing incident response operations, which may allow adversaries to adjust their techniques in order to maintain persistence or evade defenses.(Citation: TrustedSec OOB Communications)(Citation: CISA AA20 352A 2021) Adversaries can collect or forward email from mail servers or clients.

Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is designed for programmers and is the infrastructure for management data and operations on Windows systems.(Citation: WMI 1 3) WMI is an administration feature that provides a uniform environment to access Windows system components.