ACSIA Help Center

What is the “user account deleted”?

Permanently deleted user
Permanently deleted user
  • Updated

Overview

This article will explain the ACSIA alert called "user account deleted".


Explaining the user account deleted

"User account deleted", in the context of cybersecurity, means that an authorized or unauthorized action has removed a user's account from a computer system or a network. When a user account is deleted, the associated credentials, access permissions, and privileges are revoked, preventing the user from accessing resources and data within the system.

Example of a "user account deleted" attack:

Let's consider a situation where a company has a secure network with multiple user accounts, each assigned to different employees with specific roles and access rights.

An attacker, with the intention of causing disruption or gaining unauthorized access, targets the company's network. The attacker seeks to compromise a user account with significant privileges to access sensitive information or critical systems.

The attacker employs various tactics to identify a vulnerable user account. They may use social engineering to trick an employee into revealing their login credentials or exploit a software vulnerability to bypass security measures.

Once the attacker gains access to an employee's account, they attempt a "user account deleted" attack. The attacker logs into the compromised account, giving them temporary control over it.

To avoid detection and further investigation, the attacker decides to delete the compromised user account entirely. They navigate to the account settings or administrative panel, pretending to be the legitimate user, and proceed to delete the account.

By doing so, the attacker effectively revokes the user's access rights and privileges. The user will no longer be able to log into the system or access any of the resources they previously had permission to use.

The deletion of the user account creates chaos and disruption for the company, as the legitimate user is locked out of the system and unable to perform their regular duties. The attacker may attempt to exploit the confusion to carry out additional attacks or gain further access to sensitive data.

 

ACSIA alerts you whenever a user's account of your infrastructure has been deleted.