ATT&CK v15 has been released! Check out the blog post or release notes for more information.

Restrict Web-Based Content

Restrict use of certain websites, block downloads/attachments, block Javascript, restrict browser extensions, etc.

ID: M0921

Security Controls: IEC 62443-3-3:2013 - SR 2.4, IEC 62443-4-2:2019 - HDR 2.4, NIST SP 800-53 Rev. 5 - SC-18

Version: 1.0

Created: 06 June 2019

Last Modified: 20 September 2023

Live Version

Techniques Addressed by Mitigation

Domain	ID	Name	Use
ICS	T0817	Drive-by Compromise	Restrict browsers to limit the capabilities of malicious ads and Javascript.
ICS	T0865	Spearphishing Attachment	Consider restricting access to email within critical process environments. Additionally, downloads and attachments may be disabled if email is still necessary.
ICS	T0863	User Execution	If a link is being visited by a user, block unknown or unused files in transit by default that should not be downloaded or by policy from suspicious sites as a best practice to prevent some vectors, such as .scr, .exe, .pif, .cpl, etc. Some download scanning devices can open and analyze compressed and encrypted formats, such as zip and rar that may be used to conceal malicious files.