Threats
Source: Baseline Security Recommendations for IoT in the context of Critical Information Infrastructures November 2017
| # | Threat Group | Threat | Description | Assets Affected | Remarks | |
|---|---|---|---|---|---|---|
| 1 | Outages | Network Outage | Interruption or failure in the network supply, either intentional or accidental. Depending on the network segment affected, and on the time required to recover, the importance of this threat ranges from high to critical. | Communications | o | View |
| 2 | Physical attacks | Device destruction (sabotage) | Incidents such devices theft, bomb attacks, vandalism or sabotage could damage devices | Infrastructure | View | |
| 3 | Physical attacks | Device destruction (sabotage) | Incidents such devices theft, bomb attacks, vandalism or sabotage could damage devices | Platform & Backend | View | |
| 4 | Physical attacks | Device destruction (sabotage) | Incidents such devices theft, bomb attacks, vandalism or sabotage could damage devices | Other IoT Ecosystem devices | View | |
| 5 | Physical attacks | Device destruction (sabotage) | Incidents such devices theft, bomb attacks, vandalism or sabotage could damage devices | IoT devices | View | |
| 6 | Physical attacks | Device modification | Tampering a device by for example taking advantage of bad configuration of ports, exploiting those left open. | IoT devices | View | |
| 7 | Physical attacks | Device modification | Tampering a device by for example taking advantage of bad configuration of ports, exploiting those left open. | Communications | View | |
| 8 | Disasters | Environmental Disaster | Disasters in the deployment environments of IoT equipment and causing their inoperability. | Infrastructure | View | |
| 9 | Disasters | Environmental Disaster | Disasters in the deployment environments of IoT equipment and causing their inoperability. | Platform & Backend | View | |
| 10 | Disasters | Environmental Disaster | Disasters in the deployment environments of IoT equipment and causing their inoperability. | Other IoT Ecosystem devices | View | |
| 11 | Disasters | Natural Disaster | These include events such as, floods, heavy winds, heavy snows, landslides, among others natural disaster, which could physically damage the devices. | Infrastructure | View | |
| 12 | Disasters | Natural Disaster | These include events such as, floods, heavy winds, heavy snows, landslides, among others natural disaster, which could physically damage the devices. | Platform & Backend | View | |
| 13 | Disasters | Natural Disaster | These include events such as, floods, heavy winds, heavy snows, landslides, among others natural disaster, which could physically damage the devices. | Other IoT Ecosystem devices | View | |
| 14 | Disasters | Natural Disaster | These include events such as, floods, heavy winds, heavy snows, landslides, among others natural disaster, which could physically damage the devices. | IoT devices | View | |
| 15 | Failures and Malfunctions | Third parties failures | Errors on an active element of the network caused by the misconfiguration of another element that has direct relation with it. | Applications & Services | View | |
| 16 | Failures and Malfunctions | Third parties failures | Errors on an active element of the network caused by the misconfiguration of another element that has direct relation with it. | Infrastructure | View | |
| 17 | Failures and Malfunctions | Third parties failures | Errors on an active element of the network caused by the misconfiguration of another element that has direct relation with it. | Platform & Backend | View | |
| 18 | Failures and Malfunctions | Third parties failures | Errors on an active element of the network caused by the misconfiguration of another element that has direct relation with it. | Other IoT Ecosystem devices | View | |
| 19 | Failures and Malfunctions | Third parties failures | Errors on an active element of the network caused by the misconfiguration of another element that has direct relation with it. | IoT devices | View | |
| 20 | Failures and Malfunctions | Software vulnerabilities | The most common IoT devices are often vulnerable due to weak/default passwords, software bugs, and configuration errors, posing a risk to the network. This threat is usually connected to others, like exploit kits, and it is considered crucial. | Applications & Services | View | |
| 21 | Failures and Malfunctions | Software vulnerabilities | The most common IoT devices are often vulnerable due to weak/default passwords, software bugs, and configuration errors, posing a risk to the network. This threat is usually connected to others, like exploit kits, and it is considered crucial. | Infrastructure | View | |
| 22 | Failures and Malfunctions | Software vulnerabilities | The most common IoT devices are often vulnerable due to weak/default passwords, software bugs, and configuration errors, posing a risk to the network. This threat is usually connected to others, like exploit kits, and it is considered crucial. | Platform & Backend | View | |
| 23 | Failures and Malfunctions | Software vulnerabilities | The most common IoT devices are often vulnerable due to weak/default passwords, software bugs, and configuration errors, posing a risk to the network. This threat is usually connected to others, like exploit kits, and it is considered crucial. | Other IoT Ecosystem devices | View | |
| 24 | Failures and Malfunctions | Software vulnerabilities | The most common IoT devices are often vulnerable due to weak/default passwords, software bugs, and configuration errors, posing a risk to the network. This threat is usually connected to others, like exploit kits, and it is considered crucial. | IoT devices | View | |
| 25 | Damage and Loss (IT Assets) | Data / Sensitive information leakage | Sensitive data is revealed, intentionally or not, to unauthorised parties. The importance of this threat can vary greatly, depending on the kind of data leaked. | Information | View | |
| 26 | Damage and Loss (IT Assets) | Data / Sensitive information leakage | Sensitive data is revealed, intentionally or not, to unauthorised parties. The importance of this threat can vary greatly, depending on the kind of data leaked. | Platform & Backend | View | |
| 27 | Damage and Loss (IT Assets) | Data / Sensitive information leakage | Sensitive data is revealed, intentionally or not, to unauthorised parties. The importance of this threat can vary greatly, depending on the kind of data leaked. | Other IoT Ecosystem devices | View | |
| 28 | Damage and Loss (IT Assets) | Data / Sensitive information leakage | Sensitive data is revealed, intentionally or not, to unauthorised parties. The importance of this threat can vary greatly, depending on the kind of data leaked. | IoT devices | View | |
| 29 | Outages | Loss of support services | Unavailability of support services required for proper operation of the information system. | All assets | View | |
| 30 | Outages | Failure of system | Threat of failure of software services or applications | Other IoT Ecosystem devices | View | |
| 31 | Outages | Failure of system | Threat of failure of software services or applications | Platform & Backend | View | |
| 32 | Outages | Failure of system | Threat of failure of software services or applications | IoT devices | View | |
| 33 | Outages | Failures of devices | Threat of failure or malfunction of hardware devices | IoT devices | View | |
| 34 | Outages | Network Outage | Interruption or failure in the network supply, either intentional or accidental. Depending on the network segment affected, and on the time required to recover, the importance of this threat ranges from high to critical. | Infrastructure | View | |
| 35 | Eavesdropping Interception and Hijacking | Replay of messages | This attack uses a valid data transmission maliciously by repeatedly sending it or delaying it, in order to manipulate or crash the targeted device. | Decision making | View | |
| 36 | Eavesdropping Interception and Hijacking | Replay of messages | This attack uses a valid data transmission maliciously by repeatedly sending it or delaying it, in order to manipulate or crash the targeted device. | IoT devices | View | |
| 37 | Eavesdropping Interception and Hijacking | Replay of messages | This attack uses a valid data transmission maliciously by repeatedly sending it or delaying it, in order to manipulate or crash the targeted device. | Information | View | |
| 38 | Eavesdropping Interception and Hijacking | Information gathering | Passively obtain internal information about the network: devices connected, protocol used, etc. | IoT devices | View | |
| 39 | Eavesdropping Interception and Hijacking | Information gathering | Passively obtain internal information about the network: devices connected, protocol used, etc. | Communications | View | |
| 40 | Eavesdropping Interception and Hijacking | Information gathering | Passively obtain internal information about the network: devices connected, protocol used, etc. | Information | View | |
| 41 | Eavesdropping Interception and Hijacking | Session hijacking | Stealing the data connection by acting as a legitimate host in order to steal, modify or delete transmitted data. | IoT devices | View | |
| 42 | Eavesdropping Interception and Hijacking | Session hijacking | Stealing the data connection by acting as a legitimate host in order to steal, modify or delete transmitted data. | Communications | View | |
| 43 | Eavesdropping Interception and Hijacking | Session hijacking | Stealing the data connection by acting as a legitimate host in order to steal, modify or delete transmitted data. | Information | View | |
| 44 | Eavesdropping Interception and Hijacking | Network reconnaissance | Passively obtain internal information about the network: devices connected, protocol used, open ports, services in use, etc. | Infrastructure | View | |
| 45 | Eavesdropping Interception and Hijacking | Network reconnaissance | Passively obtain internal information about the network: devices connected, protocol used, open ports, services in use, etc. | IoT devices | View | |
| 46 | Eavesdropping Interception and Hijacking | Network reconnaissance | Passively obtain internal information about the network: devices connected, protocol used, open ports, services in use, etc. | Communications | View | |
| 47 | Eavesdropping Interception and Hijacking | Network reconnaissance | Passively obtain internal information about the network: devices connected, protocol used, open ports, services in use, etc. | Information | View | |
| 48 | Eavesdropping Interception and Hijacking | Interception of information | Unauthorised interception (and sometimes modification) of a private communication, such as phone calls, instant messages, e-mail communications | IoT devices | View | |
| 49 | Eavesdropping Interception and Hijacking | Interception of information | Unauthorised interception (and sometimes modification) of a private communication, such as phone calls, instant messages, e-mail communications | Communications | View | |
| 50 | Eavesdropping Interception and Hijacking | Interception of information | Unauthorised interception (and sometimes modification) of a private communication, such as phone calls, instant messages, e-mail communications | Information | View | |
| 51 | Eavesdropping Interception and Hijacking | IoT communication protocol hijacking | Taking control of an existing communication session between two elements of the network. The intruder is able to sniff sensible information, including passwords. The hijacking can use aggressive techniques like forcing disconnection or denial of service. | Decision making | View | |
| 52 | Eavesdropping Interception and Hijacking | IoT communication protocol hijacking | Taking control of an existing communication session between two elements of the network. The intruder is able to sniff sensible information, including passwords. The hijacking can use aggressive techniques like forcing disconnection or denial of service. | IoT devices | View | |
| 53 | Eavesdropping Interception and Hijacking | IoT communication protocol hijacking | Taking control of an existing communication session between two elements of the network. The intruder is able to sniff sensible information, including passwords. The hijacking can use aggressive techniques like forcing disconnection or denial of service. | Communications | View | |
| 54 | Eavesdropping Interception and Hijacking | IoT communication protocol hijacking communication protocol hijacking communication protocol hijacking | Taking control of an existing communication session between two elements of the network. The intruder is able to sniff sensible information, including passwords. The hijacking can use aggressive techniques like forcing disconnection or denial of service. | Information | View | |
| 55 | Eavesdropping Interception and Hijacking | Man in the middle | Active eavesdropping attack, in which the attacker relays messages from one victim to another, in order to make them believe that they are talking directly to each other | IoT devices | View | |
| 56 | Eavesdropping Interception and Hijacking | Man in the middle | Active eavesdropping attack, in which the attacker relays messages from one victim to another, in order to make them believe that they are talking directly to each other | Communications | View | |
| 57 | Eavesdropping Interception and Hijacking | Man in the middle | Active eavesdropping attack, in which the attacker relays messages from one victim to another, in order to make them believe that they are talking directly to each other | Information | View | |
| 58 | Nefarious Activity and Abuse | Modification of information | In this case, the objective is not to damage the devices, but to manipulate the information in order to cause chaos, or acquire monetary gains. | Information | View | |
| 59 | Nefarious Activity and Abuse | Modification of information | In this case, the objective is not to damage the devices, but to manipulate the information in order to cause chaos, or acquire monetary gains. | Platform & Backend | View | |
| 60 | Nefarious Activity and Abuse | Modification of information | In this case, the objective is not to damage the devices, but to manipulate the information in order to cause chaos, or acquire monetary gains. | Other IoT Ecosystem devices | View | |
| 61 | Nefarious Activity and Abuse | Modification of information | In this case, the objective is not to damage the devices, but to manipulate the information in order to cause chaos, or acquire monetary gains. | IoT Devices | View | |
| 62 | Nefarious Activity and Abuse | Attacks on privacy | This threat affects both the privacy of the user and the exposure of network elements to unauthorised personnel. | Information | View | |
| 63 | Nefarious Activity and Abuse | Attacks on privacy | This threat affects both the privacy of the user and the exposure of network elements to unauthorised personnel. | Platform & Backend | View | |
| 64 | Nefarious Activity and Abuse | Attacks on privacy | This threat affects both the privacy of the user and the exposure of network elements to unauthorised personnel. | Other IoT Ecosystem devices | View | |
| 65 | Nefarious Activity and Abuse | Attacks on privacy | This threat affects both the privacy of the user and the exposure of network elements to unauthorised personnel. | IoT devices | View | |
| 66 | Nefarious Activity and Abuse | Counterfeit by malicious devices | This threat is difficult to discover, since a counterfeit device cannot be easily distinguished from the original. These devices usually have backdoors and can be used to conduct attacks on other ICT systems in the environment. | Infrastructure | View | |
| 67 | Nefarious Activity and Abuse | Counterfeit by malicious devices | This threat is difficult to discover, since a counterfeit device cannot be easily distinguished from the original. These devices usually have backdoors and can be used to conduct attacks on other ICT systems in the environment. | Other IoT Ecosystem devices | View | |
| 68 | Nefarious Activity and Abuse | Counterfeit by malicious devices | This threat is difficult to discover, since a counterfeit device cannot be easily distinguished from the original. These devices usually have backdoors and can be used to conduct attacks on other ICT systems in the environment. | IoT devices | View | |
| 69 | Nefarious Activity and Abuse | DDoS | Multiple systems attack a single target in order to saturate it and make it crash. This can be done by making many connections, flooding a communication channel or replaying the same communications over and over. | Infrastructure | View | |
| 70 | Nefarious Activity and Abuse | DDoS | Multiple systems attack a single target in order to saturate it and make it crash. This can be done by making many connections, flooding a communication channel or replaying the same communications over and over. | Platform & Backend | View | |
| 71 | Nefarious Activity and Abuse | DDoS | Multiple systems attack a single target in order to saturate it and make it crash. This can be done by making many connections, flooding a communication channel or replaying the same communications over and over. | Other IoT Ecosystem devices | View | |
| 72 | Nefarious Activity and Abuse | DDoS | Multiple systems attack a single target in order to saturate it and make it crash. This can be done by making many connections, flooding a communication channel or replaying the same communications over and over. | IoT devices | View | |
| 73 | Nefarious Activity and Abuse | Targeted attacks | Attacks designed for a specific target, launched over a long period of time, and carried out in multiple stages. The main objective is to remain hidden and to obtain as much sensitive data/information or control as possible. While the impact of this threat is medium, detecting them is usually very difficult and takes a long time. | Information | View | |
| 74 | Nefarious Activity and Abuse | Targeted attacks | Attacks designed for a specific target, launched over a long period of time, and carried out in multiple stages. The main objective is to remain hidden and to obtain as much sensitive data/information or control as possible. While the impact of this threat is medium, detecting them is usually very difficult and takes a long time. | Platform & Backend | View | |
| 75 | Nefarious Activity and Abuse | Targeted attacks | Attacks designed for a specific target, launched over a long period of time, and carried out in multiple stages. The main objective is to remain hidden and to obtain as much sensitive data/information or control as possible. While the impact of this threat is medium, detecting them is usually very difficult and takes a long time. | Infrastructure | View | |
| 76 | Nefarious Activity and Abuse | Exploit Kits | Code designed to take advantage of a vulnerability in order to gain access to a system. This threat is difficult to detect and in IoT environments its impact ranges from high to crucial, depending on the assets affected. | Infrastructure | View | |
| 77 | Nefarious Activity and Abuse | Exploit Kits | Code designed to take advantage of a vulnerability in order to gain access to a system. This threat is difficult to detect and in IoT environments its impact ranges from high to crucial, depending on the assets affected. | Other IoT Ecosystem devices | View | |
| 78 | Nefarious Activity and Abuse | Exploit Kits | Code designed to take advantage of a vulnerability in order to gain access to a system. This threat is difficult to detect and in IoT environments its impact ranges from high to crucial, depending on the assets affected. | IoT devices | View | |
| 79 | Nefarious Activity and Abuse | Malware | Software programs designed to carry out unwanted and unauthorised actions on a system without the consent of the user, resulting in damage, corruption or information theft. Its impact can be high. | Platform & Backend | View | |
| 80 | Nefarious Activity and Abuse | Malware | Software programs designed to carry out unwanted and unauthorised actions on a system without the consent of the user, resulting in damage, corruption or information theft. Its impact can be high. | Other IoT Ecosystem devices | View | |
| 81 | Nefarious Activity and Abuse | Malware | Software programs designed to carry out unwanted and unauthorised actions on a system without the consent of the user, resulting in damage, corruption or information theft. Its impact can be high. | IoT devices | View | |
Loading...
Saving...
Loading...