Threats
Source: Baseline Security Recommendations for IoT in the context of Critical Information Infrastructures November 2017
| # | Threat Group | Threat | Description | Assets Affected | Remarks | |
|---|---|---|---|---|---|---|
| 1 | Outages | Network Outage | Interruption or failure in the network supply, either intentional or accidental. Depending on the network segment affected, and on the time required to recover, the importance of this threat ranges from high to critical. | Communications | o | View |
| 2 | Physical attacks | Device modification | Tampering a device by for example taking advantage of bad configuration of ports, exploiting those left open. | Communications | View | |
| 3 | Eavesdropping Interception and Hijacking | Information gathering | Passively obtain internal information about the network: devices connected, protocol used, etc. | Communications | View | |
| 4 | Eavesdropping Interception and Hijacking | Session hijacking | Stealing the data connection by acting as a legitimate host in order to steal, modify or delete transmitted data. | Communications | View | |
| 5 | Eavesdropping Interception and Hijacking | Network reconnaissance | Passively obtain internal information about the network: devices connected, protocol used, open ports, services in use, etc. | Communications | View | |
| 6 | Eavesdropping Interception and Hijacking | Interception of information | Unauthorised interception (and sometimes modification) of a private communication, such as phone calls, instant messages, e-mail communications | Communications | View | |
| 7 | Eavesdropping Interception and Hijacking | IoT communication protocol hijacking | Taking control of an existing communication session between two elements of the network. The intruder is able to sniff sensible information, including passwords. The hijacking can use aggressive techniques like forcing disconnection or denial of service. | Communications | View | |
| 8 | Eavesdropping Interception and Hijacking | Man in the middle | Active eavesdropping attack, in which the attacker relays messages from one victim to another, in order to make them believe that they are talking directly to each other | Communications | View | |
Loading...
Saving...
Loading...