Threats
Source: Baseline Security Recommendations for IoT in the context of Critical Information Infrastructures November 2017
| # | Threat Group | Threat | Description | Assets Affected | Remarks | |
|---|---|---|---|---|---|---|
| 1 | Damage and Loss (IT Assets) | Data / Sensitive information leakage | Sensitive data is revealed, intentionally or not, to unauthorised parties. The importance of this threat can vary greatly, depending on the kind of data leaked. | Information | View | |
| 2 | Eavesdropping Interception and Hijacking | Replay of messages | This attack uses a valid data transmission maliciously by repeatedly sending it or delaying it, in order to manipulate or crash the targeted device. | Information | View | |
| 3 | Eavesdropping Interception and Hijacking | Information gathering | Passively obtain internal information about the network: devices connected, protocol used, etc. | Information | View | |
| 4 | Eavesdropping Interception and Hijacking | Session hijacking | Stealing the data connection by acting as a legitimate host in order to steal, modify or delete transmitted data. | Information | View | |
| 5 | Eavesdropping Interception and Hijacking | Network reconnaissance | Passively obtain internal information about the network: devices connected, protocol used, open ports, services in use, etc. | Information | View | |
| 6 | Eavesdropping Interception and Hijacking | Interception of information | Unauthorised interception (and sometimes modification) of a private communication, such as phone calls, instant messages, e-mail communications | Information | View | |
| 7 | Eavesdropping Interception and Hijacking | IoT communication protocol hijacking communication protocol hijacking communication protocol hijacking | Taking control of an existing communication session between two elements of the network. The intruder is able to sniff sensible information, including passwords. The hijacking can use aggressive techniques like forcing disconnection or denial of service. | Information | View | |
| 8 | Eavesdropping Interception and Hijacking | Man in the middle | Active eavesdropping attack, in which the attacker relays messages from one victim to another, in order to make them believe that they are talking directly to each other | Information | View | |
| 9 | Nefarious Activity and Abuse | Modification of information | In this case, the objective is not to damage the devices, but to manipulate the information in order to cause chaos, or acquire monetary gains. | Information | View | |
| 10 | Nefarious Activity and Abuse | Attacks on privacy | This threat affects both the privacy of the user and the exposure of network elements to unauthorised personnel. | Information | View | |
| 11 | Nefarious Activity and Abuse | Targeted attacks | Attacks designed for a specific target, launched over a long period of time, and carried out in multiple stages. The main objective is to remain hidden and to obtain as much sensitive data/information or control as possible. While the impact of this threat is medium, detecting them is usually very difficult and takes a long time. | Information | View | |
Loading...
Saving...
Loading...