Threats
Source: Baseline Security Recommendations for IoT in the context of Critical Information Infrastructures November 2017
| # | Threat Group | Threat | Description | Assets Affected | Remarks | |
|---|---|---|---|---|---|---|
| 1 | Physical attacks | Device destruction (sabotage) | Incidents such devices theft, bomb attacks, vandalism or sabotage could damage devices | Infrastructure | View | |
| 2 | Disasters | Environmental Disaster | Disasters in the deployment environments of IoT equipment and causing their inoperability. | Infrastructure | View | |
| 3 | Disasters | Natural Disaster | These include events such as, floods, heavy winds, heavy snows, landslides, among others natural disaster, which could physically damage the devices. | Infrastructure | View | |
| 4 | Failures and Malfunctions | Third parties failures | Errors on an active element of the network caused by the misconfiguration of another element that has direct relation with it. | Infrastructure | View | |
| 5 | Failures and Malfunctions | Software vulnerabilities | The most common IoT devices are often vulnerable due to weak/default passwords, software bugs, and configuration errors, posing a risk to the network. This threat is usually connected to others, like exploit kits, and it is considered crucial. | Infrastructure | View | |
| 6 | Outages | Network Outage | Interruption or failure in the network supply, either intentional or accidental. Depending on the network segment affected, and on the time required to recover, the importance of this threat ranges from high to critical. | Infrastructure | View | |
| 7 | Eavesdropping Interception and Hijacking | Network reconnaissance | Passively obtain internal information about the network: devices connected, protocol used, open ports, services in use, etc. | Infrastructure | View | |
| 8 | Nefarious Activity and Abuse | Counterfeit by malicious devices | This threat is difficult to discover, since a counterfeit device cannot be easily distinguished from the original. These devices usually have backdoors and can be used to conduct attacks on other ICT systems in the environment. | Infrastructure | View | |
| 9 | Nefarious Activity and Abuse | DDoS | Multiple systems attack a single target in order to saturate it and make it crash. This can be done by making many connections, flooding a communication channel or replaying the same communications over and over. | Infrastructure | View | |
| 10 | Nefarious Activity and Abuse | Targeted attacks | Attacks designed for a specific target, launched over a long period of time, and carried out in multiple stages. The main objective is to remain hidden and to obtain as much sensitive data/information or control as possible. While the impact of this threat is medium, detecting them is usually very difficult and takes a long time. | Infrastructure | View | |
| 11 | Nefarious Activity and Abuse | Exploit Kits | Code designed to take advantage of a vulnerability in order to gain access to a system. This threat is difficult to detect and in IoT environments its impact ranges from high to crucial, depending on the assets affected. | Infrastructure | View | |
Loading...
Saving...
Loading...