Source: Baseline Security Recommendations for IoT in the context of Critical Information Infrastructures November 2017

# Threat Group Threat Description Assets Affected Remarks
1 Physical attacks Device destruction (sabotage) Incidents such devices theft, bomb attacks, vandalism or sabotage could damage devices Platform & Backend View
2 Disasters Environmental Disaster Disasters in the deployment environments of IoT equipment and causing their inoperability. Platform & Backend View
3 Disasters Natural Disaster These include events such as, floods, heavy winds, heavy snows, landslides, among others natural disaster, which could physically damage the devices. Platform & Backend View
4 Failures and Malfunctions Third parties failures Errors on an active element of the network caused by the misconfiguration of another element that has direct relation with it. Platform & Backend View
5 Failures and Malfunctions Software vulnerabilities The most common IoT devices are often vulnerable due to weak/default passwords, software bugs, and configuration errors, posing a risk to the network. This threat is usually connected to others, like exploit kits, and it is considered crucial. Platform & Backend View
6 Damage and Loss (IT Assets) Data / Sensitive information leakage Sensitive data is revealed, intentionally or not, to unauthorised parties. The importance of this threat can vary greatly, depending on the kind of data leaked. Platform & Backend View
7 Outages Failure of system Threat of failure of software services or applications Platform & Backend View
8 Nefarious Activity and Abuse Modification of information In this case, the objective is not to damage the devices, but to manipulate the information in order to cause chaos, or acquire monetary gains. Platform & Backend View
9 Nefarious Activity and Abuse Attacks on privacy This threat affects both the privacy of the user and the exposure of network elements to unauthorised personnel. Platform & Backend View
10 Nefarious Activity and Abuse DDoS Multiple systems attack a single target in order to saturate it and make it crash. This can be done by making many connections, flooding a communication channel or replaying the same communications over and over. Platform & Backend View
11 Nefarious Activity and Abuse Targeted attacks Attacks designed for a specific target, launched over a long period of time, and carried out in multiple stages. The main objective is to remain hidden and to obtain as much sensitive data/information or control as possible. While the impact of this threat is medium, detecting them is usually very difficult and takes a long time. Platform & Backend View
12 Nefarious Activity and Abuse Malware Software programs designed to carry out unwanted and unauthorised actions on a system without the consent of the user, resulting in damage, corruption or information theft. Its impact can be high. Platform & Backend View
Records : 12 of 12 | Page : of 1 | Limit