Threats
Source: Baseline Security Recommendations for IoT in the context of Critical Information Infrastructures November 2017
| # | Threat Group | Threat | Description | Assets Affected | Remarks | |
|---|---|---|---|---|---|---|
| 1 | Physical attacks | Device destruction (sabotage) | Incidents such devices theft, bomb attacks, vandalism or sabotage could damage devices | Platform & Backend | View | |
| 2 | Disasters | Environmental Disaster | Disasters in the deployment environments of IoT equipment and causing their inoperability. | Platform & Backend | View | |
| 3 | Disasters | Natural Disaster | These include events such as, floods, heavy winds, heavy snows, landslides, among others natural disaster, which could physically damage the devices. | Platform & Backend | View | |
| 4 | Failures and Malfunctions | Third parties failures | Errors on an active element of the network caused by the misconfiguration of another element that has direct relation with it. | Platform & Backend | View | |
| 5 | Failures and Malfunctions | Software vulnerabilities | The most common IoT devices are often vulnerable due to weak/default passwords, software bugs, and configuration errors, posing a risk to the network. This threat is usually connected to others, like exploit kits, and it is considered crucial. | Platform & Backend | View | |
| 6 | Damage and Loss (IT Assets) | Data / Sensitive information leakage | Sensitive data is revealed, intentionally or not, to unauthorised parties. The importance of this threat can vary greatly, depending on the kind of data leaked. | Platform & Backend | View | |
| 7 | Outages | Failure of system | Threat of failure of software services or applications | Platform & Backend | View | |
| 8 | Nefarious Activity and Abuse | Modification of information | In this case, the objective is not to damage the devices, but to manipulate the information in order to cause chaos, or acquire monetary gains. | Platform & Backend | View | |
| 9 | Nefarious Activity and Abuse | Attacks on privacy | This threat affects both the privacy of the user and the exposure of network elements to unauthorised personnel. | Platform & Backend | View | |
| 10 | Nefarious Activity and Abuse | DDoS | Multiple systems attack a single target in order to saturate it and make it crash. This can be done by making many connections, flooding a communication channel or replaying the same communications over and over. | Platform & Backend | View | |
| 11 | Nefarious Activity and Abuse | Targeted attacks | Attacks designed for a specific target, launched over a long period of time, and carried out in multiple stages. The main objective is to remain hidden and to obtain as much sensitive data/information or control as possible. While the impact of this threat is medium, detecting them is usually very difficult and takes a long time. | Platform & Backend | View | |
| 12 | Nefarious Activity and Abuse | Malware | Software programs designed to carry out unwanted and unauthorised actions on a system without the consent of the user, resulting in damage, corruption or information theft. Its impact can be high. | Platform & Backend | View | |
Loading...
Saving...
Loading...