Threat Catalogue

Logical Threats

Category: Intentional

Sub-Category: Conflict

Struggle resulting from incompatible or opposing needs, drives, wishes, or external or internal demands.

ID Threat Description

LIC1 Sabotage Deliberate actions aimed to cause disruption or damage to information and/or IT assets for financial or personal gain.

LIC2 Terrorism The use of violence as a means to create terror among masses of people; or fear to achieve a financial, political, religious, or ideological aim.

LIC3 Vandalism Deliberate destruction or damage to information and/or IT assets, but not for personal gain.

LIC4 Warfare Damage to assets, facilities, and employees due to war or armed conflict.

Sub-Category: Misappropriation

Dishonestly or unfairly taking for one’s own use.

ID Threat Description

LIM1 Embezzlement To appropriate something, such as property, entrusted to one’s care fraudulently to one’s own use. A form of theft through fraud.

LIM2 Extortion The act of obtaining money, property, or services from an organization through coercion. A form of theft through use of force or intimidation to obtain compliance.

LIM3 Fraud Deliberate deception to secure unfair or unlawful gain, or to deprive a victim of a legal right.

LIM4 Theft The act of logically stealing and/or removing property with intent to deprive the rightful owner of it.

Sub-Category: Nefarious

Flagrant breaching of time-honored laws and traditions of conduct.

ID Threat Description

LIN1 Abuse of Authorizations Using authorized access to perform illegitimate actions.

LIN2 Address Space Hijacking The illegitimate takeover of groups of IP addresses.

LIN3 Alteration of Software Unauthorized modifications to code or configuration data, attacking its integrity.

LIN4 Anonymous Proxies Access of websites through chains of HTTP proxies (obfuscation), bypassing the security mechanism(s).

LIN5 Autonomous System Hijacking Overtaking, by the attacker, the ownership of a whole autonomous system and its prefixes, despite origin validation.

LIN6 Brute Force Unauthorized access via systematically checking all possible keys or passwords until the correct one is found.

LIN7 Code Injections Exploiting bugs, design flaws, or configuration oversights in an operating system or software application to gain elevated access to resources.

LIN8 Command Injection Execution of arbitrary commands on the host operating system via a vulnerable application. This attack differs from Code Injection, in that code injection allows the attacker to add their own code that is then executed by the application. In Command Injection, the attacker extends the default functionality of the application, which executes system commands, without the necessity of injecting code. Also known as “Remote Command Execution.”

LIN9 Compromised Credentials An account/ID/username has been used or accessed by an unauthorized means.

LIN10 Denial of Service Service unavailability due to a massive number of requests for services from a single point.

LIN11 Distributed Denial of Service Service unavailability due to a massive number of requests for access to network services from multiple malicious clients.

LIN12 DNS Spoofing Domain name server cache poisoning or spoofing to divert traffic to malicious servers.

LIN13 Drive By Download A compromised website that has a user unintentionally download malware.

LIN14 Elevated Privileges Roles or permissions with more than the normal level of access that, if compromised, could allow a person to exploit the systems for personal gain or illicit purpose.

LIN15 Emission Attacks Spying on information through capturing emanations from operational equipment.

LIN16 HTML Script Injection A type of injection in which malicious scripts are injected into otherwise benign and trusted websites.

LIN17 Information Sharing The deliberate sharing of information with unauthorized entities, such as emailing sensitive information or file transfers.

LIN18 IP Spoofing IP spoofing is a method of attack under which incorrect IP addresses are used to disguise the attackers’ identity to the system being attacked.

LIN19 LDAP Injection To exploit web-based applications that construct LDAP statements based on user input.

LIN20 MAC Spoofing An attacker can change the Media Access Control (MAC) address of their device and send Ethernet frames in the network segment with a different ID, which can result in the possible circumvention of security mechanisms which are based solely on the use of a MAC address.

LIN21 Malicious Code Execution Injection of malicious code to extend the functionality of an application or information system without having to execute commands.

LIN22 Man in the Middle A type of eavesdropping attack that occurs when a malicious actor inserts himself as a relay/proxy into a communication session between people or systems.

LIN23 Manipulation of an Encryption Module Modification of an encryption module in order to read secret keys, change keys, or change security parameters.

LIN24 Manipulation of Data The modification of data with the intent to cause loss of integrity.

LIN25 Masquerade/Pretexting Lying or deceiving to pretend to be someone one is not.

LIN26 Message Replay Threat in which a valid data transmission is maliciously or fraudulently repeated or delayed.

LIN27 Misuse of Audit Tools The malicious use of network scanning tools to discover open and possibly unused ports, protocols, and services as well as vulnerabilities.

LIN28 Network Intrusion Unauthorized access to a network.

LIN29 Network Sniffing Identifying information about a network to find security weaknesses.

LIN30 Phishing An email fraud method in which the perpetrator sends out legitimate-looking emails in an attempt to gather personal and financial information from recipients. Typically, the messages appear to come from well-known and trustworthy websites.

LIN31 Quid Pro Quo The attacker promises to provide a benefit or service in the return of vital access or details.

LIN32 Ransomware Infection of a computer system or device by malware that restricts access to the system and information while demanding that the user pays a ransom to remove the restriction.

LIN33 Remote Access Trojan (RAT) Remote administration capabilities, allowing an attacker to control the victim’s computer.

LIN34 Repudiation of Actions Intentional data manipulation to repudiate action.

LIN35 Reverse Engineering (RE) The process by which a man-made object is deconstructed to reveal its design, architecture, or to extract knowledge from the object.

LIN36 Rogue Access Points Unauthorized access via unmanaged access points to an organization’s managed network.

LIN37 Rogue Certificates Use of rogue certificates that are valid certificates, by a legitimate certificate authority, which are untrustworthy.

LIN38 Rogue Security Software Malicious software that misleads users about their computer’s security in order to manipulate them.

LIN39 Rootkits A set of software tools that enable an unauthorized user to gain control of a computer system without being detected.

LIN40 Routing Table Manipulation Routing network packets to IP addresses not intended by sender via unauthorized manipulation of routing table.

LIN41 Search Engine Poisoning Deliberate manipulation of search engine indexes to direct a user to malicious content on falsified sites.

LIN42 Server-Side Includes (SSI) Injection Allows the exploitation of a web application by injecting scripts into HTML pages or executing arbitrary codes remotely.

LIN43 SPAM Receiving unsolicited, undesired, or illegal email messages.

LIN44 Spear Phishing Phishing while tailoring the email to a specific audience.

LIN45 Spyware Software that aims to gather information about a person or organization without their knowledge.

LIN46 SQL Injection Takes advantage of the syntax of SQL to inject commands that can read or modify a database, or compromise the meaning of the original query.

LIN47 Trojan Any malicious computer program which misleads users of its true intent.

LIN48 Unacceptable Use Not abiding by the rules defined as acceptable by the governing or owning entity.

LIN49 Unauthorized Access Attaining logical access without permission or approval.

LIN50 Unauthorized Encryption Use of an unauthorized (insecure) encryption module that can lead to a false sense of protection for the data that the encryption was meant to provide.

LIN51 Unauthorized Software Installation The intentional installation of unmanaged or unauthorized software.

LIN52 Virus A computer program that can copy itself and infect a computer without permission or knowledge of the user. A virus might corrupt or delete data on a computer, use email programs to spread itself to other computers, or even erase everything on a hard disk.

LIN53 Vishing A form of fraud using voice over internet protocol in which individuals are tricked into revealing unauthorized access to sensitive information.

LIN54 War Driving The act of locating and possibly exploiting wireless networks. Example: Access Point Mapping.

LIN55 Watering Holes Malware residing on the websites which a group often uses.

LIN56 Web Spoofing Web spoofing occurs when an attacker forges an existing website (i.e., an attacker designs a fake website in such a way that it looks like the website of a known organization). The attacker attempts to draw users to the website with the objective of launching further attacks.

LIN57 Whaling A form of spear phishing that targets senior management, executives, or prominent individuals in order to gain access to sensitive information.

LIN58 Wire Tapping The surreptitious electronic monitoring of Internet-based communications.

LIN59 Worms Self-propagating, standalone malicious software.

Category: Unintentional

Sub-Category: Failure

Unexpected system degradation or failure.

ID Threat Description

LUF1 Third-Party Services Failure or disruption of third-party services required for proper operation of information systems. Example: Resources or Supporting Systems.

LUF2 Database Systems A database failure that may result in systems or applications not being available, which can have a significant impact on business operations, resulting in financial loss or potential brand damage.

LUF3 Network Bandwidth When the bandwidth of the network is insufficient, the transmission rate in the network (and eventually the availability in the network) will be severely limited to the organization’s users, resulting in potential business disruptions.

LUF4 Network Routing The process of selecting a path for traffic in a network, or between or across multiple networks.

LUF5 Software/Code The failure of programs and other operations used by a computer.

LUF6 Storage The retention of retrievable data on a computer or other electronic system; memory.

LUF7 Virtual Parts & Components The failure/malfunction of virtual parts and components of IT hardware (e.g. motherboard, CPU, RAM, video card, hard drive, power supply). Failure of Virtual IT.

Sub-Category: Human

Human oriented errors or mistakes.

ID Threat Description

LUH1 Data Sharing/Leakage Unintentional distribution of covered information to an unauthorized entity by an employee or employees.

LUH2 Improper Data Modification Changing of data and records (information) stored in devices and storage media.

LUH3 Misclassifying of Data Inappropriate/inadequate labeling or classifying of Data media.

LUH4 Mishandling of Passwords Unintentional mishandling of passwords, leading to leakage of covered information.

Sub-Category: Misuse

Use in the wrong way or for the wrong purpose.

ID Threat Description

1 LUM1 Certificate Integrity Loss Loss of integrity of certificates used for authorization services.

2 LUM2 Compromised Credentials An account/ID/username has been used or accessed by an unauthorized means.

3 LUM3 Data Remanence Storage media that retains stored information in a retrievable/intact manner longer than desired (failure to totally erase).

4 LUM4 Data Storage Media Loss The loss of data via the loss of a data storage medium

5 LUM5 Database Integrity Loss Loss of the integrity or consistency of a database that may result in the data being incorrect or in a corrupt state and, as a result, may not be accessed or processed correctly.

6 LUM6 Elevated Privileges Roles or permissions thaty, if misused, could allow a person to exploit the systems for his or her own gain or purpose.

7 LUM7 Improperly Designing Information Systems Loss due to improper IT asset or business processes design (inadequate specifications of IT products, inadequate usability, insecure interfaces, policy/procedure flows, design errors, and changes).

8 LUM8 Improperly Designing Network Infrastructure Depending on the requirements defined by the organization, a poorly-planned network infrastructure may impact the confidentiality of data and the integrity of the network, which may lead to unauthorized disclosure of sensitive information to unauthorized users.

9 LUM9 Inappropriate/Inadequate Key Management Management of cryptographic keys in a cryptosystem. This includes dealing with the generation, exchange, storage, use, crypto shredding (destruction), and replacement of keys.

10 LUM10 Insufficiently or Inadequately Following Release Procedures Inadequate testing of new systems may result in possible errors in the hardware or software undetected, may remain undetected, or may result in significant disruption to IT operations or systems.

11 LUM11 Lack of (or Insufficient) Logging Lack of or insufficient logging may prevent the organization from determining whether security specifications were violated or whether attacks were attempted. Additionally, organizations may not be able to assess whether logged information can be used for error analysis in the event of damage, and for determining the causes of the damge, or for integrity tests.

12 LUM12 Loss Due to Unauthorized Storage Loss of records by improper/unauthorized use of storage devices.

13 LUM13 Misuse of Audit Tools The malicious use of network scanning tools to discover open and possibly unused ports, protocols, and services, as well as vulnerabilities.

14 LUM14 Mobile Device Applications Data Leakage Leaking covered information as a result of using mobile device applications.

15 LUM15 System Configuration Errors Information leak/sharing/damage caused by misuse of information assets (lack of awareness of application features) or wrong/improper information assets configuration or management.

16 LUM16 Unacceptable Use A violation of the set of rules applied by senior management or the asset/resource owner of a network, website, or service, that restrict the ways in which the network, website, or system may be used and sets guidelines as to how it should be used.

17 LUM17 Unmanaged Data Does not allow for prescription of information protection.

18 LUM18 Web Applications Data Leakage Leakage of covered information when using web applications.

Organizational Threats

Category: Compliance

Sub-Category: Contractual

Entities or individuals seeking money or another specific performance rather than criminal sanctions due to non-compliance of a legal contract.

ID Threat Description

OCC1 Civil The process of resolving a legal dispute between two or more parties (individuals or business entities) who seek compensation for damages incurred or specific performances that were not delivered.

Sub-Category: Regulatory

Laws that govern the conduct of an entity, individual, or organization and often include penalties for violations.

ID Threat Description

OCR1 Administrative Specifically deals with the administrative agency’s decision-making capabilities, as they carry out laws passed by state and federal legislatures. Differs from regular civil and criminal courts, and their authority is limited to making administrative decisions.

OCR2 Civil The process of resolving a legal dispute between two or more parties (individuals or business entities) who seek compensation for damages incurred or specific performances that were not delivered.

OCR3 Criminal Going to trial in a criminal court to either prosecute or defend oneself in a criminal matter.

Sub-Category: Statutory

Law enacted by legislation to govern entities.

ID Threat Description

OCS1 Civil The process of resolving a legal dispute between two or more parties (individuals or business entities) who seek compensation for damages incurred or specific performances that were not delivered.

OCS2 Criminal Going to trial in a criminal court to either prosecute or defend oneself in a criminal matter.

Physical Threats

Category: Force Majeure

Sub-Category: Climatological

A major adverse event resulting from natural processes of the climate/temperature (e.g., extreme temperature, drought).

ID Threat Description

PFC1 Drought Prolonged period of abnormally low rainfall and a shortage of water, causing damage to assets.

Sub-Category: Environmental

Local conditions relating to the natural world.

ID Threat Description

PFE1 Humidity Water vapor in the air that can collect as condensation, causing water damage to assets.

PFE2 Contaminants The collection of tiny foreign particles that can have an adverse effect on assets.

PFE3 Corrosion Chemical (i.e., gaseous or liquid) contaminants, causing corrosion of assets.

Sub-Category: Geological

A major adverse event resulting from natural processes of the Earth (e.g., earthquake).

ID Threat Description

PFG1 Avalanche A mass of snow, ice, and rocks falling rapidly down a mountainside, damaging structures or assets in its path.

PFG2 Earthquake Sudden movement of a block of the Earth’s crust along a geological fault and associated ground shaking with the potential to damage assets.

PFG3 Landslide The sliding down of a mass of earth or rock from a mountain or cliff, damaging structures or assets in its path.

PFG4 Sinkhole A large hole that suddenly appears in the ground when the surface of the ground is no longer supported, causing damage to anything resting on that surface.

PFG5 Volcano Damage of assets caused by eruption and lava.

PFG6 Wildfires An uncontrolled or non-prescribed combustion of burning vegetation in a natural setting with the potential to damage or disrupt.

Sub-Category: Hydrological

A major adverse event resulting from natural processes of the water (e.g., flooding).

ID Threat Description

PFH1 Erosion Eroding of a surface by water, causing damage to structures and assets on the surface.

PFH2 Flood An overflowing of a large amount of water beyond its normal confines, especially over what is normally dry land causing damage to assets in the flood path.

PFH3 Tsunami Damage from a long, high sea wave caused by a underwater earthquake, landslide, or other disturbance.

Sub-Category: Meteorological

A major adverse event resulting from natural processes of the weather (e.g., tornado, hurricane).

ID Threat Description

PFM1 Blizzard Severe snowstorm with high winds and low visibility that can cause damage or accessibility issues.

PFM2 Cyclonic Storms Rapid circulation of air around a low pressure center with destructive surrounding weather, causing damage and accessibility issues.

PFM3 Hailstorm A storm that produces hail which reaches the surface, causing damage.

PFM4 Heat Waves A prolonged period of abnormally hot weather that can impact people and electronic systems.

PFM5 Ice Storm A storm of freezing rain which can damage assets.

PFM6 Lightning Damage of assets caused by a lightning strike (electrical overvoltage).

Category: Intentional

Sub-Category: Conflict

Struggle resulting from incompatible or opposing needs, drives, wishes, or external or internal demands.

ID Threat Description

PIC1 Arson Intentionally setting fire to assets, causing damage.

PIC2 Large Events Disruption leading to adverse operations (i.e., demonstrations, riots, strikes, and protests).

PIC3 Sabotage Deliberately destroy, damage, or obstruct (something), especially for political or military advantage.

PIC4 Terrorism The use of intentionally indiscriminate violence as a means to create terror among masses of people; or fear to achieve a financial, political, religiousy, or ideological aim through physical violence.

PIC5 Vandalism Action involving deliberate destruction of or damage to property.

PIC6 Warfare Damage to assets, facilities, and employees due to physical war or armed conflict (e.g., bombing).

Sub-Category: Misappropriation

Dishonestly or unfairly taking for one’s own use.

ID Threat Description

PIM1 Embezzlement To appropriate something, such as property entrusted to one’s care, fraudulently to one’s own use. A form of theft through fraud.

PIM2 Extortion The act of obtaining money, property, or services from an organization through coercion. A form of theft through use of force or intimidation to obtain compliance.

PIM3 Fraud Deliberate deception to secure unfair or unlawful gain, or to deprive a victim of a legal right. A form of theft through deception.

PIM4 Theft The act of physically stealing, taking, and removing property with intent to deprive the rightful owner of it.

Sub-Category: Nefarious

Flagrant breaching of time-honored laws and traditions of conduct.

ID Threat Description

PIN1 Abuse of Authority An employee that applies their authority incorrectly, or oversteps their level of authority.

PIN2 Dumpster Diving Searching through discarded assets with the intent of personal gain and/or damage.

PIN3 Information Sharing The deliberate sharing of non-public information with unauthorized entities, such as physically giving sensitive documents.

PIN4 Manipulation of Hardware Unauthorized changes to hardware devices, such as removing memory or hard drive.

PIN5 Masquerade/Pretexting Lying or deceiving to pretend to be someone one is not.

PIN6 Quid Pro Quo The attacker promises to provide a benefit or service in the return of vital access or details.

PIN7 Reverse Engineering (RE) The process by which a man-made object is deconstructed to reveal its design, architecture, or to extract knowledge from the object.

PIN8 Rogue Hardware Manipulation due to unauthorized hardware.

PIN9 Tailgating Unauthorized access by someone else’s means of access at their time of entry.

PIN10 Unacceptable Use Not abiding by the rules defined as acceptable by the governing or owning entity.

PIN11 Unauthorized Access Attaining physical access without permission or approval.

Category: Unintentional

Sub-Category: Failure

Unexpected system degradation or failure.

ID Threat Description

1 PUF1 Third-Party Services Failure or disruption of third-party services required for proper operation of information systems. Example: Supplies or resources.

2 PUF2 Cable Failure of communications links due to problems with cable networks (e.g., Copper & Fiber).

3 PUF3 Cross-talk A special form of line impairment, caused by currents and voltages of signals transmitted over adjacent lines. This may result in the disclosure of sensitive information.

4 PUF4 Electric Power Power failure with the potential to cause asset damage or unavailability.

5 PUF5 Equipment Fire Unexpected combustion of electronic equipment.

6 PUF6 Heating, Ventilation, and Air Conditioning (HVAC) Failure to maintain atmospheric conditions for assets.

7 PUF7 IT Hardware Failure or malfunction of parts and components of IT hardware (e.g., motherboard, CPU, RAM, video card, hard drive, power supply).

8 PUF8 Plumbing Failure of facility plumbing, including gas and water systems.

9 PUF9 Voltage Fluctuations in the supply voltage that can result in malfunctions and damage to IT systems.

10 PUF10 Wireless Failure of communications links due to problems with wireless networks (e.g., radio and RF).

Sub-Category: Human

Human oriented errors or mistakes.

ID Threat Description

1 PUH1 Absence of Personnel Unavailability of key personnel, their competencies/skills, and knowledge.

2 PUH2 Accidental Damage Sudden damage as a result of an unexpected and non-deliberate action.

3 PUH3 Accidental Fire Fire unintentionally set by a human.

4 PUH4 Loss of IT Assets Accidently or unintentionally losing any physical IT asset.

5 PUH5 Mishandling of Passwords Unintentional mishandling of passwords, leading to leakage of covered information.

6 PUH6 Unintentional Information Sharing Accidental verbal disclosure of sensitive information by unauthorized individuals overhearing.

Sub-Category: Misuse

Use in the wrong way or for the wrong purpose.

ID Threat Description

1 PUM1 Configuration Errors Loss of information due to errors in installation or system configuration.

2 PUM2 Improperly Designing Information Systems Loss due to improper IT asset or business processes design (inadequate specifications of IT products, inadequate usability, insecure interfaces, policy/procedure flows, design errors, and changes).

3 PUM3 Improperly Designing Network Infrastructure Depending on the requirements defined by the organization, a poorly planned network infrastructure may impact the confidentiality of data and the integrity of the network, which may lead to unauthorized disclosure of sensitive information to unauthorized users.

4 PUM4 Manipulation of Hardware Unauthorized changes to hardware devices such as removing memory or hard drive.

5 PUM5 Rogue Hardware Manipulation due to unauthorized hardware.

6 PUM6 Tailgating Unauthorized access by convenience or courtesy.

7 PUM7 Unacceptable Use A set of rules applied by senior management and/or the owner of the equipment, information, and etc. may be used and sets guidelines as to how it should be used.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store