Security Threats Taxonomy
Introduction
The list of security threats has been developed as part of the available templates for securitypatterns.io.
This list has been curated for a variety of different sources, and focuses on cyber security threats to technology. Threats associated to Physical or Environmental factors have been consolidated, as these are anticipated to require less consideration for most patterns.
It’s important to note that the purpose of this list is to facilitate identification and categorisation of threats within security patterns. Other lists such as MITRE CAPEC and OWASP are still relevant, but provide a much more detailed analysis of threats than what is required for security patterns.
References
Security Threat List
| Threat ID | Threat Event | Threat Detail |
|---|---|---|
| TE-01 | Disaster or major events in the environment | Lost of data or accessibility of IT infrastructure as result of fire, earthquake, flood, landslide, tsunamis or heavy winds |
| TE-02 | Unfavourable climatic conditions | Lost of data or accessibility of IT infrastructure as result of extensive temperature, humidity, pollution or dust |
| TE-03 | Fraud | Individual(s) engaged in deceptive or deceitful behaviour against another person or organisation intended to result in financial or personal gain |
| TE-04 | Sabotage | Individual(s) engaged in Deceptive or deceitful behaviour against another person or organisation to suffer some disadvantage |
| TE-05 | Physical theft | Individual(s) engaged gain physical access to a system or device through theft of the item such as mobile devices, storage media or IT equipment |
| TE-06 | Unauthorized physical access or entry to premises | Individual(s) exploit weakness in physical access of authorized staff to gain access to organizational facilities |
| TE-07 | Coercion, extortion or blackmail | Individual(s) covertly use force, threats of extortion or blackmail to compromise critical information systems and or gain physical access |
| TE-08 | Warfare or terrorists attack | Individual(s) or state based actors engaged in physical attack and harm against another person, organisation or country to compromise critical information systems and or gain physical access |
| TE-09 | Accidental leaks or sharing of information due to human error or mishandling | Authorized user inadvertently exposes critical or sensitive information through human error |
| TE-10 | Leaks of information or data through applications flaws, misconfigured services or system errors. | System inadvertently exposes or discloses critical or sensitive information within system, configuration or audit logs |
| TE-11 | Disruption to information systems due to misconfiguration or maintenance errors | Destruction or loss of system availability due to human error for misconfiguration or changes performed during maintenance |
| TE-12 | Unintentional change of data within information system | Mishandling of critical or sensitive information by authorized users |
| TE-13 | Inadequate design and planning leading to improper deployment | Loss of confidence in the application, system or platform due to poor deployment, configuration and potential for human error |
| TE-14 | Inadequate workflows or processes leading to flaws in deployment | Loss of confidence in the application, system or platform due to poor workflow or business process. |
| TE-15 | Unintentional damages through security testing | Loss of confidence in the stability or integrity of application, system or services due to security testing or attempted exploitation of vulnerabilities |
| TE-16 | Unintentional destruction of records through mismanaged data repositories or storage | Corrupted and incorrect data resulting in suboptimal services, loss of confidence in data storage or backups |
| TE-17 | System failure or corruption of information systems, devices or media | Physical failure or devices or defective data media Hardware failure of parts or components including loss of power supply or cooling |
| TE-18 | Failure or disruption of network infrastructure, connectivity or communication links | Physical failure of network infrastructure, devices, communication links including cable, wireless or mobile |
| TE-19 | Failure within information systems due to disruption or unavailability of dependant external supply chains | Failure in information systems due to dependencies on external software packages, components or external service providers that may be disrupted or destroy supply chain. |
| TE-20 | Interception of information due to publicly accessible insecure or rouge remote access points | Gain unauthorised access into information systems via rouge or misconfigured network services such as WIFI, VPN or Remote Desktop services |
| TE-21 | Network reconnaissance and information gathering | Utilise information systems or networks infrastructure to collect or sniff network traffic |
| TE-22 | Session hijacking | Gain access to information systems or networks for the express purpose of taking control or hijacking a legitimate session between two entities |
| TE-23 | Man in the middle attack or network traffic modification | Intercept or eavesdrop on sessions to capture, manipulate or replay messages between two entities |
| TE-24 | Identity theft | Adversary impersonates users or privileged users through fraudulent or stolen credentials or digital certificates |
| TE-25 | Generation of false identities | Adversary exploits weakness in identity systems allowing generation of rogue credentials or digital certificates used to masquerade or impersonate users or system services |
| TE-26 | Abuse of resources through misconfiguration | Exploit of poorly configured information systems to conduct unauthorized activities or configuration changes |
| TE-27 | Exploit hardware or platform vulnerabilities | Trusted applications or services are compromised by underlying platforms through bios exploits, firmware exploits or rootkits |
| TE-28 | Infection from malware, worms or trojans | Trusted applications or services are compromised through malware infection, worms or trojans |
| TE-29 | Web application attacks or code injection attack | Trusted applications or services are compromised through web application attacks or code injection attack |
| TE-30 | Rogue software masquerading as trusted application | Rogue software, spyware or adware that masquerades as trusted applications or services |
| TE-31 | Unauthorized changes or manipulation of application functionality or code | Manipulation of code or application functionality resulting in loss of confidence and integrity in trusted applications or services. |
| TE-32 | Social engineering or phishing attacks | Adversary counterfeits communications from a legitimate or trustworthy source with the intent of persuading or tricking individuals to expose sensitive information |
| TE-33 | Receive of unsolicited e-mail | Adversary delivers unsolicited infected e-mails or SPAM with the intent of compromising the information systems used by individuals |
| TE-34 | Violate isolation in multi-tenant environment | Adversary circumvents isolation mechanisms within a multi-tenant environment to observe, compromise or deny service to collocated tenants |
| TE-35 | Lack of security insights, monitoring or manipulation of audit log integrity | Manipulation of audit event data or inability to capture and audit actions, events or activities. This effects both integrity and non-repudiation of actions and events within information systems. |
| TE-36 | Unauthorized changes or manipulation of information data records | Corrupted or incorrect information within data records and storage, resulting in loss of confidence and integrity in data |
| TE-37 | Compromise of confidential information or data breach | Exfiltration of critical or sensitive information resulting in data breach |
| TE-38 | Destruction of records through malicious user or malware infection | Intentional loss of availability to critical or sensitive information via malicious insider or ransomware |
| TE-39 | Distributed Denial of service (DDoS) across network layers | Manipulation of network layers for protocol exploitation, crafting malformed packets, network traffic flooding or spoofing |
| TE-40 | Distributed Denial of service (DDoS) across application services | Manipulation of web and application layers including manipulation of application parameter or arguments, session or HTTP/S protocol. |
| TE-41 | Brute force attempts on user or system accounts | Brute force attempts for accessing credentials to timeout or lock accounts used by application or system services |
| TE-42 | Denial of service on hosting platform or system services | Exhaustion of underlying hosting platform memory or computing resources |