forked from MISP/misp-taxonomies
-
Notifications
You must be signed in to change notification settings - Fork 0
/
machinetag.json
934 lines (934 loc) · 44.1 KB
/
machinetag.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
{
"values": [
{
"entry": [
{
"description": "Fraud committed by humans.",
"expanded": "Fraud",
"value": "fraud"
},
{
"description": "Fraud committed by employees or others that are in relation with entities, who have access to entities' information and IT assets.",
"expanded": "Fraud committed by employees",
"value": "fraud-by-employees"
},
{
"description": "Intentional actions (non-fulfilment or defective fulfilment of personal duties) aimed to cause disruption or damage to IT assets.",
"expanded": "Sabotage",
"value": "sabotage"
},
{
"description": "Act of physically damaging IT assets.",
"expanded": "Vandalism",
"value": "vandalism"
},
{
"description": "Stealing information or IT assets. Robbery.",
"expanded": "Theft (of devices, storage media and documents)",
"value": "theft"
},
{
"description": "Taking away another person's property in the form of mobile devices, for example smartphones, tablets.",
"expanded": "Theft of mobile devices (smartphones/ tablets)",
"value": "theft-of-mobile-devices"
},
{
"description": "Taking away another person's hardware property (except mobile devices), which often contains business-sensitive data.",
"expanded": "Theft of fixed hardware",
"value": "theft-of-fixed-hardware"
},
{
"description": "Stealing documents from private/company archives, often for the purpose of re-sale or to achieve personal benefits.",
"expanded": "Theft of documents",
"value": "theft-of-documents"
},
{
"description": "Stealing media devices, on which copies of essential information are kept.",
"expanded": "Theft of backups",
"value": "theft-of-backups"
},
{
"description": "Sharing information with unauthorised entities. Loss of information confidentiality due to intentional human actions (e.g., information leak may occur due to loss of paper copies of confidential information).",
"expanded": "Information leak /sharing",
"value": "information-leak-or-unauthorised-sharing"
},
{
"description": "Unapproved access to facility.",
"expanded": "Unauthorized physical access / Unauthorised entry to premises",
"value": "unauthorised-physical-access-or-unauthorised-entry-to-premises"
},
{
"description": "Actions following acts of coercion, extortion or corruption.",
"expanded": "Coercion, extortion or corruption",
"value": "coercion-or-extortion-or-corruption"
},
{
"description": "Threats of direct impact of warfare activities.",
"expanded": "Damage from the warfare",
"value": "damage-from-the-wafare"
},
{
"description": "Threats from terrorists.",
"expanded": "Terrorist attack",
"value": "terrorist-attack"
}
],
"predicate": "physical-attack"
},
{
"entry": [
{
"description": "Information leak / sharing caused by humans, due to their mistakes.",
"expanded": "Information leak /sharing due to human error",
"value": "information-leak-or-sharing-due-to-human-error"
},
{
"value": "accidental-leaks-or-sharing-of-data-by-employees",
"expanded": "Accidental leaks/sharing of data by employees",
"description": "Unintentional distribution of private or sensitive data to an unauthorized entity by a staff member."
},
{
"value": "leaks-of-data-via-mobile-applications",
"expanded": "Leaks of data via mobile applications",
"description": "Threat of leaking private data (a result of using applications for mobile devices)."
},
{
"value": "leaks-of-data-via-web-applications",
"expanded": "Leaks of data via Web applications",
"description": "Threat of leaking important information using web applications."
},
{
"value": "leaks-of-information-transferred-by-network",
"expanded": "Leaks of information transferred by network",
"description": "Threat of eavesdropping of unsecured network traffic."
},
{
"value": "erroneous-use-or-administration-of-devices-and-systems",
"expanded": "Erroneous use or administration of devices and systems",
"description": "Information leak / sharing / damage caused by misuse of IT assets (lack of awareness of application features) or wrong / improper IT assets configuration or management."
},
{
"value": "loss-of-information-due-to-maintenance-errors-or-operators-errors",
"expanded": "Loss of information due to maintenance errors / operators' errors",
"description": "Threat of loss of information by incorrectly performed maintenance of devices or systems or other operator activities."
},
{
"value": "loss-of-information-due-to-configuration-or-installation error",
"expanded": "Loss of information due to configuration/ installation error",
"description": "Threat of loss of information due to errors in installation or system configuration."
},
{
"value": "increasing-recovery-time",
"expanded": "Increasing recovery time",
"description": "Threat of unavailability of information due to errors in the use of backup media and increasing information recovery time."
},
{
"value": "lost-of-information-due-to-user-errors",
"expanded": "Loss of information due to user errors",
"description": "Threat of unavailability of information or damage to IT assets caused by user errors (using IT infrastructure) or IT software recovery time."
},
{
"value": "using-information-from-an-unreliable-source",
"expanded": "Using information from an unreliable source",
"description": "Bad decisions based on unreliable sources of information or unchecked information."
},
{
"value": "unintentional-change-of-data-in-an-information-system",
"expanded": "Unintentional change of data in an information system",
"description": "Loss of information integrity due to human error (information system user mistake)."
},
{
"value": "inadequate-design-and-planning-or-improper-adaptation",
"expanded": "Inadequate design and planning or improper adaptation",
"description": "Threats caused by improper IT assets or business processes design (inadequate specifications of IT products, inadequate usability, insecure interfaces, policy/procedure flows, design errors)."
},
{
"value": "damage-caused-by-a-third-party",
"expanded": "Damage caused by a third party",
"description": "Threats of damage to IT assets caused by third party."
},
{
"value": "security-failure-caused-by-third-party",
"expanded": "Security failure caused by third party",
"description": "Threats of damage to IT assets caused by breach of security regulations by third party."
},
{
"value": "damages-resulting-from-penetration-testing",
"expanded": "Damages resulting from penetration testing",
"description": "Threats to information systems caused by conducting IT penetration tests inappropriately."
},
{
"value": "loss-of-information-in-the-cloud",
"expanded": "Loss of information in the cloud",
"description": "Threats of losing information or data stored in the cloud."
},
{
"value": "loss-of-(integrity-of)-sensitive-information",
"expanded": "Loss of (integrity of) sensitive information",
"description": "Threats of losing information or data, or changing information classified as sensitive."
},
{
"value": "loss-of-integrity-of-certificates",
"expanded": "Loss of integrity of certificates",
"description": "Threat of losing integrity of certificates used for authorisation services"
},
{
"value": "loss-of-devices-and-storage-media-and-documents",
"expanded": "Loss of devices, storage media and documents",
"description": "Threats of unavailability (losing) of IT assets and documents."
},
{
"value": "loss-of-devices-or-mobile-devices",
"expanded": "Loss of devices/ mobile devices",
"description": "Threat of losing mobile devices."
},
{
"value": "loss-of-storage-media",
"expanded": "Loss of storage media",
"description": "Threat of losing data-storage media."
},
{
"value": "loss-of-documentation-of-IT-Infrastructure",
"expanded": "Loss of documentation of IT Infrastructure",
"description": "Threat of losing important documentation."
},
{
"value": "destruction-of-records",
"expanded": "Destruction of records",
"description": "Threats of unavailability (destruction) of data and records (information) stored in devices and storage media."
},
{
"value": "infection-of-removable-media",
"expanded": "Infection of removable media",
"description": "Threat of loss of important data due to using removable media, web or mail infection."
},
{
"value": "abuse-of-storage",
"expanded": "Abuse of storage",
"description": "Threat of loss of records by improper /unauthorised use of storage devices."
}
],
"predicate": "unintentional-damage"
},
{
"predicate": "disaster",
"entry": [
{
"value": "disaster",
"expanded": "Disaster (natural earthquakes, floods, landslides, tsunamis, heavy rains, heavy snowfalls, heavy winds)",
"description": "Large scale natural disasters."
},
{
"value": "fire",
"expanded": "Fire",
"description": "Threat of fire."
},
{
"value": "pollution-dust-corrosion",
"expanded": "Pollution, dust, corrosion",
"description": "Threat of disruption of work of IT systems (hardware) due to pollution, dust or corrosion (arising from the air)."
},
{
"value": "thunderstrike",
"expanded": "Thunderstrike",
"description": "Threat of damage to IT hardware caused by thunder strike (overvoltage)."
},
{
"value": "water",
"expanded": "Water",
"description": "Threat of damage to IT hardware caused by water."
},
{
"value": "explosion",
"expanded": "Explosion",
"description": "Threat of damage to IT hardware caused by explosion."
},
{
"value": "dangerous-radiation-leak",
"expanded": "Dangerous radiation leak",
"description": "Threat of damage to IT hardware caused by radiation leak."
},
{
"value": "unfavourable-climatic-conditions",
"expanded": "Unfavourable climatic conditions",
"description": "Threat of disruption of work of IT systems due to climatic conditions that have a negative effect on hardware."
},
{
"value": "loss-of-data-or-accessibility-of-IT-infrastructure-as-a-result-of-heightened-humidity",
"expanded": "Loss of data or accessibility of IT infrastructure as a result of heightened humidity",
"description": "Threat of disruption of work of IT systems due to high humidity."
},
{
"value": "lost-of-data-or-accessibility-of-IT-infrastructure-as-a-result-of-very-high-temperature",
"expanded": "Lost of data or accessibility of IT infrastructure as a result of very high temperature",
"description": "Threat of disruption of work of IT systems due to high or low temperature."
},
{
"value": "threats-from-space-or-electromagnetic-storm",
"expanded": "Threats from space / Electromagnetic storm",
"description": "Threats of the negative impact of solar radiation to satellites and radio wave communication systems - electromagnetic storm."
},
{
"value": "wildlife",
"expanded": "Wildlife",
"description": "Threat of destruction of IT assets caused by animals: mice, rats, birds."
}
]
},
{
"predicate": "failures-malfunction",
"entry": [
{
"value": "failure-of-devices-or-systems",
"expanded": "Failure of devices or systems",
"description": "Threat of failure of IT hardware and/or software assets or its parts."
},
{
"value": "failure-of-data-media",
"expanded": "Failure of data media",
"description": "Threat of failure of data media."
},
{
"value": "hardware-failure",
"expanded": "Hardware failure",
"description": "Threat of failure of IT hardware."
},
{
"value": "failure-of-applications-and-services",
"expanded": "Failure of applications and services",
"description": "Threat of failure of software/applications or services."
},
{
"value": "failure-of-parts-of-devices-connectors-plug-ins",
"expanded": "Failure of parts of devices (connectors, plug-ins)",
"description": "Threat of failure of IT equipment or its part."
},
{
"value": "failure-or-disruption-of-communication-links-communication networks",
"expanded": "Failure or disruption of communication links (communication networks)",
"description": "Threat of failure or malfunction of communications links."
},
{
"value": "failure-of-cable-networks",
"expanded": "Failure of cable networks",
"description": "Threat of failure of communications links due to problems with cable network."
},
{
"value": "failure-of-wireless-networks",
"expanded": "Failure of wireless networks",
"description": "Threat of failure of communications links due to problems with wireless networks."
},
{
"value": "failure-of-mobile-networks",
"expanded": "Failure of mobile networks",
"description": "Threat of failure of communications links due to problems with mobile networks."
},
{
"value": "failure-or-disruption-of-main-supply",
"expanded": "Failure or disruption of main supply",
"description": "Threat of failure or disruption of supply required for information systems."
},
{
"value": "failure-or-disruption-of-power-supply",
"expanded": "Failure or disruption of power supply",
"description": "Threat of failure or malfunction of power supply."
},
{
"value": "failure-of-cooling-infrastructure",
"expanded": "Failure of cooling infrastructure",
"description": "Threat of failure of IT assets due to improper work of cooling infrastructure."
},
{
"value": "failure-or-disruption-of-service-providers-supply-chain",
"expanded": "Failure or disruption of service providers (supply chain)",
"description": "Threat of failure or disruption of third party services required for proper operation of information systems."
},
{
"value": "malfunction-of-equipment-devices-or-systems",
"expanded": "Malfunction of equipment (devices or systems)",
"description": "Threat of malfunction of IT hardware and/or software assets or its parts (i.e. improper working parameters, jamming, rebooting)."
}
]
},
{
"predicate": "outages",
"entry": [
{
"value": "absence-of-personnel",
"expanded": "Absence of personnel",
"description": "Unavailability of key personnel and their competences."
},
{
"value": "strike",
"expanded": "Strike",
"description": "Unavailability of staff due to a strike (large scale absence of personnel)."
},
{
"value": "loss-of-support-services",
"expanded": "Loss of support services",
"description": "Unavailability of support services required for proper operation of the information system."
},
{
"value": "internet-outage",
"expanded": "Internet outage",
"description": "Unavailability of the Internet connection."
},
{
"value": "network-outage",
"expanded": "Network outage",
"description": "Unavailability of communication links."
},
{
"value": "outage-of-cable-networks",
"expanded": "Outage of cable networks",
"description": "Threat of lack of communications links due to problems with cable network."
},
{
"value": "Outage-of-short-range-wireless-networks",
"expanded": "Outage of short-range wireless networks",
"description": "Threat of lack of communications links due to problems with wireless networks (802.11 networks, Bluetooth, NFC etc.)."
},
{
"value": "outages-of-long-range-wireless-networks",
"expanded": "Outages of long-range wireless networks",
"description": "Threat of lack of communications links due to problems with mobile networks like cellular network (3G, LTE, GSM etc.) or satellite links."
}
]
},
{
"predicate": "eavesdropping-interception-hijacking",
"entry": [
{
"value": "war-driving",
"expanded": "War driving",
"description": "Threat of locating and possibly exploiting connection to the wireless network."
},
{
"value": "intercepting-compromising-emissions",
"expanded": "Intercepting compromising emissions",
"description": "Threat of disclosure of transmitted information using interception and analysis of compromising emission."
},
{
"value": "interception-of-information",
"expanded": "Interception of information",
"description": "Threat of interception of information which is improperly secured in transmission or by improper actions of staff."
},
{
"value": "corporate-espionage",
"expanded": "Corporate espionage",
"description": "Threat of obtaining information secrets by dishonest means."
},
{
"value": "nation-state-espionage",
"expanded": "Nation state espionage",
"description": "Threats of stealing information by nation state espionage (e.g. China based governmental espionage, NSA from USA)."
},
{
"value": "information-leakage-due-to-unsecured-wi-fi-like-rogue-access-points",
"expanded": "Information leakage due to unsecured Wi-Fi, rogue access points",
"description": "Threat of obtaining important information by insecure network rogue access points etc."
},
{
"value": "interfering-radiation",
"expanded": "Interfering radiation",
"description": "Threat of failure of IT hardware or transmission connection due to electromagnetic induction or electromagnetic radiation emitted by an outside source."
},
{
"value": "replay-of-messages",
"expanded": "Replay of messages",
"description": "Threat in which valid data transmission is maliciously or fraudulently repeated or delayed."
},
{
"value": "network-reconnaissance-network-traffic-manipulation-and-information-gathering",
"expanded": "Network Reconnaissance, Network traffic manipulation and Information gathering",
"description": "Threat of identifying information about a network to find security weaknesses."
},
{
"value": "man-in-the-middle-session-hijacking",
"expanded": "Man in the middle/ Session hijacking",
"description": "Threats that relay or alter communication between two parties."
}
]
},
{
"predicate": "legal",
"entry": [
{
"value": "violation-of-rules-and-regulations-breach-of-legislation",
"expanded": "Violation of rules and regulations / Breach of legislation",
"description": "Threat of financial or legal penalty or loss of trust of customers and collaborators due to violation of law or regulations."
},
{
"value": "failure-to-meet-contractual-requirements",
"expanded": "Failure to meet contractual requirements",
"description": "Threat of financial penalty or loss of trust of customers and collaborators due to failure to meet contractual requirements."
},
{
"value": "failure-to-meet-contractual-requirements-by-third-party",
"expanded": "Failure to meet contractual requirements by third party",
"description": "Threat of financial penalty or loss of trust of customers and collaborators due to a third party's failure to meet contractual requirements"
},
{
"value": "unauthorized-use-of-IPR-protected-resources",
"expanded": "Unauthorized use of IPR protected resources",
"description": "Threat of financial or legal penalty or loss of trust of customers and collaborators due to improper/illegal use of IPR protected material (IPR- Intellectual Property Rights."
},
{
"value": "illegal-usage-of-file-sharing-services",
"expanded": "Illegal usage of File Sharing services",
"description": "Threat of financial or legal penalty or loss of trust of customers and collaborators due to improper/illegal use of file sharing services."
},
{
"value": "abuse-of-personal-data",
"expanded": "Abuse of personal data",
"description": "Threat of illegal use of personal data."
},
{
"value": "judiciary-decisions-or-court-order",
"expanded": "Judiciary decisions/court order",
"description": "Threat of financial or legal penalty or loss of trust of customers and collaborators due to judiciary decisions/court order."
}
]
},
{
"predicate": "nefarious-activity-abuse",
"entry": [
{
"value": "identity-theft-identity-fraud-account)",
"expanded": "Identity theft (Identity Fraud/ Account)",
"description": "Threat of identity theft action."
},
{
"value": "credentials-stealing-trojans",
"expanded": "Credentials-stealing trojans",
"description": "Threat of identity theft action by malware computer programs."
},
{
"value": "receiving-unsolicited-e-mail",
"expanded": "Receiving unsolicited E-mail",
"description": "Threat of receiving unsolicited email which affects information security and efficiency."
},
{
"value": "spam",
"expanded": "SPAM",
"description": "Threat of receiving unsolicited, undesired, or illegal email messages."
},
{
"value": "unsolicited-infected-e-mails",
"expanded": "Unsolicited infected e-mails",
"description": "Threat emanating from unwanted emails that may contain infected attachments or links to malicious / infected web sites."
},
{
"value": "denial-of-service",
"expanded": "Denial of service",
"description": "Threat of service unavailability due to massive requests for services."
},
{
"value": "distributed-denial-of-network-service-network-layer-attack",
"expanded": "Distributed denial of network service (DDoS) (network layer attack i.e. Protocol exploitation / Malformed packets / Flooding / Spoofing)",
"description": "Threat of service unavailability due to a massive number of requests for access to network services from malicious clients."
},
{
"value": "distributed-denial-of-network-service-application-layer-attack",
"expanded": "Distributed denial of application service (DDoS) (application layer attack i.e. Ping of Death / XDoS / WinNuke / HTTP Floods)",
"description": "Threat of service unavailability due to massive requests sent by multiple malicious clients."
},
{
"value": "distributed-denial-of-network-service-amplification-reflection-attack",
"expanded": "Distributed DoS (DDoS) to both network and application services (amplification/reflection methods i.e. NTP/ DNS /.../ BitTorrent)",
"description": "Threat of creating a massive number of requests, using multiplication/amplification methods."
},
{
"value": "malicious-code-software-activity",
"expanded": "Malicious code/ software/ activity"
},
{
"value": "search-engine-poisoning",
"expanded": "Search Engine Poisoning",
"description": "Threat of deliberate manipulation of search engine indexes."
},
{
"value": "exploitation-of-fake-trust-of-social-media",
"expanded": "Exploitation of fake trust of social media",
"description": "Threat of malicious activities making use of trusted social media."
},
{
"value": "worms-trojans",
"expanded": "Worms/ Trojans",
"description": "Threat of malware computer programs (trojans/worms)."
},
{
"value": "rootkits",
"expanded": "Rootkits",
"description": "Threat of stealthy types of malware software."
},
{
"value": "mobile-malware",
"expanded": "Mobile malware",
"description": "Threat of mobile malware programs."
},
{
"value": "infected-trusted-mobile-apps",
"expanded": "Infected trusted mobile apps",
"description": "Threat of using mobile malware software that is recognised as trusted one."
},
{
"value": "elevation-of-privileges",
"expanded": "Elevation of privileges",
"description": "Threat of exploiting bugs, design flaws or configuration oversights in an operating system or software application to gain elevated access to resources."
},
{
"value": "web-application-attacks-injection-attacks-code-injection-SQL-XSS",
"expanded": "Web application attacks / injection attacks (Code injection: SQL, XSS)",
"description": "Threat of utilizing custom web applications embedded within social media sites, which can lead to installation of malicious code onto computers to be used to gain unauthorized access."
},
{
"value": "spyware-or-deceptive-adware",
"expanded": "Spyware or deceptive adware",
"description": "Threat of using software that aims to gather information about a person or organization without their knowledge."
},
{
"value": "viruses",
"expanded": "Viruses",
"description": "Threat of infection by viruses."
},
{
"value": "rogue-security-software-rogueware-scareware",
"expanded": "Rogue security software/ Rogueware / Scareware",
"description": "Threat of internet fraud or malicious software that mislead users into believing there is a virus on their computer, and manipulates them to pay money for fake removal tool."
},
{
"value": "ransomware",
"expanded": "Ransomware",
"description": "Threat of infection of computer system or device by malware that restricts access to it and demands that the user pay a ransom to remove the restriction."
},
{
"value": "exploits-exploit-kits",
"expanded": "Exploits/Exploit Kits",
"description": "Threat to IT assets due to the use of web available exploits or exploits software."
},
{
"value": "social-engineering",
"expanded": "Social Engineering",
"description": "Threat of social engineering type attacks (target: manipulation of personnel behaviour)."
},
{
"value": "phishing-attacks",
"expanded": "Phishing attacks",
"description": "Threat of an email fraud method in which the perpetrator sends out legitimate-looking email in an attempt to gather personal and financial information from recipients. Typically, the messages appear to come from well-known and trustworthy websites."
},
{
"value": "spear-phishing-attacks",
"expanded": "Spear phishing attacks",
"description": "Spear-phishing is a targeted e-mail message that has been crafted to create fake trust and thus lure the victim to unveil some business or personal secrets that can be abused by the adversary."
},
{
"value": "abuse-of-information-leakage",
"expanded": "Abuse of Information Leakage",
"description": "Threat of leaking important information."
},
{
"value": "leakage-affecting-mobile-privacy-and-mobile-applications",
"expanded": "Leakage affecting mobile privacy and mobile applications",
"description": "Threat of leaking important information due to using malware mobile applications."
},
{
"value": "leakage-affecting-web-privacy-and-web-applications",
"expanded": "Leakage affecting web privacy and web applications",
"description": "Threat of leakage important information due to using malware web applications."
},
{
"value": "leakage-affecting-network-traffic",
"expanded": "Leakage affecting network traffic",
"description": "Threat of leaking important information in network traffic."
},
{
"value": "leakage-affecting-cloud-computing",
"expanded": "Leakage affecting cloud computing",
"description": "Threat of leaking important information in cloud computing."
},
{
"value": "generation-and-use-of-rogue-certificates",
"expanded": "Generation and use of rogue certificates",
"description": "Threat of use of rogue certificates."
},
{
"value": "loss-of-integrity-of-sensitive-information",
"expanded": "Loss of (integrity of) sensitive information",
"description": "Threat of loss of sensitive information due to loss of integrity."
},
{
"value": "man-in-the-middle-session-hijacking",
"expanded": "Man in the middle / Session hijacking",
"description": "Threat of attack consisting in the exploitation of the web session control mechanism, which is normally managed by a session token."
},
{
"value": "social-engineering-via-signed-malware",
"expanded": "Social Engineering / signed malware",
"description": "Threat of install fake trust signed software (malware) e.g. fake OS updates."
},
{
"value": "fake-SSL-certificates",
"expanded": "Fake SSL certificates",
"description": "Threat of attack due to malware application signed by a certificate that is typically inherently trusted by an endpoint."
},
{
"value": "manipulation-of-hardware-and-software",
"expanded": "Manipulation of hardware and software",
"description": "Threat of unauthorised manipulation of hardware and software."
},
{
"value": "anonymous-proxies",
"expanded": "Anonymous proxies",
"description": "Threat of unauthorised manipulation by anonymous proxies."
},
{
"value": "abuse-of-computing-power-of-cloud-to-launch-attacks-cybercrime-as-a-service)",
"expanded": "Abuse of computing power of cloud to launch attacks (cybercrime as a service)",
"description": "Threat of using large computing powers to generate attacks on demand."
},
{
"value": "abuse-of-vulnerabilities-0-day-vulnerabilities",
"expanded": "Abuse of vulnerabilities, 0-day vulnerabilities",
"description": "Threat of attacks using 0-day or known IT assets vulnerabilities."
},
{
"value": "access-of-web-sites-through-chains-of-HTTP-Proxies-Obfuscation",
"expanded": "Access of web sites through chains of HTTP Proxies (Obfuscation)",
"description": "Threat of bypassing the security mechanism using HTTP proxies (bypassing the website blacklist)."
},
{
"value": "access-to-device-software",
"expanded": "Access to device software",
"description": "Threat of unauthorised manipulation by access to device software."
},
{
"value": "alternation-of-software",
"expanded": "Alternation of software",
"description": "Threat of unauthorized modifications to code or data, attacking its integrity."
},
{
"value": "rogue-hardware",
"expanded": "Rogue hardware",
"description": "Threat of manipulation due to unauthorized access to hardware."
},
{
"value": "manipulation-of-information",
"expanded": "Manipulation of information",
"description": "Threat of intentional data manipulation to mislead information systems or somebody or to cover other nefarious activities (loss of integrity of information)."
},
{
"value": "repudiation-of-actions",
"expanded": "Repudiation of actions",
"description": "Threat of intentional data manipulation to repudiate action."
},
{
"value": "address-space-hijacking-IP-prefixes",
"expanded": "Address space hijacking (IP prefixes)",
"description": "Threat of the illegitimate takeover of groups of IP addresses."
},
{
"value": "routing-table-manipulation",
"expanded": "Routing table manipulation",
"description": "Threat of route packets of network to IP addresses other than that was intended via sender by unauthorised manipulation of routing table."
},
{
"value": "DNS-poisoning-or-DNS-spoofing-or-DNS-Manipulations",
"expanded": "DNS poisoning / DNS spoofing / DNS Manipulations",
"description": "Threat of falsification of DNS information."
},
{
"value": "falsification-of-record",
"expanded": "Falsification of record",
"description": "Threat of intentional data manipulation to falsify records."
},
{
"value": "autonomous-system-hijacking",
"expanded": "Autonomous System hijacking",
"description": "Threat of overtaking by the attacker the ownership of a whole autonomous system and its prefixes despite origin validation."
},
{
"value": "autonomous-system-manipulation",
"expanded": "Autonomous System manipulation",
"description": "Threat of manipulation by the attacker of a whole autonomous system in order to perform malicious actions."
},
{
"value": "falsification-of-configurations",
"expanded": "Falsification of configurations",
"description": "Threat of intentional manipulation due to falsification of configurations."
},
{
"value": "misuse-of-audit-tools",
"expanded": "Misuse of audit tools",
"description": "Threat of nefarious actions performed using audit tools (discovery of security weaknesses in information systems)"
},
{
"value": "misuse-of-information-or-information systems-including-mobile-apps",
"expanded": "Misuse of information/ information systems (including mobile apps)",
"description": "Threat of nefarious action due to misuse of information / information systems."
},
{
"value": "unauthorized-activities",
"expanded": "Unauthorized activities",
"description": "Threat of nefarious action due to unauthorised activities."
},
{
"value": "Unauthorised-use-or-administration-of-devices-and-systems",
"expanded": "Unauthorised use or administration of devices and systems",
"description": "Threat of nefarious action due to unauthorised use of devices and systems."
},
{
"value": "unauthorised-use-of-software",
"expanded": "Unauthorised use of software",
"description": "Threat of nefarious action due to unauthorised use of software."
},
{
"value": "unauthorized-access-to-the-information-systems-or-networks-like-IMPI-Protocol-DNS-Registrar-Hijacking)",
"expanded": "Unauthorized access to the information systems-or-networks (IMPI Protocol / DNS Registrar Hijacking)",
"description": "Threat of unauthorised access to the information systems / network."
},
{
"value": "network-intrusion",
"expanded": "Network Intrusion",
"description": "Threat of unauthorised access to network."
},
{
"value": "unauthorized-changes-of-records",
"expanded": "Unauthorized changes of records",
"description": "Threat of unauthorised changes of information."
},
{
"value": "unauthorized-installation-of-software",
"expanded": "Unauthorized installation of software",
"description": "Threat of unauthorised installation of software."
},
{
"value": "Web-based-attacks-drive-by-download-or-malicious-URLs-or-browser-based-attacks",
"expanded": "Web based attacks (Drive-by download / malicious URLs / Browser based attacks)",
"description": "Threat of installation of unwanted malware software by misusing websites."
},
{
"value": "compromising-confidential-information-like-data-breaches",
"expanded": "Compromising confidential information (data breaches)",
"description": "Threat of data breach."
},
{
"value": "hoax",
"expanded": "Hoax",
"description": "Threat of loss of IT assets security due to cheating."
},
{
"value": "false-rumour-and-or-fake-warning",
"expanded": "False rumour and/or fake warning",
"description": "Threat of disruption of work due to rumours and/or a fake warning."
},
{
"value": "remote-activity-execution",
"expanded": "Remote activity (execution)",
"description": "Threat of nefarious action by attacker remote activity."
},
{
"value": "remote-command-execution",
"expanded": "Remote Command Execution",
"description": "Threat of nefarious action due to remote command execution."
},
{
"value": "remote-access-tool",
"expanded": "Remote Access Tool (RAT)",
"description": "Threat of infection of software that has a remote administration capabilities allowing an attacker to control the victim's computer."
},
{
"value": "botnets-remote-activity",
"expanded": "Botnets / Remote activity",
"description": "Threat of penetration by software from malware distribution."
},
{
"value": "targeted-attacks",
"expanded": "Targeted attacks (APTs etc.)",
"description": "Threat of sophisticated, targeted attack which combine many attack techniques."
},
{
"value": "mobile-malware-exfiltration",
"expanded": "Mobile malware (exfiltration)",
"description": "Threat of mobile software that aims to gather information about a person or organization without their knowledge."
},
{
"value": "spear-phishing-attacks-targeted",
"expanded": "Spear phishing attacks (targeted)",
"description": "Threat of attack focused on a single user or department within an organization, coming from someone within the company in a position of trust and requesting information such as login, IDs and passwords."
},
{
"value": "installation-of-sophisticated-and-targeted-malware",
"expanded": "Installation of sophisticated and targeted malware",
"description": "Threat of malware delivered by sophisticated and targeted software."
},
{
"value": "watering-hole-attacks",
"expanded": "Watering Hole attacks",
"description": "Threat of malware residing on the websites which a group often uses."
},
{
"value": "failed-business-process",
"expanded": "Failed business process",
"description": "Threat of damage or loss of IT assets due to improperly executed business process."
},
{
"value": "brute-force",
"expanded": "Brute force",
"description": "Threat of unauthorised access via systematically checking all possible keys or passwords until the correct one is found."
},
{
"value": "abuse-of-authorizations",
"expanded": "Abuse of authorizations",
"description": "Threat of using authorised access to perform illegitimate actions."
}
]
}
],
"predicates": [
{
"description": "Threats of intentional, hostile human actions.",
"expanded": "Physical attack (deliberate/intentional).",
"value": "physical-attack"
},
{
"description": "Threats of unintentional human actions or errors.",
"expanded": "Unintentional damage / loss of information or IT assets.",
"value": "unintentional-damage"
},
{
"description": "Threats of damage to information assets caused by natural or environmental factors.",
"expanded": "Disaster (natural, environmental).",
"value": "disaster"
},
{
"description": "Threat of failure/malfunction of IT supporting infrastructure (i.e. degradation of quality, improper working parameters, jamming). The cause of a failure is mostly an internal issue (e.g.. overload of the power grid in a building).",
"expanded": "Failures/ Malfunction.",
"value": "failures-malfunction"
},
{
"description": "Threat of complete lack or loss of resources necessary for IT infrastructure. The cause of an outage is mostly an external issue (i.e electricity blackout in the whole city).",
"expanded": "Outages.",
"value": "outages"
},
{
"description": "Threats that alter communication between two parties. These attacks do not have to install additional tools/software on a victim's site.",
"expanded": "Eavesdropping/ Interception/ Hijacking",
"value": "eavesdropping-interception-hijacking"
},
{
"description": "Threat of financial or legal penalty or loss of trust of customers and collaborators due to legislation.",
"expanded": "Legal",
"value": "legal"
},
{
"description": "Threats of nefarious activities that require use of tools by the attacker. These attacks require installation of additional tools/software or performing additional steps on the victim's IT infrastructure/software.",
"expanded": "Nefarious Activity/ Abuse",
"value": "nefarious-activity-abuse"
}
],
"version": 20170725,
"description": "The present threat taxonomy is an initial version that has been developed on the basis of available ENISA material. This material has been used as an ENISA-internal structuring aid for information collection and threat consolidation purposes. It emerged in the time period 2012-2015.",
"expanded": "ENISA Threat Taxonomy",
"namespace": "enisa"
}