Threat events

1. Adversarial

R1.1 Massive phishing attacks and/or spam

R1.2 Spear phishing attacks and social engineering

+blackmailing

+bribery

R1.3 Authentication attacks

Session hijacking

Unauthorised access to legitimate authentication credentials

 a leak of authentication information

 Insecure storage of authentication information

 brute force login attempts/password guessing attacks.

 weak passwords

Exploits vulnerabilities in the authorisation mechanisms

 Bypassing authorisation checks

 Forced browsing/navigation.

 Privilege escalation attacks

R1.4 Communications attacks

unauthorised access to information assets in transit (i.e. ‘sniffing’)

Exploiting unencrypted or weakly-encrypted communications

R1.5 Malware attack

R1.6 DDoS attack

R1.7 Website hacking and defacing

R1.8 Exploitation of vulnerabilities in an organisation's information systems

R1.9 Exploitation of misconfigured organisational information systems and network

Unnecessary or unprotected Internet connections

Weak filtering on Internet or internal network connections

A lack of segregation of critical systems or business functions (e.g. no DMZ in place).

R1.10 Misuse of information systems

The threat misuses legitimately-assigned access privileges to perform unauthorised actions

R1.11 Introducing unauthorised code into applications or software

R1.12 IT Sabotage

R1.13 Eavesdropping
R1.14 Insertion subversive individuals into organisations

R1.15 Unauthorised network scanning and/or probing

External

Internal

R1.16 Gathering of publically-available information about an organisation

R1.17 Unauthorised physical access to information systems

R1.18 Physical damage to or tampering with information systems

R1.19 Theft of equipment

The threat steals physical information systems (e.g. servers, laptops or portable storage
devices) or physical information assets (e.g. paper copies).

R1.20 Conduct physical attacks on organisational facilities or their supporting infrastructure

The threat conducts a physical attack on an organisation’s facilities or supporting

R1.21 Attacks using 0-day vulnerabilities and state-sponsored attacks

R1.22 Attacks on workstations when working remotely.

R1.23 Storing unlawful information on the internal network.

counterfeit films, music, software, sexually explicit materials and other prohibited information
 R1.24 Сryptocurrency mining on company equipment

R1.25 TEMPEST (Spying on information systems through leaking emanations, including

R1.26 Spreading false information about the company and employees

R1.27 False reporting of incidents

R1.28 Theft of digital identity or credentials

new 2023

R1.29 Unauthorized entry to facilities

new 2023

R1.30 Position detection

new 2023

Physical

reputation

2. Human Error

R2.1 User errors and Improper use of the IT systems

R2.2 Disclosure of information

R2.4 Accidental destruction of information

R2.5 Accidental physical damage

devices or media

R2.6 Loss of equipments

laptops, tablets, smartphones, portable storage devices and physical authentication devices,
such as tokens and smartcards

R2.7 Loss of paper documents

R2.8 Maintenance errors

R2.9 Unintentional errors in configuration and change management

R2.10 Unintentional errors in access management

R2.11 Inappropriate handling of passwords

R2.12 Incorrect classification and labelling of information

R2.13 Use of counterfeit or copied software

R2.14 Violation of the clean desk and screen policy

new 2023
 R2.15 Sending or distributing of malware

new 2023

R2.16 Violation of laws or regulations

new 2023

IT Processe failure

3. Infrastructure and software failure

R3.1 Power failure or fluctuation

R3.2 Damage to or loss of external communications

R3.3 Failure of environmental control systems

R3.4 Hardware malfunction or failure

R3.5 Software malfunction or failure

R3.6 Fire (structural)

Fire caused as a result of faulty electrical equipment (e.g. short circuits, overloaded systems
or loose connections),

R3.7 Flooding (structural)

R3.8 Loss of stored data

R.3.9 Electromagnetic pulses

new 2023

4. Environmental

R4.1 Pathogen (e.g. disease outbreak)

new 2020

R4.2 Storm (hail, thunder, blizzard)

R4.3 Hurricane

R4.4 Tornado

R4.5 Earthquake

R4.6 Volcanic eruption

R4.7 Flooding (wild)

R4.8 Tsunami

R4.9 Fire (wild)

R5.1 Strikes, rallies and demonstrations

R5.2 Problems caused by big public events

R5.3 Terrorist attack

new 2022

R5.4 Military operations and exercises

new 2022

R5.5 Breach of personal availability

6. Suppliers

R6.1 Data loss by the supplier

R6.2 Third party software compromise

R6.3 Lack of critical updates

R6.4 Lack of technical support

R6.5 Termination of service

R6.6 Failure of a service provider or supplier

R7.1 Sanctions and bans

new 2022

R7.2 Political business risk, related changes regulation in markets where our customers
operate

new