├── industry_focused_threat_libraries ├── visualization │ ├── energy.pdf │ ├── retail.pdf │ ├── energy.xmind │ ├── financial.pdf │ ├── insurance.pdf │ ├── retail.xmind │ ├── shipping.pdf │ ├── automotive.pdf │ ├── automotive.xmind │ ├── financial.xmind │ ├── government.pdf │ ├── government.xmind │ ├── healthcare.pdf │ ├── healthcare.xmind │ ├── hospitality.pdf │ ├── insurance.xmind │ ├── shipping.xmind │ ├── hospitality.xmind │ ├── manufacturing.pdf │ ├── transportation.pdf │ ├── higher_education.pdf │ ├── manufacturing.xmind │ ├── telecommunication.pdf │ ├── transportation.xmind │ ├── higher_education.xmind │ ├── telecommunication.xmind │ ├── consumer_electronics.pdf │ ├── consumer_electronics.xmind │ ├── fintech-credit-cards.pdf │ └── fintech-credit-cards.xmind ├── fintech-credit-cards.json ├── government.json └── insurance.json ├── .github └── ISSUE_TEMPLATE │ ├── bug_report.md │ └── feature_request.md ├── LICENSE └── README.md /industry_focused_threat_libraries/visualization/energy.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/VerSprite/fork-community/HEAD/industry_focused_threat_libraries/visualization/energy.pdf -------------------------------------------------------------------------------- /industry_focused_threat_libraries/visualization/retail.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/VerSprite/fork-community/HEAD/industry_focused_threat_libraries/visualization/retail.pdf -------------------------------------------------------------------------------- /industry_focused_threat_libraries/visualization/energy.xmind: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/VerSprite/fork-community/HEAD/industry_focused_threat_libraries/visualization/energy.xmind -------------------------------------------------------------------------------- /industry_focused_threat_libraries/visualization/financial.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/VerSprite/fork-community/HEAD/industry_focused_threat_libraries/visualization/financial.pdf -------------------------------------------------------------------------------- /industry_focused_threat_libraries/visualization/insurance.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/VerSprite/fork-community/HEAD/industry_focused_threat_libraries/visualization/insurance.pdf -------------------------------------------------------------------------------- /industry_focused_threat_libraries/visualization/retail.xmind: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/VerSprite/fork-community/HEAD/industry_focused_threat_libraries/visualization/retail.xmind -------------------------------------------------------------------------------- /industry_focused_threat_libraries/visualization/shipping.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/VerSprite/fork-community/HEAD/industry_focused_threat_libraries/visualization/shipping.pdf -------------------------------------------------------------------------------- /industry_focused_threat_libraries/visualization/automotive.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/VerSprite/fork-community/HEAD/industry_focused_threat_libraries/visualization/automotive.pdf -------------------------------------------------------------------------------- /industry_focused_threat_libraries/visualization/automotive.xmind: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/VerSprite/fork-community/HEAD/industry_focused_threat_libraries/visualization/automotive.xmind -------------------------------------------------------------------------------- /industry_focused_threat_libraries/visualization/financial.xmind: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/VerSprite/fork-community/HEAD/industry_focused_threat_libraries/visualization/financial.xmind -------------------------------------------------------------------------------- /industry_focused_threat_libraries/visualization/government.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/VerSprite/fork-community/HEAD/industry_focused_threat_libraries/visualization/government.pdf -------------------------------------------------------------------------------- /industry_focused_threat_libraries/visualization/government.xmind: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/VerSprite/fork-community/HEAD/industry_focused_threat_libraries/visualization/government.xmind -------------------------------------------------------------------------------- /industry_focused_threat_libraries/visualization/healthcare.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/VerSprite/fork-community/HEAD/industry_focused_threat_libraries/visualization/healthcare.pdf -------------------------------------------------------------------------------- /industry_focused_threat_libraries/visualization/healthcare.xmind: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/VerSprite/fork-community/HEAD/industry_focused_threat_libraries/visualization/healthcare.xmind -------------------------------------------------------------------------------- /industry_focused_threat_libraries/visualization/hospitality.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/VerSprite/fork-community/HEAD/industry_focused_threat_libraries/visualization/hospitality.pdf -------------------------------------------------------------------------------- /industry_focused_threat_libraries/visualization/insurance.xmind: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/VerSprite/fork-community/HEAD/industry_focused_threat_libraries/visualization/insurance.xmind -------------------------------------------------------------------------------- /industry_focused_threat_libraries/visualization/shipping.xmind: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/VerSprite/fork-community/HEAD/industry_focused_threat_libraries/visualization/shipping.xmind -------------------------------------------------------------------------------- /industry_focused_threat_libraries/visualization/hospitality.xmind: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/VerSprite/fork-community/HEAD/industry_focused_threat_libraries/visualization/hospitality.xmind -------------------------------------------------------------------------------- /industry_focused_threat_libraries/visualization/manufacturing.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/VerSprite/fork-community/HEAD/industry_focused_threat_libraries/visualization/manufacturing.pdf -------------------------------------------------------------------------------- /industry_focused_threat_libraries/visualization/transportation.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/VerSprite/fork-community/HEAD/industry_focused_threat_libraries/visualization/transportation.pdf -------------------------------------------------------------------------------- /industry_focused_threat_libraries/visualization/higher_education.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/VerSprite/fork-community/HEAD/industry_focused_threat_libraries/visualization/higher_education.pdf -------------------------------------------------------------------------------- /industry_focused_threat_libraries/visualization/manufacturing.xmind: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/VerSprite/fork-community/HEAD/industry_focused_threat_libraries/visualization/manufacturing.xmind -------------------------------------------------------------------------------- /industry_focused_threat_libraries/visualization/telecommunication.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/VerSprite/fork-community/HEAD/industry_focused_threat_libraries/visualization/telecommunication.pdf -------------------------------------------------------------------------------- /industry_focused_threat_libraries/visualization/transportation.xmind: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/VerSprite/fork-community/HEAD/industry_focused_threat_libraries/visualization/transportation.xmind -------------------------------------------------------------------------------- /industry_focused_threat_libraries/visualization/higher_education.xmind: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/VerSprite/fork-community/HEAD/industry_focused_threat_libraries/visualization/higher_education.xmind -------------------------------------------------------------------------------- /industry_focused_threat_libraries/visualization/telecommunication.xmind: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/VerSprite/fork-community/HEAD/industry_focused_threat_libraries/visualization/telecommunication.xmind -------------------------------------------------------------------------------- /industry_focused_threat_libraries/visualization/consumer_electronics.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/VerSprite/fork-community/HEAD/industry_focused_threat_libraries/visualization/consumer_electronics.pdf -------------------------------------------------------------------------------- /industry_focused_threat_libraries/visualization/consumer_electronics.xmind: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/VerSprite/fork-community/HEAD/industry_focused_threat_libraries/visualization/consumer_electronics.xmind -------------------------------------------------------------------------------- /industry_focused_threat_libraries/visualization/fintech-credit-cards.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/VerSprite/fork-community/HEAD/industry_focused_threat_libraries/visualization/fintech-credit-cards.pdf -------------------------------------------------------------------------------- /industry_focused_threat_libraries/visualization/fintech-credit-cards.xmind: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/VerSprite/fork-community/HEAD/industry_focused_threat_libraries/visualization/fintech-credit-cards.xmind -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Create a report to help us improve 4 | title: '' 5 | labels: 'Type: Bug' 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Describe the bug** 11 | A clear and concise description of what the bug is. 12 | 13 | **To Reproduce** 14 | Steps to reproduce the behavior: 15 | 1. Go to '...' 16 | 2. Click on '....' 17 | 3. Scroll down to '....' 18 | 4. See error 19 | 20 | **Expected behavior** 21 | A clear and concise description of what you expected to happen. 22 | 23 | **Screenshots** 24 | If applicable, add screenshots to help explain your problem. 25 | 26 | **Additional context** 27 | Add any other context about the problem here. 28 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Suggest an idea for this project 4 | title: '' 5 | labels: 'Type: Feature' 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Is your feature request related to a problem? Please describe.** 11 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] 12 | 13 | **Describe the solution you'd like** 14 | A clear and concise description of what you want to happen. 15 | 16 | **Describe alternatives you've considered** 17 | A clear and concise description of any alternative solutions or features you've considered. 18 | 19 | **Additional context** 20 | Add any other context or screenshots about the feature request here. 21 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2024 VerSprite, LLC 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Fork Community - Free SaaS tool to build risk centric threat models using the P.A.S.T.A. threat modeling methodology 2 | 3 | ## Introduction 4 | Welcome to the repository for the [Fork Community Edition](https://forktm.com), an implementation of the [PASTA](https://versprite.com/blog/what-is-pasta-threat-modeling/) (Process for Attack Simulation and Threat Analysis) threat modeling framework. This repository provides a collaborative space for enhancing and expanding the capabilities of Fork through community contributions. It consolidates previous work, including the attack trees shared by VerSprite, which are now available under the threat libraries folder. 5 | 6 | ## What is Fork? 7 | [ForkTM.com](https://forktm.com) is a SaaS platform that implements the PASTA framework for threat modeling. Our goal is to create a tool that not only serves the needs of security professionals but also evolves with the contributions of the community. The community version is freely available and designed with extensibility in mind, allowing the community to contribute and enhance various parts. Meanwhile, the enterprise edition aims to cater to organizations with more advanced functionalities and tailored features. 8 | 9 | ### Comprehensive Mapping of Taxonomies 10 | Our ForkTM platform is expanding its scope to encompass mapping all relevant taxonomies. In ForkTM, we strive to provide a holistic approach by integrating both theory and evidence methodologies. Fork’s evidence-based approach complements your threat models and helps identify additional Tactics, Techniques, and Procedures (TTPs) for consideration in the attack tree. These adversarial methods are derived from real-world attacks observed and reported by legitimate sources. 11 | 12 | Fork is incorporating threats and adversarial methods derived from multiple categories of observed behavior: 13 | * TTPs used against your Technology Platform(s) 14 | * Software used maliciously against your Industry 15 | * Campaign(s) targeting your Industry 16 | 17 | ### Comprehensive Threat Libraries 18 | Our threat libraries are designed as a tree, providing a hierarchical mapping of various security standards, frameworks, and methodologies. Within this tree structure, you can explore different branches such as threats, motives, targets, CWEs (Common Weakness Enumeration), CAPECs (Common Attack Pattern Enumeration and Classification), CVEs (Common Vulnerabilities and Exposures), MITRE ATT&CK post-exploitation patterns along with their corresponding mitigations, and OWASP ASVS (Application Security Verification Standard). This approach allows for an intuitive understanding of how these elements interconnect and relate to one another within your threat models. 19 | 20 | ### Integrated Insights and Mappings 21 | By leveraging both theoretical and evidence-based insights, ForkTM provides a comprehensive and adaptable threat modeling platform. The hierarchical mappings within the threat library directly relate to and enrich your threat models, offering a structured way to visualize and analyze the relationships between different elements. This integration ensures that your threat models are informed by a wide range of data sources, facilitating a more robust and informed security posture that evolves with the needs of its users and the broader security community. 22 | 23 | ## Repository Objectives 24 | - **Issue Tracker**: A dedicated system for reporting issues, suggesting enhancements, and discussing project-related matters. 25 | - **Community Contributions**: Members can contribute to JSON files that constitute the basis of a threat library, which are integral to Fork's functionality. 26 | - **Automatic Updates**: Changes to the JSON files that pass the peer-review process will be reflected in the platform with each new release, ensuring up-to-date threat modeling capabilities. 27 | 28 | ## Getting Started 29 | 1. **Clone the Repository**: `git clone git@github.com:VerSprite/forkTM.git` 30 | 2. **Explore the JSON Files**: These files are located in the `/industry_focused_threat_libraries` directory and are grouped per industry. 31 | 3. **Report Issues or Suggestions**: Use the GitHub Issues tab to report bugs, request features, or discuss the project. 32 | 4. **Contribute**: Make changes to the JSON files and submit a pull request. Our team will review and integrate contributions in the next release. 33 | 34 | ## Contributing 35 | We welcome contributions from the community! Here's how you can help: 36 | - **Report Bugs**: Found a problem? Let us know through the Issues tab. 37 | - **Suggest Features**: Have an idea to improve Fork? We're all ears! 38 | - **Update Data**: Contribute to our JSON files to enhance the platform's threat modeling capabilities. 39 | 40 | 41 | 42 | 46 | 47 | 51 | 52 | ## Contact 53 | For further inquiries or direct communication, please contact [forktm@versprite.com](mailto:forktm@versprite.com). 54 | 55 | ## Acknowledgments 56 | A special thanks to all the contributors who have made Fork a reality. Your efforts are deeply appreciated! 57 | 58 | --- 59 | 60 | Happy Threat Modeling! 61 | 62 | The Fork Team 63 | -------------------------------------------------------------------------------- /industry_focused_threat_libraries/fintech-credit-cards.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "threat": "Execute Fraudulent Card-Not-Present Transactions", 4 | "threat_description": "This threat involves unauthorized transactions using card-not-present (CNP) data, typically through online platforms, without the physical card being present.", 5 | "motives": [ 6 | { 7 | "motive": "Financial Gain", 8 | "components": [ 9 | { 10 | "name": "Payment Gateway Exploitation", 11 | "description": "Exploiting vulnerabilities in the payment gateway to execute unauthorized transactions.", 12 | "sub_components": [ 13 | { 14 | "name": "match: authentication_type", 15 | "dynamic": true, 16 | "tags": "match: authentication_type", 17 | "cwes": [ 18 | { 19 | "cwe_id": "CWE-287: Improper Authentication", 20 | "cwe_mapping_reason": "Improper authentication mechanisms can be exploited to bypass security controls.", 21 | "capecs_to_exclude": [] 22 | }, 23 | { 24 | "cwe_id": "CWE-295: Improper Certificate Validation", 25 | "cwe_mapping_reason": "Improper certificate validation can lead to man-in-the-middle attacks.", 26 | "capecs_to_exclude": [ 27 | "459" 28 | ] 29 | } 30 | ] 31 | }, 32 | { 33 | "name": "match: validation_sanitization", 34 | "dynamic": true, 35 | "tags": "match: validation_sanitization", 36 | "cwes": [ 37 | { 38 | "cwe_id": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", 39 | "cwe_mapping_reason": "Improper input validation can lead to cross-site scripting attacks.", 40 | "capecs_to_exclude": [ 41 | "209", 42 | "85" 43 | ] 44 | }, 45 | { 46 | "cwe_id": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", 47 | "cwe_mapping_reason": "SQL injection vulnerabilities due to improper input sanitization.", 48 | "capecs_to_exclude": [] 49 | } 50 | ] 51 | } 52 | ] 53 | } 54 | ] 55 | }, 56 | { 57 | "motive": "Identity Theft", 58 | "components": [ 59 | { 60 | "name": "User Account Compromise", 61 | "description": "Gaining unauthorized access to user accounts to perform fraudulent transactions.", 62 | "sub_components": [ 63 | { 64 | "name": "match: backend_servers", 65 | "dynamic": true, 66 | "tags": "match: backend_servers", 67 | "cwes": [ 68 | { 69 | "cwe_id": "CWE-522: Insufficiently Protected Credentials", 70 | "cwe_mapping_reason": "Insufficiently protected credentials can be exploited to gain unauthorized access.", 71 | "capecs_to_exclude": [] 72 | }, 73 | { 74 | "cwe_id": "CWE-798: Use of Hard-coded Credentials", 75 | "cwe_mapping_reason": "Use of hard-coded credentials can lead to unauthorized access.", 76 | "capecs_to_exclude": [ 77 | "191" 78 | ] 79 | } 80 | ] 81 | }, 82 | { 83 | "name": "match: frontend_technologies", 84 | "dynamic": true, 85 | "tags": "match: frontend_technologies", 86 | "cwes": [ 87 | { 88 | "cwe_id": "CWE-352: Cross-Site Request Forgery (CSRF)", 89 | "cwe_mapping_reason": "Cross-Site Request Forgery (CSRF) vulnerabilities can be exploited to perform unauthorized actions.", 90 | "capecs_to_exclude": [] 91 | }, 92 | { 93 | "cwe_id": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')", 94 | "cwe_mapping_reason": "Open redirect vulnerabilities can be used to redirect users to malicious sites.", 95 | "capecs_to_exclude": [ 96 | "178" 97 | ] 98 | } 99 | ] 100 | } 101 | ] 102 | } 103 | ] 104 | } 105 | ] 106 | }, 107 | { 108 | "threat": "Compromise System Interfaces and Authentication Mechanisms", 109 | "threat_description": "This threat involves unauthorized access, data manipulation, or service disruption through the compromise of system interfaces (e.g., APIs, message brokers, web servers) and authentication mechanisms (e.g., identity verification, access controls). Attackers may exploit vulnerabilities in these components to breach systems, manipulate data, or disrupt services, leading to significant operational and security impacts.", 110 | "motives": [ 111 | { 112 | "motive": "Data Exfiltration/Theft", 113 | "components": [ 114 | { 115 | "name": "Authentication and Authorization Systems", 116 | "description": "Systems managing user authentication and access controls, critical for preventing unauthorized access.", 117 | "sub_components": [ 118 | { 119 | "name": "match: authentication_type", 120 | "dynamic": true, 121 | "tags": "match: authentication_type", 122 | "cwes": [ 123 | { 124 | "cwe_id": "CWE-287: Improper Authentication", 125 | "cwe_mapping_reason": "Improper authentication allows attackers to bypass security controls.", 126 | "capecs_to_exclude": [] 127 | }, 128 | { 129 | "cwe_id": "CWE-306: Missing Authentication for Critical Function", 130 | "cwe_mapping_reason": "Missing authentication for critical functions allows unauthorized access.", 131 | "capecs_to_exclude": [ 132 | "12" 133 | ] 134 | }, 135 | { 136 | "cwe_id": "CWE-798: Use of Hard-coded Credentials", 137 | "cwe_mapping_reason": "Hard-coded credentials can be exploited to gain unauthorized access.", 138 | "capecs_to_exclude": [ 139 | "191" 140 | ] 141 | } 142 | ] 143 | }, 144 | { 145 | "name": "match: authorization_type", 146 | "dynamic": true, 147 | "tags": "match: authorization_type", 148 | "cwes": [ 149 | { 150 | "cwe_id": "CWE-284: Improper Access Control", 151 | "cwe_mapping_reason": "Improper access control can allow unauthorized data access.", 152 | "capecs_to_exclude": [] 153 | }, 154 | { 155 | "cwe_id": "CWE-732: Incorrect Permission Assignment for Critical Resource", 156 | "cwe_mapping_reason": "Incorrect permissions can lead to unauthorized access.", 157 | "capecs_to_exclude": [] 158 | } 159 | ] 160 | } 161 | ] 162 | }, 163 | { 164 | "name": "Data Storage and Management", 165 | "description": "Systems storing and managing sensitive data, vulnerable to unauthorized access.", 166 | "sub_components": [ 167 | { 168 | "name": "match: database_technologies", 169 | "dynamic": true, 170 | "tags": "match: database_technologies", 171 | "cwes": [ 172 | { 173 | "cwe_id": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", 174 | "cwe_mapping_reason": "SQL injection can allow unauthorized data access.", 175 | "capecs_to_exclude": [] 176 | }, 177 | { 178 | "cwe_id": "CWE-200: Exposure of Sensitive Information", 179 | "cwe_mapping_reason": "Improper data handling can expose sensitive information.", 180 | "capecs_to_exclude": [] 181 | } 182 | ] 183 | }, 184 | { 185 | "name": "match: validation_sanitization", 186 | "dynamic": true, 187 | "tags": "match: validation_sanitization", 188 | "cwes": [ 189 | { 190 | "cwe_id": "CWE-20: Improper Input Validation", 191 | "cwe_mapping_reason": "Improper input validation can lead to data breaches.", 192 | "capecs_to_exclude": [] 193 | }, 194 | { 195 | "cwe_id": "CWE-116: Improper Encoding or Escaping of Output", 196 | "cwe_mapping_reason": "Improper encoding can enable data leakage.", 197 | "capecs_to_exclude": [] 198 | } 199 | ] 200 | } 201 | ] 202 | } 203 | ] 204 | }, 205 | { 206 | "motive": "Service Disruption", 207 | "components": [ 208 | { 209 | "name": "Integration Interfaces", 210 | "description": "Interfaces such as API gateways and message brokers that facilitate system communication.", 211 | "sub_components": [ 212 | { 213 | "name": "match: backend_technologies", 214 | "dynamic": true, 215 | "tags": "match: backend_technologies", 216 | "cwes": [ 217 | { 218 | "cwe_id": "CWE-400: Uncontrolled Resource Consumption", 219 | "cwe_mapping_reason": "Uncontrolled resource use can lead to denial of service.", 220 | "capecs_to_exclude": [] 221 | }, 222 | { 223 | "cwe_id": "CWE-502: Deserialization of Untrusted Data", 224 | "cwe_mapping_reason": "Deserialization of untrusted data can disrupt services.", 225 | "capecs_to_exclude": [ 226 | "586" 227 | ] 228 | } 229 | ] 230 | }, 231 | { 232 | "name": "match: infrastructure_os", 233 | "dynamic": true, 234 | "tags": "match: infrastructure_os", 235 | "cwes": [ 236 | { 237 | "cwe_id": "CWE-269: Improper Privilege Management", 238 | "cwe_mapping_reason": "Improper privilege management can enable disruptive actions.", 239 | "capecs_to_exclude": [] 240 | }, 241 | { 242 | "cwe_id": "CWE-284: Improper Access Control", 243 | "cwe_mapping_reason": "Improper access control can allow service disruption.", 244 | "capecs_to_exclude": [] 245 | } 246 | ] 247 | } 248 | ] 249 | }, 250 | { 251 | "name": "Web Application Components", 252 | "description": "Components of the web application that can be targeted to disrupt services.", 253 | "sub_components": [ 254 | { 255 | "name": "match: backend_servers", 256 | "dynamic": true, 257 | "tags": "match: backend_servers", 258 | "cwes": [ 259 | { 260 | "cwe_id": "CWE-400: Uncontrolled Resource Consumption", 261 | "cwe_mapping_reason": "Uncontrolled resource use can cause denial of service.", 262 | "capecs_to_exclude": [] 263 | }, 264 | { 265 | "cwe_id": "CWE-404: Improper Resource Shutdown or Release", 266 | "cwe_mapping_reason": "Improper resource handling can disrupt services.", 267 | "capecs_to_exclude": [] 268 | } 269 | ] 270 | } 271 | ] 272 | } 273 | ] 274 | }, 275 | { 276 | "motive": "Data Manipulation", 277 | "components": [ 278 | { 279 | "name": "Data Storage and Management", 280 | "description": "Systems storing and managing sensitive data, vulnerable to unauthorized manipulation.", 281 | "sub_components": [ 282 | { 283 | "name": "match: database_technologies", 284 | "dynamic": true, 285 | "tags": "match: database_technologies", 286 | "cwes": [ 287 | { 288 | "cwe_id": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", 289 | "cwe_mapping_reason": "SQL injection can enable data manipulation.", 290 | "capecs_to_exclude": [] 291 | }, 292 | { 293 | "cwe_id": "CWE-200: Exposure of Sensitive Information", 294 | "cwe_mapping_reason": "Exposure can facilitate data tampering.", 295 | "capecs_to_exclude": [] 296 | } 297 | ] 298 | }, 299 | { 300 | "name": "match: validation_sanitization", 301 | "dynamic": true, 302 | "tags": "match: validation_sanitization", 303 | "cwes": [ 304 | { 305 | "cwe_id": "CWE-20: Improper Input Validation", 306 | "cwe_mapping_reason": "Improper validation can allow data manipulation.", 307 | "capecs_to_exclude": [] 308 | }, 309 | { 310 | "cwe_id": "CWE-116: Improper Encoding or Escaping of Output", 311 | "cwe_mapping_reason": "Improper encoding can enable injection attacks.", 312 | "capecs_to_exclude": [] 313 | } 314 | ] 315 | } 316 | ] 317 | }, 318 | { 319 | "name": "Authentication and Authorization Systems", 320 | "description": "Systems managing authentication and authorization, which can be manipulated to alter access.", 321 | "sub_components": [ 322 | { 323 | "name": "match: authentication_type", 324 | "dynamic": true, 325 | "tags": "match: authentication_type", 326 | "cwes": [ 327 | { 328 | "cwe_id": "CWE-287: Improper Authentication", 329 | "cwe_mapping_reason": "Improper authentication can allow identity manipulation.", 330 | "capecs_to_exclude": [] 331 | }, 332 | { 333 | "cwe_id": "CWE-798: Use of Hard-coded Credentials", 334 | "cwe_mapping_reason": "Hard-coded credentials can be exploited to manipulate access.", 335 | "capecs_to_exclude": [ 336 | "191" 337 | ] 338 | } 339 | ] 340 | }, 341 | { 342 | "name": "match: authorization_type", 343 | "dynamic": true, 344 | "tags": "match: authorization_type", 345 | "cwes": [ 346 | { 347 | "cwe_id": "CWE-284: Improper Access Control", 348 | "cwe_mapping_reason": "Improper access control can enable unauthorized data changes.", 349 | "capecs_to_exclude": [] 350 | }, 351 | { 352 | "cwe_id": "CWE-732: Incorrect Permission Assignment", 353 | "cwe_mapping_reason": "Incorrect permissions can allow data manipulation.", 354 | "capecs_to_exclude": [] 355 | } 356 | ] 357 | } 358 | ] 359 | } 360 | ] 361 | } 362 | ] 363 | }, 364 | { 365 | "threat": "Unauthorized Access to Systems Through Third-Party Integrations", 366 | "threat_description": "Exploiting vulnerabilities in third-party services to gain unauthorized access to systems and data.", 367 | "motives": [ 368 | { 369 | "motive": "Data Theft", 370 | "components": [ 371 | { 372 | "name": "Third-Party Authentication", 373 | "description": "Exploiting weaknesses in third-party authentication services to gain unauthorized access.", 374 | "sub_components": [ 375 | { 376 | "name": "match: authentication_type", 377 | "dynamic": true, 378 | "tags": "match: authentication_type", 379 | "cwes": [ 380 | { 381 | "cwe_id": "CWE-345: Insufficient Verification of Data Authenticity", 382 | "cwe_mapping_reason": "Improper handling of OAuth tokens.", 383 | "capecs_to_exclude": [] 384 | }, 385 | { 386 | "cwe_id": "CWE-287: Improper Authentication", 387 | "cwe_mapping_reason": "Failure to properly authenticate users.", 388 | "capecs_to_exclude": [] 389 | } 390 | ] 391 | }, 392 | { 393 | "name": "match: authorization_type", 394 | "dynamic": true, 395 | "tags": "match: authorization_type", 396 | "cwes": [ 397 | { 398 | "cwe_id": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", 399 | "cwe_mapping_reason": "Exposure of sensitive information through API keys.", 400 | "capecs_to_exclude": [] 401 | }, 402 | { 403 | "cwe_id": "CWE-522: Insufficiently Protected Credentials", 404 | "cwe_mapping_reason": "Insufficiently protected credentials.", 405 | "capecs_to_exclude": [] 406 | } 407 | ] 408 | } 409 | ] 410 | }, 411 | { 412 | "name": "Data Storage", 413 | "description": "Compromising third-party data storage services to access sensitive data.", 414 | "sub_components": [ 415 | { 416 | "name": "match: infrastructure_file_servers", 417 | "dynamic": true, 418 | "tags": "match: infrastructure_file_servers", 419 | "cwes": [ 420 | { 421 | "cwe_id": "CWE-284: Improper Access Control", 422 | "cwe_mapping_reason": "Improper access control configuration.", 423 | "capecs_to_exclude": [] 424 | }, 425 | { 426 | "cwe_id": "CWE-918: Server-Side Request Forgery (SSRF)", 427 | "cwe_mapping_reason": "Server-side request forgery leading to unauthorized access.", 428 | "capecs_to_exclude": [] 429 | } 430 | ] 431 | }, 432 | { 433 | "name": "match: database_technologies", 434 | "dynamic": true, 435 | "tags": "match: database_technologies", 436 | "cwes": [ 437 | { 438 | "cwe_id": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", 439 | "cwe_mapping_reason": "SQL injection vulnerabilities in third-party databases.", 440 | "capecs_to_exclude": [ 441 | "108", 442 | "109", 443 | "110", 444 | "470", 445 | "66", 446 | "7" 447 | ] 448 | }, 449 | { 450 | "cwe_id": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", 451 | "cwe_mapping_reason": "Exposure of sensitive information through database misconfigurations.", 452 | "capecs_to_exclude": [] 453 | } 454 | ] 455 | } 456 | ] 457 | } 458 | ] 459 | }, 460 | { 461 | "motive": "Service Disruption", 462 | "components": [ 463 | { 464 | "name": "Third-Party Service Dependency", 465 | "description": "Exploiting dependencies on third-party services to disrupt operations.", 466 | "sub_components": [ 467 | { 468 | "name": "match: backend_technologies", 469 | "dynamic": true, 470 | "tags": "match: backend_technologies", 471 | "cwes": [ 472 | { 473 | "cwe_id": "CWE-400: Uncontrolled Resource Consumption", 474 | "cwe_mapping_reason": "Uncontrolled resource consumption leading to service downtime.", 475 | "capecs_to_exclude": [] 476 | }, 477 | { 478 | "cwe_id": "CWE-770: Allocation of Resources Without Limits or Throttling", 479 | "cwe_mapping_reason": "Improper resource shutdown or release.", 480 | "capecs_to_exclude": [ 481 | "125", 482 | "130", 483 | "147", 484 | "197", 485 | "229", 486 | "230", 487 | "231", 488 | "469", 489 | "482", 490 | "486", 491 | "487", 492 | "488", 493 | "489", 494 | "490", 495 | "491", 496 | "493", 497 | "494", 498 | "495", 499 | "496", 500 | "528" 501 | ] 502 | } 503 | ] 504 | }, 505 | { 506 | "name": "match: infrastructure_os", 507 | "dynamic": false, 508 | "tags": "match: infrastructure_os", 509 | "cwes": [ 510 | { 511 | "cwe_id": "CWE-350: Reliance on Reverse DNS Resolution for a Security-Critical Action", 512 | "cwe_mapping_reason": "Improper verification of DNS data authenticity.", 513 | "capecs_to_exclude": [] 514 | }, 515 | { 516 | "cwe_id": "CWE-346: Origin Validation Error", 517 | "cwe_mapping_reason": "Origin validation error in DNS.", 518 | "capecs_to_exclude": [] 519 | } 520 | ] 521 | } 522 | ] 523 | } 524 | ] 525 | } 526 | ] 527 | }, 528 | { 529 | "threat": "Conduct Non-Compliant Financial Transactions", 530 | "threat_description": "This threat involves executing transactions that do not adhere to established compliance standards, potentially leading to legal and financial repercussions.", 531 | "motives": [ 532 | { 533 | "motive": "Financial Gain", 534 | "components": [ 535 | { 536 | "name": "Transaction Processing", 537 | "description": "The system responsible for processing financial transactions.", 538 | "sub_components": [ 539 | { 540 | "name": "match: validation_sanitization", 541 | "dynamic": true, 542 | "tags": "match: validation_sanitization", 543 | "cwes": [ 544 | { 545 | "cwe_id": "CWE-20: Improper Input Validation ", 546 | "cwe_mapping_reason": "Improper Input Validation can lead to non-compliant transactions.", 547 | "capecs_to_exclude": [] 548 | }, 549 | { 550 | "cwe_id": "CWE-352: Cross-Site Request Forgery (CSRF)", 551 | "cwe_mapping_reason": "Cross-Site Request Forgery (CSRF) can be used to conduct unauthorized transactions.", 552 | "capecs_to_exclude": [] 553 | } 554 | ] 555 | }, 556 | { 557 | "name": "match: backend_servers", 558 | "dynamic": true, 559 | "tags": "match: backend_servers", 560 | "cwes": [ 561 | { 562 | "cwe_id": "CWE-306: Missing Authentication for Critical Function", 563 | "cwe_mapping_reason": "Missing Authentication for Critical Function can allow unauthorized transaction processing.", 564 | "capecs_to_exclude": [ 565 | "12", 566 | "36" 567 | ] 568 | }, 569 | { 570 | "cwe_id": "CWE-285: Improper Authorization", 571 | "cwe_mapping_reason": "Improper Authorization can lead to unauthorized transaction execution.", 572 | "capecs_to_exclude": [] 573 | } 574 | ] 575 | } 576 | ] 577 | } 578 | ] 579 | }, 580 | { 581 | "motive": "Competitive Advantage", 582 | "components": [ 583 | { 584 | "name": "Data Management", 585 | "description": "The system responsible for managing and storing transaction data.", 586 | "sub_components": [ 587 | { 588 | "name": "match: database_technologies", 589 | "dynamic": true, 590 | "tags": "match: database_technologies", 591 | "cwes": [ 592 | { 593 | "cwe_id": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", 594 | "cwe_mapping_reason": "SQL Injection can be used to manipulate transaction data.", 595 | "capecs_to_exclude": [] 596 | }, 597 | { 598 | "cwe_id": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", 599 | "cwe_mapping_reason": "Exposure of Sensitive Information can lead to non-compliant data handling.", 600 | "capecs_to_exclude": [] 601 | } 602 | ] 603 | }, 604 | { 605 | "name": "match: infrastructure_os", 606 | "dynamic": true, 607 | "tags": "match: infrastructure_os", 608 | "cwes": [ 609 | { 610 | "cwe_id": "CWE-269: Improper Privilege Management", 611 | "cwe_mapping_reason": "Improper Privilege Management can allow unauthorized access to transaction data.", 612 | "capecs_to_exclude": [] 613 | }, 614 | { 615 | "cwe_id": "CWE-522: Insufficiently Protected Credentials", 616 | "cwe_mapping_reason": "Insufficiently Protected Credentials can lead to unauthorized data access.", 617 | "capecs_to_exclude": [] 618 | } 619 | ] 620 | } 621 | ] 622 | } 623 | ] 624 | } 625 | ] 626 | }, 627 | { 628 | "threat": "Breach of Data Privacy Regulations", 629 | "threat_description": "Unauthorized access or exposure of sensitive personal data, leading to violations of data privacy laws and regulations.", 630 | "motives": [ 631 | { 632 | "motive": "Financial Gain", 633 | "components": [ 634 | { 635 | "name": "Data Storage Security", 636 | "description": "Ensuring that data storage systems are secure against unauthorized access.", 637 | "sub_components": [ 638 | { 639 | "name": "match: database_technologies", 640 | "dynamic": true, 641 | "tags": "match: database_technologies", 642 | "cwes": [ 643 | { 644 | "cwe_id": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", 645 | "cwe_mapping_reason": "SQL Injection vulnerabilities can lead to unauthorized access to sensitive data.", 646 | "capecs_to_exclude": [] 647 | }, 648 | { 649 | "cwe_id": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", 650 | "cwe_mapping_reason": "Exposure of sensitive information due to improper data handling.", 651 | "capecs_to_exclude": [] 652 | } 653 | ] 654 | } 655 | ] 656 | }, 657 | { 658 | "name": "Access Control", 659 | "description": "Managing who has access to data and ensuring that unauthorized users cannot access sensitive information.", 660 | "sub_components": [ 661 | { 662 | "name": "match: authorization_type", 663 | "dynamic": true, 664 | "tags": "match: authorization_type", 665 | "cwes": [ 666 | { 667 | "cwe_id": "CWE-284: Improper Access Control", 668 | "cwe_mapping_reason": "Improper access control can lead to unauthorized data access.", 669 | "capecs_to_exclude": [] 670 | }, 671 | { 672 | "cwe_id": "CWE-287: Improper Authentication", 673 | "cwe_mapping_reason": "Improper authentication can allow unauthorized users to access sensitive data.", 674 | "capecs_to_exclude": [] 675 | } 676 | ] 677 | } 678 | ] 679 | } 680 | ] 681 | }, 682 | { 683 | "motive": "Corporate Espionage", 684 | "components": [ 685 | { 686 | "name": "Network Security", 687 | "description": "Protecting the network infrastructure from unauthorized access and data breaches.", 688 | "sub_components": [ 689 | { 690 | "name": "match: backend_servers", 691 | "dynamic": true, 692 | "tags": "match: backend_servers", 693 | "cwes": [ 694 | { 695 | "cwe_id": "CWE-522: Insufficiently Protected Credentials", 696 | "cwe_mapping_reason": "Insufficiently protected credentials can lead to unauthorized access.", 697 | "capecs_to_exclude": [] 698 | }, 699 | { 700 | "cwe_id": "CWE-319: Cleartext Transmission of Sensitive Information", 701 | "cwe_mapping_reason": "Cleartext transmission of sensitive information can be intercepted by attackers.", 702 | "capecs_to_exclude": [ 703 | "102", 704 | "477", 705 | "65" 706 | ] 707 | } 708 | ] 709 | } 710 | ] 711 | }, 712 | { 713 | "name": "Data Encryption", 714 | "description": "Ensuring that data is encrypted both at rest and in transit to prevent unauthorized access.", 715 | "sub_components": [ 716 | { 717 | "name": "match: validation_sanitization", 718 | "dynamic": true, 719 | "tags": "match: validation_sanitization", 720 | "cwes": [ 721 | { 722 | "cwe_id": "CWE-311: Missing Encryption of Sensitive Data", 723 | "cwe_mapping_reason": "Missing encryption of sensitive data can lead to data breaches.", 724 | "capecs_to_exclude": [] 725 | }, 726 | { 727 | "cwe_id": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm", 728 | "cwe_mapping_reason": "Use of a broken or risky cryptographic algorithm can compromise data security.", 729 | "capecs_to_exclude": [] 730 | } 731 | ] 732 | } 733 | ] 734 | } 735 | ] 736 | } 737 | ] 738 | }, 739 | { 740 | "threat": "Insider Trading Through Unauthorized Use of Privileged Information", 741 | "threat_description": "An insider with access to non-public financial or strategic information uses this data to make trades in the stock market, gaining an unfair advantage and potentially manipulating market conditions.", 742 | "motives": [ 743 | { 744 | "motive": "Financial Gain", 745 | "components": [ 746 | { 747 | "name": "Access Control", 748 | "description": "Mechanisms that manage who can view or use resources in a computing environment.", 749 | "sub_components": [ 750 | { 751 | "name": "match: authentication_type", 752 | "dynamic": true, 753 | "tags": "match: authentication_type", 754 | "cwes": [ 755 | { 756 | "cwe_id": "CWE-287: Improper Authentication", 757 | "cwe_mapping_reason": "Improper Authentication allows unauthorized access to sensitive data.", 758 | "capecs_to_exclude": [] 759 | }, 760 | { 761 | "cwe_id": "CWE-306: Missing Authentication for Critical Function", 762 | "cwe_mapping_reason": "Missing Authentication for Critical Function can lead to unauthorized data access.", 763 | "capecs_to_exclude": [ 764 | "12", 765 | "166", 766 | "36", 767 | "62" 768 | ] 769 | } 770 | ] 771 | } 772 | ] 773 | }, 774 | { 775 | "name": "Data Storage", 776 | "description": "Systems and processes for storing and managing data securely.", 777 | "sub_components": [ 778 | { 779 | "name": "match: database_technologies", 780 | "dynamic": true, 781 | "tags": "match: database_technologies", 782 | "cwes": [ 783 | { 784 | "cwe_id": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", 785 | "cwe_mapping_reason": "SQL Injection can be used to access unauthorized data.", 786 | "capecs_to_exclude": [] 787 | }, 788 | { 789 | "cwe_id": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", 790 | "cwe_mapping_reason": "Exposure of Sensitive Information to an Unauthorized Actor.", 791 | "capecs_to_exclude": [] 792 | } 793 | ] 794 | } 795 | ] 796 | } 797 | ] 798 | }, 799 | { 800 | "motive": "Market Manipulation", 801 | "components": [ 802 | { 803 | "name": "Network Security", 804 | "description": "Measures to protect data during transmission over networks.", 805 | "sub_components": [ 806 | { 807 | "name": "match: infrastructure_os", 808 | "dynamic": true, 809 | "tags": "match: infrastructure_os", 810 | "cwes": [ 811 | { 812 | "cwe_id": "CWE-522: Insufficiently Protected Credentials", 813 | "cwe_mapping_reason": "Insufficiently Protected Credentials can lead to unauthorized access.", 814 | "capecs_to_exclude": [] 815 | }, 816 | { 817 | "cwe_id": "CWE-319: Cleartext Transmission of Sensitive Information", 818 | "cwe_mapping_reason": "Cleartext Transmission of Sensitive Information can be intercepted.", 819 | "capecs_to_exclude": [ 820 | "102", 821 | "477", 822 | "65" 823 | ] 824 | } 825 | ] 826 | } 827 | ] 828 | }, 829 | { 830 | "name": "Data Integrity", 831 | "description": "Ensuring data is accurate and unaltered during storage and transmission.", 832 | "sub_components": [ 833 | { 834 | "name": "match: validation_sanitization", 835 | "dynamic": true, 836 | "tags": "match: validation_sanitization", 837 | "cwes": [ 838 | { 839 | "cwe_id": "CWE-20: Improper Input Validation ", 840 | "cwe_mapping_reason": "Improper Input Validation can lead to data manipulation.", 841 | "capecs_to_exclude": [] 842 | }, 843 | { 844 | "cwe_id": "CWE-345: Insufficient Verification of Data Authenticity", 845 | "cwe_mapping_reason": "Insufficient Verification of Data Authenticity can lead to data tampering.", 846 | "capecs_to_exclude": [] 847 | } 848 | ] 849 | } 850 | ] 851 | } 852 | ] 853 | } 854 | ] 855 | }, 856 | { 857 | "threat": "Abuse of Credit Card Reward System Mechanisms", 858 | "threat_description": "Exploiting vulnerabilities in credit card reward systems to gain unauthorized benefits or rewards.", 859 | "motives": [ 860 | { 861 | "motive": "Financial Gain", 862 | "components": [ 863 | { 864 | "name": "Reward Calculation Logic", 865 | "description": "The logic used to calculate rewards based on transactions.", 866 | "sub_components": [ 867 | { 868 | "name": "match: backend_technologies", 869 | "dynamic": true, 870 | "tags": "match: backend_technologies", 871 | "cwes": [ 872 | { 873 | "cwe_id": "CWE-20: Improper Input Validation ", 874 | "cwe_mapping_reason": "Improper Input Validation in reward calculation logic.", 875 | "capecs_to_exclude": [] 876 | }, 877 | { 878 | "cwe_id": "CWE-285: Improper Authorization", 879 | "cwe_mapping_reason": "Improper Authorization leading to unauthorized reward manipulation.", 880 | "capecs_to_exclude": [] 881 | } 882 | ] 883 | } 884 | ] 885 | }, 886 | { 887 | "name": "Transaction Processing", 888 | "description": "The process of handling and recording transactions.", 889 | "sub_components": [ 890 | { 891 | "name": "match: validation_sanitization", 892 | "dynamic": true, 893 | "tags": "match: validation_sanitization", 894 | "cwes": [ 895 | { 896 | "cwe_id": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", 897 | "cwe_mapping_reason": "SQL Injection in transaction processing.", 898 | "capecs_to_exclude": [ 899 | "108", 900 | "109", 901 | "110", 902 | "470", 903 | "66", 904 | "7" 905 | ] 906 | }, 907 | { 908 | "cwe_id": "CWE-352: Cross-Site Request Forgery (CSRF)", 909 | "cwe_mapping_reason": "Cross-Site Request Forgery (CSRF) in transaction processing.", 910 | "capecs_to_exclude": [] 911 | } 912 | ] 913 | } 914 | ] 915 | } 916 | ] 917 | }, 918 | { 919 | "motive": "Competitive Advantage", 920 | "components": [ 921 | { 922 | "name": "Reward System API", 923 | "description": "The API used to interact with the reward system.", 924 | "sub_components": [ 925 | { 926 | "name": "match: authentication_type", 927 | "dynamic": true, 928 | "tags": "match: authentication_type", 929 | "cwes": [ 930 | { 931 | "cwe_id": "CWE-287: Improper Authentication", 932 | "cwe_mapping_reason": "Improper Authentication in reward system API.", 933 | "capecs_to_exclude": [] 934 | }, 935 | { 936 | "cwe_id": "CWE-798: Use of Hard-coded Credentials", 937 | "cwe_mapping_reason": "Use of Hard-coded Credentials in reward system API.", 938 | "capecs_to_exclude": [] 939 | } 940 | ] 941 | } 942 | ] 943 | }, 944 | { 945 | "name": "User Account Management", 946 | "description": "The system managing user accounts and their associated rewards.", 947 | "sub_components": [ 948 | { 949 | "name": "match: authorization_type", 950 | "dynamic": true, 951 | "tags": "match: authorization_type", 952 | "cwes": [ 953 | { 954 | "cwe_id": "CWE-284: Improper Access Control", 955 | "cwe_mapping_reason": "Improper Access Control in user account management.", 956 | "capecs_to_exclude": [] 957 | }, 958 | { 959 | "cwe_id": "CWE-522: Insufficiently Protected Credentials", 960 | "cwe_mapping_reason": "Insufficiently Protected Credentials in user account management.", 961 | "capecs_to_exclude": [] 962 | } 963 | ] 964 | } 965 | ] 966 | } 967 | ] 968 | } 969 | ] 970 | }, 971 | { 972 | "threat": "Circumvention of Biometric Authentication Controls", 973 | "threat_description": "An attacker attempts to bypass biometric authentication mechanisms to gain unauthorized access to a system or data.", 974 | "motives": [ 975 | { 976 | "motive": "Unauthorized Access", 977 | "components": [ 978 | { 979 | "name": "Biometric Sensor Manipulation", 980 | "description": "Techniques used to manipulate or spoof biometric sensors.", 981 | "sub_components": [ 982 | { 983 | "name": "match: authentication_type", 984 | "dynamic": true, 985 | "tags": "match: authentication_type", 986 | "cwes": [ 987 | { 988 | "cwe_id": "CWE-287: Improper Authentication", 989 | "cwe_mapping_reason": "Failure to properly authenticate users can lead to unauthorized access.", 990 | "capecs_to_exclude": [] 991 | }, 992 | { 993 | "cwe_id": "CWE-294: Authentication Bypass by Capture-replay", 994 | "cwe_mapping_reason": "Improper validation of biometric data can allow spoofing attacks.", 995 | "capecs_to_exclude": [] 996 | } 997 | ] 998 | }, 999 | { 1000 | "name": "match: authentication_type", 1001 | "dynamic": true, 1002 | "tags": "match: authentication_type", 1003 | "cwes": [ 1004 | { 1005 | "cwe_id": "CWE-352: Cross-Site Request Forgery (CSRF)", 1006 | "cwe_mapping_reason": "Cross-Site Request Forgery can be used to bypass authentication mechanisms.", 1007 | "capecs_to_exclude": [] 1008 | }, 1009 | { 1010 | "cwe_id": "CWE-400: Uncontrolled Resource Consumption", 1011 | "cwe_mapping_reason": "Uncontrolled Resource Consumption can lead to denial of service, affecting authentication.", 1012 | "capecs_to_exclude": [] 1013 | } 1014 | ] 1015 | } 1016 | ] 1017 | } 1018 | ] 1019 | }, 1020 | { 1021 | "motive": "Data Theft", 1022 | "components": [ 1023 | { 1024 | "name": "Biometric Data Extraction", 1025 | "description": "Methods to extract and misuse biometric data.", 1026 | "sub_components": [ 1027 | { 1028 | "name": "match: database_technologies", 1029 | "dynamic": true, 1030 | "tags": "match: database_technologies", 1031 | "cwes": [ 1032 | { 1033 | "cwe_id": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", 1034 | "cwe_mapping_reason": "Exposure of sensitive information due to improper access control.", 1035 | "capecs_to_exclude": [] 1036 | }, 1037 | { 1038 | "cwe_id": "CWE-502: Deserialization of Untrusted Data", 1039 | "cwe_mapping_reason": "Deserialization of untrusted data can lead to data breaches.", 1040 | "capecs_to_exclude": [ 1041 | "586" 1042 | ] 1043 | } 1044 | ] 1045 | }, 1046 | { 1047 | "name": "match: infrastructure_os", 1048 | "dynamic": true, 1049 | "tags": "match: infrastructure_os", 1050 | "cwes": [ 1051 | { 1052 | "cwe_id": "CWE-319: Cleartext Transmission of Sensitive Information", 1053 | "cwe_mapping_reason": "Cleartext transmission of sensitive information can be intercepted.", 1054 | "capecs_to_exclude": [ 1055 | "102", 1056 | "477", 1057 | "65" 1058 | ] 1059 | }, 1060 | { 1061 | "cwe_id": "CWE-522: Insufficiently Protected Credentials", 1062 | "cwe_mapping_reason": "Insufficiently protected credentials can be intercepted and misused.", 1063 | "capecs_to_exclude": [] 1064 | } 1065 | ] 1066 | } 1067 | ] 1068 | } 1069 | ] 1070 | } 1071 | ] 1072 | }, 1073 | { 1074 | "threat": "Disrupt Fintech Ecosystem Operations", 1075 | "threat_description": "An attempt to disrupt the operations of a fintech ecosystem, potentially causing financial loss, reputational damage, and operational downtime.", 1076 | "motives": [ 1077 | { 1078 | "motive": "Financial Gain", 1079 | "components": [ 1080 | { 1081 | "name": "Payment Processing", 1082 | "description": "Targeting the payment processing systems to intercept or alter transactions.", 1083 | "sub_components": [ 1084 | { 1085 | "name": "match: backend_servers", 1086 | "dynamic": true, 1087 | "tags": "match: backend_servers", 1088 | "cwes": [ 1089 | { 1090 | "cwe_id": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", 1091 | "cwe_mapping_reason": "SQL Injection vulnerabilities in backend servers can be exploited to manipulate payment data.", 1092 | "capecs_to_exclude": [] 1093 | }, 1094 | { 1095 | "cwe_id": "CWE-306: Missing Authentication for Critical Function", 1096 | "cwe_mapping_reason": "Missing Authentication for Critical Function in backend servers can allow unauthorized access to payment processing.", 1097 | "capecs_to_exclude": [ 1098 | "12", 1099 | "36" 1100 | ] 1101 | } 1102 | ] 1103 | }, 1104 | { 1105 | "name": "match: validation_sanitization", 1106 | "dynamic": true, 1107 | "tags": "match: validation_sanitization", 1108 | "cwes": [ 1109 | { 1110 | "cwe_id": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", 1111 | "cwe_mapping_reason": "Improper Input Validation can lead to cross-site scripting attacks affecting payment data.", 1112 | "capecs_to_exclude": [ 1113 | "209", 1114 | "85" 1115 | ] 1116 | }, 1117 | { 1118 | "cwe_id": "CWE-20: Improper Input Validation ", 1119 | "cwe_mapping_reason": "Improper Input Validation can allow attackers to inject malicious data into payment processing systems.", 1120 | "capecs_to_exclude": [] 1121 | } 1122 | ] 1123 | } 1124 | ] 1125 | } 1126 | ] 1127 | }, 1128 | { 1129 | "motive": "Reputational Damage", 1130 | "components": [ 1131 | { 1132 | "name": "User Account Management", 1133 | "description": "Compromising user accounts to damage the reputation of the fintech service.", 1134 | "sub_components": [ 1135 | { 1136 | "name": "match: authentication_type", 1137 | "dynamic": true, 1138 | "tags": "match: authentication_type", 1139 | "cwes": [ 1140 | { 1141 | "cwe_id": "CWE-287: Improper Authentication", 1142 | "cwe_mapping_reason": "Improper Authentication can allow unauthorized access to user accounts.", 1143 | "capecs_to_exclude": [] 1144 | }, 1145 | { 1146 | "cwe_id": "CWE-798: Use of Hard-coded Credentials", 1147 | "cwe_mapping_reason": "Use of Hard-coded Credentials can lead to unauthorized access to user accounts.", 1148 | "capecs_to_exclude": [ 1149 | "191" 1150 | ] 1151 | } 1152 | ] 1153 | }, 1154 | { 1155 | "name": "match: authorization_type", 1156 | "dynamic": true, 1157 | "tags": "match: authorization_type", 1158 | "cwes": [ 1159 | { 1160 | "cwe_id": "CWE-285: Improper Authorization", 1161 | "cwe_mapping_reason": "Improper Authorization can allow users to perform actions beyond their permissions.", 1162 | "capecs_to_exclude": [] 1163 | }, 1164 | { 1165 | "cwe_id": "CWE-863: Incorrect Authorization", 1166 | "cwe_mapping_reason": "Incorrect Authorization can lead to privilege escalation and unauthorized actions.", 1167 | "capecs_to_exclude": [] 1168 | } 1169 | ] 1170 | } 1171 | ] 1172 | } 1173 | ] 1174 | } 1175 | ] 1176 | } 1177 | ] -------------------------------------------------------------------------------- /industry_focused_threat_libraries/government.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "threat": "Disruption of Government Services Availability", 4 | "threat_description": "Adversaries may exploit system vulnerabilities, overwhelm resources, or manipulate system behavior to impair the availability of critical government services such as infrastructure, elections, and emergency response. This threat targets the continuity of operations, public safety, and trust in governance.", 5 | "motives": [ 6 | { 7 | "motive": "Impair government functionality and public safety", 8 | "components": [ 9 | { 10 | "name": "Critical Infrastructure Systems", 11 | "description": "Systems managing essential services such as power grids, water supply, and transportation networks vital to government operations and public welfare.", 12 | "sub_components": [ 13 | { 14 | "name": "match: backend_servers", 15 | "dynamic": true, 16 | "tags": "match: backend_servers", 17 | "cwes": [ 18 | { 19 | "cwe_id": "CWE-400: Uncontrolled Resource Consumption", 20 | "cwe_mapping_reason": "Unrestricted resource usage on backend servers could be exploited via DoS attacks, disrupting critical infrastructure services.", 21 | "capecs_to_exclude": [] 22 | }, 23 | { 24 | "cwe_id": "CWE-770: Allocation of Resources Without Limits or Throttling", 25 | "cwe_mapping_reason": "Lack of resource limits on backend servers could allow attackers to overwhelm infrastructure systems, impairing service delivery.", 26 | "capecs_to_exclude": [] 27 | } 28 | ] 29 | }, 30 | { 31 | "name": "match: authentication_type", 32 | "dynamic": true, 33 | "tags": "match: authentication_type", 34 | "cwes": [ 35 | { 36 | "cwe_id": "CWE-306: Missing Authentication for Critical Function", 37 | "cwe_mapping_reason": "Lack of authentication could allow attackers to disrupt infrastructure controls, affecting public safety.", 38 | "capecs_to_exclude": [ 39 | "12", 40 | "36", 41 | "62" 42 | ] 43 | }, 44 | { 45 | "cwe_id": "CWE-287: Improper Authentication", 46 | "cwe_mapping_reason": "Weak authentication could be bypassed, enabling unauthorized interference with infrastructure operations.", 47 | "capecs_to_exclude": [] 48 | } 49 | ] 50 | }, 51 | { 52 | "name": "Network Security", 53 | "dynamic": false, 54 | "tags": "Network Security", 55 | "cwes": [ 56 | { 57 | "cwe_id": "CWE-319: Cleartext Transmission of Sensitive Information", 58 | "cwe_mapping_reason": "Unencrypted transmission of control data could be intercepted and disrupted, affecting infrastructure functionality.", 59 | "capecs_to_exclude": [ 60 | "102", 61 | "477", 62 | "65" 63 | ] 64 | }, 65 | { 66 | "cwe_id": "CWE-295: Improper Certificate Validation", 67 | "cwe_mapping_reason": "Failure to validate certificates could enable spoofing, disrupting communication within infrastructure systems.", 68 | "capecs_to_exclude": [ 69 | "459", 70 | "475" 71 | ] 72 | } 73 | ] 74 | } 75 | ] 76 | }, 77 | { 78 | "name": "Electoral Systems", 79 | "description": "Systems supporting voter registration, ballot casting, and election result tabulation, critical to democratic processes.", 80 | "sub_components": [ 81 | { 82 | "name": "match: backend_technologies", 83 | "dynamic": true, 84 | "tags": "match: backend_technologies", 85 | "cwes": [ 86 | { 87 | "cwe_id": "CWE-400: Uncontrolled Resource Consumption", 88 | "cwe_mapping_reason": "Uncontrolled resource usage in backend technologies could be exploited to disrupt voting systems, undermining electoral integrity.", 89 | "capecs_to_exclude": [] 90 | }, 91 | { 92 | "cwe_id": "CWE-730: Denial of Service via Algorithmic Complexity", 93 | "cwe_mapping_reason": "Exploiting inefficient algorithms in backend technologies could cause delays or crashes in electoral systems.", 94 | "capecs_to_exclude": [] 95 | } 96 | ] 97 | }, 98 | { 99 | "name": "match: authorization_type", 100 | "dynamic": true, 101 | "tags": "match: authorization_type", 102 | "cwes": [ 103 | { 104 | "cwe_id": "CWE-284: Improper Access Control", 105 | "cwe_mapping_reason": "Inadequate access controls could allow unauthorized disruption of electoral processes, affecting public trust.", 106 | "capecs_to_exclude": [] 107 | }, 108 | { 109 | "cwe_id": "CWE-732: Incorrect Permission Assignment for Critical Resource", 110 | "cwe_mapping_reason": "Misconfigured permissions could enable attackers to impair electoral system functionality.", 111 | "capecs_to_exclude": [] 112 | } 113 | ] 114 | }, 115 | { 116 | "name": "Data Integrity", 117 | "dynamic": false, 118 | "tags": "Data Integrity", 119 | "cwes": [ 120 | { 121 | "cwe_id": "CWE-494: Download of Code Without Integrity Check", 122 | "cwe_mapping_reason": "Unverified software updates could introduce malicious code, disrupting electoral system operations.", 123 | "capecs_to_exclude": [] 124 | }, 125 | { 126 | "cwe_id": "CWE-829: Inclusion of Functionality from Untrusted Control Sphere", 127 | "cwe_mapping_reason": "Incorporating untrusted code could compromise electoral systems, leading to service disruptions.", 128 | "capecs_to_exclude": [ 129 | "660" 130 | ] 131 | } 132 | ] 133 | } 134 | ] 135 | }, 136 | { 137 | "name": "Emergency Response Systems", 138 | "description": "Systems coordinating disaster response, law enforcement, and medical services during emergencies, essential for public safety.", 139 | "sub_components": [ 140 | { 141 | "name": "match: infrastructure_os", 142 | "dynamic": true, 143 | "tags": "match: infrastructure_os", 144 | "cwes": [ 145 | { 146 | "cwe_id": "CWE-770: Allocation of Resources Without Limits or Throttling", 147 | "cwe_mapping_reason": "Lack of throttling in operating systems could allow attackers to overwhelm emergency response systems, delaying critical actions.", 148 | "capecs_to_exclude": [] 149 | }, 150 | { 151 | "cwe_id": "CWE-400: Uncontrolled Resource Consumption", 152 | "cwe_mapping_reason": "Unrestricted resource consumption in infrastructure OS could be exploited to disrupt emergency services during crises.", 153 | "capecs_to_exclude": [] 154 | } 155 | ] 156 | }, 157 | { 158 | "name": "Communication Systems", 159 | "dynamic": false, 160 | "tags": "Communication Systems", 161 | "cwes": [ 162 | { 163 | "cwe_id": "CWE-665: Improper Initialization", 164 | "cwe_mapping_reason": "Improperly initialized communication channels could fail during emergencies, disrupting response efforts.", 165 | "capecs_to_exclude": [] 166 | }, 167 | { 168 | "cwe_id": "CWE-295: Improper Certificate Validation", 169 | "cwe_mapping_reason": "Failure to validate certificates could allow spoofing, impairing emergency communication.", 170 | "capecs_to_exclude": [ 171 | "459", 172 | "475" 173 | ] 174 | } 175 | ] 176 | }, 177 | { 178 | "name": "Monitoring and Logging", 179 | "dynamic": false, 180 | "tags": "Monitoring and Logging", 181 | "cwes": [ 182 | { 183 | "cwe_id": "CWE-778: Insufficient Logging", 184 | "cwe_mapping_reason": "Inadequate logging could delay detection of disruptions, hindering emergency response mitigation.", 185 | "capecs_to_exclude": [] 186 | }, 187 | { 188 | "cwe_id": "CWE-223: Omission of Security-relevant Information", 189 | "cwe_mapping_reason": "Failure to log critical events could obscure interference, impairing emergency system recovery.", 190 | "capecs_to_exclude": [] 191 | } 192 | ] 193 | } 194 | ] 195 | } 196 | ] 197 | } 198 | ] 199 | }, 200 | { 201 | "threat": "Unauthorized Access to Government Information Systems", 202 | "threat_description": "Threat actors may exploit access control weaknesses, stolen credentials, or exposed interfaces to access restricted government systems. This includes systems handling classified data, financial operations, and citizen records, risking confidentiality, integrity, and national security.", 203 | "motives": [ 204 | { 205 | "motive": "Steal sensitive data for espionage or sale", 206 | "components": [ 207 | { 208 | "name": "Classified Information Systems", 209 | "description": "Systems storing sensitive government data restricted to authorized personnel, critical for national security.", 210 | "sub_components": [ 211 | { 212 | "name": "match: authentication_type", 213 | "dynamic": true, 214 | "tags": "match: authentication_type", 215 | "cwes": [ 216 | { 217 | "cwe_id": "CWE-306: Missing Authentication for Critical Function", 218 | "cwe_mapping_reason": "Lack of authentication could allow attackers to access classified data for espionage or illicit sale.", 219 | "capecs_to_exclude": [ 220 | "12" 221 | ] 222 | }, 223 | { 224 | "cwe_id": "CWE-287: Improper Authentication", 225 | "cwe_mapping_reason": "Weak authentication mechanisms could be bypassed, exposing classified information to unauthorized parties.", 226 | "capecs_to_exclude": [] 227 | } 228 | ] 229 | }, 230 | { 231 | "name": "Data Encryption", 232 | "dynamic": false, 233 | "tags": "Data Encryption", 234 | "cwes": [ 235 | { 236 | "cwe_id": "CWE-311: Missing Encryption of Sensitive Data", 237 | "cwe_mapping_reason": "Unencrypted classified data could be easily accessed and stolen if systems are breached.", 238 | "capecs_to_exclude": [] 239 | } 240 | ] 241 | } 242 | ] 243 | }, 244 | { 245 | "name": "Financial Systems", 246 | "description": "Government systems managing budgets, transactions, and financial records.", 247 | "sub_components": [ 248 | { 249 | "name": "match: authorization_type", 250 | "dynamic": true, 251 | "tags": "match: authorization_type", 252 | "cwes": [ 253 | { 254 | "cwe_id": "CWE-284: Improper Access Control", 255 | "cwe_mapping_reason": "Inadequate access controls could allow unauthorized access to financial data for theft or manipulation.", 256 | "capecs_to_exclude": [] 257 | }, 258 | { 259 | "cwe_id": "CWE-732: Incorrect Permission Assignment for Critical Resource", 260 | "cwe_mapping_reason": "Misconfigured permissions could enable attackers to access financial systems illicitly.", 261 | "capecs_to_exclude": [] 262 | } 263 | ] 264 | }, 265 | { 266 | "name": "Backend Security", 267 | "dynamic": false, 268 | "tags": "Backend Security", 269 | "cwes": [ 270 | { 271 | "cwe_id": "CWE-798: Use of Hard-coded Credentials", 272 | "cwe_mapping_reason": "Hard-coded credentials in financial systems could be exploited to gain unauthorized access.", 273 | "capecs_to_exclude": [ 274 | "191" 275 | ] 276 | } 277 | ] 278 | } 279 | ] 280 | }, 281 | { 282 | "name": "Citizen Data Repositories", 283 | "description": "Databases containing personal information of citizens, such as Social Security numbers and tax records.", 284 | "sub_components": [ 285 | { 286 | "name": "match: database_technologies", 287 | "dynamic": true, 288 | "tags": "match: database_technologies", 289 | "cwes": [ 290 | { 291 | "cwe_id": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", 292 | "cwe_mapping_reason": "SQL injection vulnerabilities in database technologies could allow unauthorized access to citizen data.", 293 | "capecs_to_exclude": [] 294 | }, 295 | { 296 | "cwe_id": "CWE-522: Insufficiently Protected Credentials", 297 | "cwe_mapping_reason": "Poorly protected database credentials could be compromised, exposing citizen data for theft.", 298 | "capecs_to_exclude": [] 299 | } 300 | ] 301 | }, 302 | { 303 | "name": "Data Protection", 304 | "dynamic": false, 305 | "tags": "Data Protection", 306 | "cwes": [ 307 | { 308 | "cwe_id": "CWE-312: Cleartext Storage of Sensitive Information", 309 | "cwe_mapping_reason": "Storing citizen data in cleartext could allow immediate access upon system breach.", 310 | "capecs_to_exclude": [ 311 | "37" 312 | ] 313 | } 314 | ] 315 | } 316 | ] 317 | }, 318 | { 319 | "name": "Military Systems", 320 | "description": "Systems containing operational plans, troop movements, and defense strategies.", 321 | "sub_components": [ 322 | { 323 | "name": "match: backend_servers", 324 | "dynamic": true, 325 | "tags": "match: backend_servers", 326 | "cwes": [ 327 | { 328 | "cwe_id": "CWE-798: Use of Hard-coded Credentials", 329 | "cwe_mapping_reason": "Hard-coded credentials on backend servers could be exploited to access military data.", 330 | "capecs_to_exclude": [ 331 | "191" 332 | ] 333 | }, 334 | { 335 | "cwe_id": "CWE-862: Missing Authorization", 336 | "cwe_mapping_reason": "Lack of authorization checks on servers could allow unauthorized access to military systems.", 337 | "capecs_to_exclude": [] 338 | } 339 | ] 340 | }, 341 | { 342 | "name": "Network Security", 343 | "dynamic": false, 344 | "tags": "Network Security", 345 | "cwes": [ 346 | { 347 | "cwe_id": "CWE-319: Cleartext Transmission of Sensitive Information", 348 | "cwe_mapping_reason": "Unencrypted transmission could allow interception of military data during access attempts.", 349 | "capecs_to_exclude": [ 350 | "65" 351 | ] 352 | } 353 | ] 354 | } 355 | ] 356 | }, 357 | { 358 | "name": "Law Enforcement Databases", 359 | "description": "Repositories of criminal records, investigations, and law enforcement intelligence.", 360 | "sub_components": [ 361 | { 362 | "name": "match: infrastructure_os", 363 | "dynamic": true, 364 | "tags": "match: infrastructure_os", 365 | "cwes": [ 366 | { 367 | "cwe_id": "CWE-269: Improper Privilege Management", 368 | "cwe_mapping_reason": "Poor privilege management in the OS could allow escalation to access law enforcement data.", 369 | "capecs_to_exclude": [] 370 | }, 371 | { 372 | "cwe_id": "CWE-732: Incorrect Permission Assignment for Critical Resource", 373 | "cwe_mapping_reason": "Misconfigured OS permissions could enable unauthorized access to databases.", 374 | "capecs_to_exclude": [] 375 | } 376 | ] 377 | }, 378 | { 379 | "name": "Logging", 380 | "dynamic": false, 381 | "tags": "Logging", 382 | "cwes": [ 383 | { 384 | "cwe_id": "CWE-778: Insufficient Logging", 385 | "cwe_mapping_reason": "Inadequate logging could prevent detection of unauthorized access to law enforcement data.", 386 | "capecs_to_exclude": [] 387 | } 388 | ] 389 | } 390 | ] 391 | }, 392 | { 393 | "name": "Healthcare Systems", 394 | "description": "Government-managed systems storing citizen health records and medical program data.", 395 | "sub_components": [ 396 | { 397 | "name": "match: frontend_technologies", 398 | "dynamic": true, 399 | "tags": "match: frontend_technologies", 400 | "cwes": [ 401 | { 402 | "cwe_id": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", 403 | "cwe_mapping_reason": "XSS vulnerabilities in frontend technologies could allow attackers to steal credentials for healthcare system access.", 404 | "capecs_to_exclude": [ 405 | "209", 406 | "85" 407 | ] 408 | }, 409 | { 410 | "cwe_id": "CWE-352: Cross-Site Request Forgery (CSRF)", 411 | "cwe_mapping_reason": "CSRF vulnerabilities could enable unauthorized actions within healthcare systems.", 412 | "capecs_to_exclude": [] 413 | } 414 | ] 415 | }, 416 | { 417 | "name": "Data Transmission", 418 | "dynamic": false, 419 | "tags": "Data Transmission", 420 | "cwes": [ 421 | { 422 | "cwe_id": "CWE-295: Improper Certificate Validation", 423 | "cwe_mapping_reason": "Failure to validate certificates could allow interception of health data during transmission.", 424 | "capecs_to_exclude": [] 425 | } 426 | ] 427 | } 428 | ] 429 | }, 430 | { 431 | "name": "Transportation Systems", 432 | "description": "Systems controlling public transit, traffic management, and logistics infrastructure.", 433 | "sub_components": [ 434 | { 435 | "name": "match: backend_technologies", 436 | "dynamic": true, 437 | "tags": "match: backend_technologies", 438 | "cwes": [ 439 | { 440 | "cwe_id": "CWE-287: Improper Authentication", 441 | "cwe_mapping_reason": "Weak authentication in backend technologies could allow unauthorized access to transportation controls.", 442 | "capecs_to_exclude": [] 443 | }, 444 | { 445 | "cwe_id": "CWE-798: Use of Hard-coded Credentials", 446 | "cwe_mapping_reason": "Hard-coded credentials could be exploited to gain access to transportation systems.", 447 | "capecs_to_exclude": [ 448 | "191" 449 | ] 450 | } 451 | ] 452 | }, 453 | { 454 | "name": "System Integrity", 455 | "dynamic": false, 456 | "tags": "System Integrity", 457 | "cwes": [ 458 | { 459 | "cwe_id": "CWE-494: Download of Code Without Integrity Check", 460 | "cwe_mapping_reason": "Unverified code updates could introduce vulnerabilities allowing unauthorized access.", 461 | "capecs_to_exclude": [ 462 | "693", 463 | "695" 464 | ] 465 | } 466 | ] 467 | } 468 | ] 469 | }, 470 | { 471 | "name": "Energy Grid Systems", 472 | "description": "Systems managing power generation, distribution, and grid operations.", 473 | "sub_components": [ 474 | { 475 | "name": "match: infrastructure_file_servers", 476 | "dynamic": true, 477 | "tags": "match: infrastructure_file_servers", 478 | "cwes": [ 479 | { 480 | "cwe_id": "CWE-552: Files or Directories Accessible to External Parties", 481 | "cwe_mapping_reason": "Exposed file servers could allow unauthorized access to energy grid data or controls.", 482 | "capecs_to_exclude": [ 483 | "150" 484 | ] 485 | }, 486 | { 487 | "cwe_id": "CWE-732: Incorrect Permission Assignment for Critical Resource", 488 | "cwe_mapping_reason": "Misconfigured permissions on file servers could enable access to grid systems.", 489 | "capecs_to_exclude": [] 490 | } 491 | ] 492 | }, 493 | { 494 | "name": "Network Protection", 495 | "dynamic": false, 496 | "tags": "Network Protection", 497 | "cwes": [ 498 | { 499 | "cwe_id": "CWE-326: Inadequate Encryption Strength", 500 | "cwe_mapping_reason": "Weak encryption could allow attackers to bypass protections and access grid data.", 501 | "capecs_to_exclude": [] 502 | } 503 | ] 504 | } 505 | ] 506 | }, 507 | { 508 | "name": "Water Supply Systems", 509 | "description": "Systems controlling water distribution, treatment, and quality monitoring.", 510 | "sub_components": [ 511 | { 512 | "name": "match: validation_type", 513 | "dynamic": true, 514 | "tags": "match: validation_type", 515 | "cwes": [ 516 | { 517 | "cwe_id": "CWE-20: Improper Input Validation", 518 | "cwe_mapping_reason": "Inadequate input validation could allow attackers to exploit systems and gain unauthorized access.", 519 | "capecs_to_exclude": [] 520 | }, 521 | { 522 | "cwe_id": "CWE-639: Authorization Bypass Through User-Controlled Key", 523 | "cwe_mapping_reason": "Bypassing authorization via manipulated keys could allow access to water supply controls.", 524 | "capecs_to_exclude": [] 525 | } 526 | ] 527 | }, 528 | { 529 | "name": "Monitoring", 530 | "dynamic": false, 531 | "tags": "Monitoring", 532 | "cwes": [ 533 | { 534 | "cwe_id": "CWE-223: Omission of Security-relevant Information", 535 | "cwe_mapping_reason": "Failure to log critical events could hide unauthorized access attempts to water systems.", 536 | "capecs_to_exclude": [] 537 | } 538 | ] 539 | } 540 | ] 541 | } 542 | ] 543 | } 544 | ] 545 | }, 546 | { 547 | "threat": "Manipulation of Government Records", 548 | "threat_description": "Adversaries may seek to alter, overwrite, or falsify data stored in government databases and public record systems by exploiting access control flaws, software vulnerabilities, or insider privileges. This threat targets the integrity of critical government data, including tax records, legal documents, and administrative logs, and may enable fraudulent activities, influence political outcomes, or undermine public trust in official systems.", 549 | "motives": [ 550 | { 551 | "motive": "Alter data for fraudulent or political advantage", 552 | "components": [ 553 | { 554 | "name": "Government Databases", 555 | "description": "Repositories containing a wide range of government data, such as tax records, census information, and administrative details, critical to operational and policy functions.", 556 | "sub_components": [ 557 | { 558 | "name": "match: database_technologies", 559 | "dynamic": true, 560 | "tags": "match: database_technologies", 561 | "cwes": [ 562 | { 563 | "cwe_id": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", 564 | "cwe_mapping_reason": "SQL injection vulnerabilities could allow attackers to manipulate government database records for fraudulent purposes.", 565 | "capecs_to_exclude": [] 566 | }, 567 | { 568 | "cwe_id": "CWE-798: Use of Hard-coded Credentials", 569 | "cwe_mapping_reason": "Hard-coded credentials in database technologies could be exploited to alter data undetected.", 570 | "capecs_to_exclude": [ 571 | "191" 572 | ] 573 | } 574 | ] 575 | }, 576 | { 577 | "name": "match: authorization_type", 578 | "dynamic": true, 579 | "tags": "match: authorization_type", 580 | "cwes": [ 581 | { 582 | "cwe_id": "CWE-284: Improper Access Control", 583 | "cwe_mapping_reason": "Inadequate access controls could allow unauthorized users to manipulate government data for personal or political gain.", 584 | "capecs_to_exclude": [] 585 | }, 586 | { 587 | "cwe_id": "CWE-639: Authorization Bypass Through User-Controlled Key", 588 | "cwe_mapping_reason": "Bypassing authorization could enable attackers to alter database entries illicitly.", 589 | "capecs_to_exclude": [] 590 | } 591 | ] 592 | }, 593 | { 594 | "name": "Data Integrity", 595 | "dynamic": false, 596 | "tags": "Data Integrity", 597 | "cwes": [ 598 | { 599 | "cwe_id": "CWE-345: Insufficient Verification of Data Authenticity", 600 | "cwe_mapping_reason": "Failure to verify data authenticity could allow tampered data to be accepted, compromising government records.", 601 | "capecs_to_exclude": [] 602 | }, 603 | { 604 | "cwe_id": "CWE-494: Download of Code Without Integrity Check", 605 | "cwe_mapping_reason": "Unverified code updates could introduce mechanisms to manipulate government database data.", 606 | "capecs_to_exclude": [ 607 | "693", 608 | "695" 609 | ] 610 | } 611 | ] 612 | } 613 | ] 614 | }, 615 | { 616 | "name": "Public Records Systems", 617 | "description": "Systems managing publicly accessible records, such as property deeds, birth certificates, and court documents, essential for legal and civic functions.", 618 | "sub_components": [ 619 | { 620 | "name": "match: validation_type", 621 | "dynamic": true, 622 | "tags": "match: validation_type", 623 | "cwes": [ 624 | { 625 | "cwe_id": "CWE-20: Improper Input Validation", 626 | "cwe_mapping_reason": "Inadequate input validation could allow attackers to submit falsified data, altering public records for fraudulent advantage.", 627 | "capecs_to_exclude": [] 628 | }, 629 | { 630 | "cwe_id": "CWE-602: Client-Side Enforcement of Server-Side Security", 631 | "cwe_mapping_reason": "Relying on client-side validation could enable bypassing of server-side checks, facilitating record manipulation.", 632 | "capecs_to_exclude": [] 633 | } 634 | ] 635 | }, 636 | { 637 | "name": "match: frontend_technologies", 638 | "dynamic": true, 639 | "tags": "match: frontend_technologies", 640 | "cwes": [ 641 | { 642 | "cwe_id": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", 643 | "cwe_mapping_reason": "XSS vulnerabilities could allow attackers to manipulate frontend interfaces, altering displayed or submitted public records.", 644 | "capecs_to_exclude": [ 645 | "209", 646 | "85" 647 | ] 648 | }, 649 | { 650 | "cwe_id": "CWE-352: Cross-Site Request Forgery (CSRF)", 651 | "cwe_mapping_reason": "CSRF vulnerabilities could enable unauthorized changes to public records via forged requests.", 652 | "capecs_to_exclude": [] 653 | } 654 | ] 655 | }, 656 | { 657 | "name": "Audit Controls", 658 | "dynamic": false, 659 | "tags": "Audit Controls", 660 | "cwes": [ 661 | { 662 | "cwe_id": "CWE-778: Insufficient Logging", 663 | "cwe_mapping_reason": "Inadequate logging could prevent detection of unauthorized data manipulation in public records.", 664 | "capecs_to_exclude": [] 665 | }, 666 | { 667 | "cwe_id": "CWE-223: Omission of Security-relevant Information", 668 | "cwe_mapping_reason": "Failure to log critical changes could allow manipulated records to go unnoticed.", 669 | "capecs_to_exclude": [] 670 | } 671 | ] 672 | } 673 | ] 674 | } 675 | ] 676 | } 677 | ] 678 | }, 679 | { 680 | "threat": "Unauthorized Surveillance of Government Systems", 681 | "threat_description": "Adversaries may seek to extract sensitive information from government systems through unauthorized access, surveillance, or manipulation of data flows. This threat targets confidentiality and operational secrecy by exploiting weaknesses in authentication, access control, encryption, or monitoring mechanisms. It may involve external attackers infiltrating communication channels or insiders accessing sensitive data without detection, enabling long-term intelligence gathering or exposure of classified information.", 682 | "motives": [ 683 | { 684 | "motive": "Gather intelligence for strategic advantage", 685 | "components": [ 686 | { 687 | "name": "Official Communication Systems", 688 | "description": "Systems used for internal government communications, including emails, memos, and secure messaging platforms critical to administrative functions.", 689 | "sub_components": [ 690 | { 691 | "name": "match: authentication_type", 692 | "dynamic": true, 693 | "tags": "match: authentication_type", 694 | "cwes": [ 695 | { 696 | "cwe_id": "CWE-306: Missing Authentication for Critical Function", 697 | "cwe_mapping_reason": "Lack of authentication could allow attackers to access official communications for espionage purposes.", 698 | "capecs_to_exclude": [ 699 | "12", 700 | "166", 701 | "36", 702 | "62" 703 | ] 704 | }, 705 | { 706 | "cwe_id": "CWE-287: Improper Authentication", 707 | "cwe_mapping_reason": "Weak authentication mechanisms could be bypassed, exposing government communications to unauthorized parties.", 708 | "capecs_to_exclude": [] 709 | } 710 | ] 711 | }, 712 | { 713 | "name": "match: backend_technologies", 714 | "dynamic": true, 715 | "tags": "match: backend_technologies", 716 | "cwes": [ 717 | { 718 | "cwe_id": "CWE-798: Use of Hard-coded Credentials", 719 | "cwe_mapping_reason": "Hard-coded credentials in backend technologies could be exploited to intercept official communications.", 720 | "capecs_to_exclude": [ 721 | "191" 722 | ] 723 | }, 724 | { 725 | "cwe_id": "CWE-522: Insufficiently Protected Credentials", 726 | "cwe_mapping_reason": "Poorly protected credentials could be stolen, granting access to sensitive government correspondence.", 727 | "capecs_to_exclude": [] 728 | } 729 | ] 730 | }, 731 | { 732 | "name": "Data Transmission", 733 | "dynamic": false, 734 | "tags": "Data Transmission", 735 | "cwes": [ 736 | { 737 | "cwe_id": "CWE-319: Cleartext Transmission of Sensitive Information", 738 | "cwe_mapping_reason": "Unencrypted transmission could allow interception of official communications for intelligence gathering.", 739 | "capecs_to_exclude": [ 740 | "477", 741 | "65" 742 | ] 743 | }, 744 | { 745 | "cwe_id": "CWE-295: Improper Certificate Validation", 746 | "cwe_mapping_reason": "Failure to validate certificates could enable man-in-the-middle attacks, compromising communication security.", 747 | "capecs_to_exclude": [] 748 | } 749 | ] 750 | } 751 | ] 752 | }, 753 | { 754 | "name": "Citizen Surveillance Systems", 755 | "description": "Systems designed to monitor citizen activities, such as CCTV networks, traffic cameras, and data collection platforms, used for security and law enforcement.", 756 | "sub_components": [ 757 | { 758 | "name": "match: infrastructure_file_servers", 759 | "dynamic": true, 760 | "tags": "match: infrastructure_file_servers", 761 | "cwes": [ 762 | { 763 | "cwe_id": "CWE-552: Files or Directories Accessible to External Parties", 764 | "cwe_mapping_reason": "Exposed file servers could allow attackers to access surveillance data for espionage purposes.", 765 | "capecs_to_exclude": [] 766 | }, 767 | { 768 | "cwe_id": "CWE-732: Incorrect Permission Assignment for Critical Resource", 769 | "cwe_mapping_reason": "Misconfigured permissions on file servers could enable unauthorized access to citizen surveillance records.", 770 | "capecs_to_exclude": [] 771 | } 772 | ] 773 | }, 774 | { 775 | "name": "match: validation_sanitization", 776 | "dynamic": true, 777 | "tags": "match: validation_sanitization", 778 | "cwes": [ 779 | { 780 | "cwe_id": "CWE-20: Improper Input Validation", 781 | "cwe_mapping_reason": "Inadequate validation could allow attackers to inject malicious data, gaining access to surveillance systems.", 782 | "capecs_to_exclude": [] 783 | }, 784 | { 785 | "cwe_id": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", 786 | "cwe_mapping_reason": "SQL injection could enable extraction of surveillance data from underlying databases for espionage.", 787 | "capecs_to_exclude": [] 788 | } 789 | ] 790 | }, 791 | { 792 | "name": "Monitoring Security", 793 | "dynamic": false, 794 | "tags": "Monitoring Security", 795 | "cwes": [ 796 | { 797 | "cwe_id": "CWE-326: Inadequate Encryption Strength", 798 | "cwe_mapping_reason": "Weak encryption of surveillance feeds could be decrypted, exposing citizen data to espionage.", 799 | "capecs_to_exclude": [] 800 | }, 801 | { 802 | "cwe_id": "CWE-862: Missing Authorization", 803 | "cwe_mapping_reason": "Lack of authorization checks could allow unauthorized access to surveillance systems for intelligence purposes.", 804 | "capecs_to_exclude": [] 805 | } 806 | ] 807 | } 808 | ] 809 | }, 810 | { 811 | "name": "Diplomatic Communication Systems", 812 | "description": "Secure systems used for diplomatic correspondence, negotiations, and international relations, critical to national security and foreign policy.", 813 | "sub_components": [ 814 | { 815 | "name": "match: authorization_type", 816 | "dynamic": true, 817 | "tags": "match: authorization_type", 818 | "cwes": [ 819 | { 820 | "cwe_id": "CWE-284: Improper Access Control", 821 | "cwe_mapping_reason": "Inadequate access controls could allow unauthorized access to diplomatic communications for espionage.", 822 | "capecs_to_exclude": [] 823 | }, 824 | { 825 | "cwe_id": "CWE-639: Authorization Bypass Through User-Controlled Key", 826 | "cwe_mapping_reason": "Bypassing authorization could enable attackers to access sensitive diplomatic data.", 827 | "capecs_to_exclude": [] 828 | } 829 | ] 830 | }, 831 | { 832 | "name": "match: frontend_hosting", 833 | "dynamic": true, 834 | "tags": "match: frontend_hosting", 835 | "cwes": [ 836 | { 837 | "cwe_id": "CWE-494: Download of Code Without Integrity Check", 838 | "cwe_mapping_reason": "Unverified code in hosted frontend systems could introduce backdoors, allowing espionage of diplomatic communications.", 839 | "capecs_to_exclude": [] 840 | }, 841 | { 842 | "cwe_id": "CWE-829: Inclusion of Functionality from Untrusted Control Sphere", 843 | "cwe_mapping_reason": "Incorporating untrusted code in frontend hosting could compromise diplomatic system security.", 844 | "capecs_to_exclude": [ 845 | "175", 846 | "201", 847 | "228", 848 | "251", 849 | "252", 850 | "253", 851 | "263", 852 | "538", 853 | "549", 854 | "640", 855 | "660", 856 | "695", 857 | "698" 858 | ] 859 | } 860 | ] 861 | }, 862 | { 863 | "name": "Encryption Protocols", 864 | "dynamic": false, 865 | "tags": "Encryption Protocols", 866 | "cwes": [ 867 | { 868 | "cwe_id": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm", 869 | "cwe_mapping_reason": "Use of outdated encryption could allow decryption of diplomatic communications for intelligence gathering.", 870 | "capecs_to_exclude": [] 871 | }, 872 | { 873 | "cwe_id": "CWE-311: Missing Encryption of Sensitive Data", 874 | "cwe_mapping_reason": "Lack of encryption could expose diplomatic data to unauthorized access during transmission or storage.", 875 | "capecs_to_exclude": [] 876 | } 877 | ] 878 | } 879 | ] 880 | } 881 | ] 882 | } 883 | ] 884 | }, 885 | { 886 | "threat": "Exploitation of Government Systems for Political Advantage", 887 | "threat_description": "Threat actors—whether internal or external—may exploit access to government administrative platforms, identity systems, or resource allocation mechanisms to redirect funds, falsify identities, or manipulate official processes for personal, financial, or political benefit. This threat targets the integrity and accountability of government systems and often stems from weak privilege enforcement, insufficient audit controls, or inadequate input validation. It may involve unauthorized transactions, fraudulent system use, or systemic abuse by trusted insiders.", 888 | "motives": [ 889 | { 890 | "motive": "Misappropriate resources or identities for personal gain", 891 | "components": [ 892 | { 893 | "name": "Government Administrative Systems", 894 | "description": "Systems managing government operations, employee records, and administrative processes, vulnerable to corruption and insider theft.", 895 | "sub_components": [ 896 | { 897 | "name": "match: authorization_type", 898 | "dynamic": true, 899 | "tags": "match: authorization_type", 900 | "cwes": [ 901 | { 902 | "cwe_id": "CWE-284: Improper Access Control", 903 | "cwe_mapping_reason": "Inadequate access controls could allow insiders or attackers to misuse administrative systems for corrupt purposes.", 904 | "capecs_to_exclude": [] 905 | }, 906 | { 907 | "cwe_id": "CWE-269: Improper Privilege Management", 908 | "cwe_mapping_reason": "Poor privilege management could enable unauthorized users to steal resources or manipulate administrative data.", 909 | "capecs_to_exclude": [] 910 | } 911 | ] 912 | }, 913 | { 914 | "name": "match: backend_servers", 915 | "dynamic": true, 916 | "tags": "match: backend_servers", 917 | "cwes": [ 918 | { 919 | "cwe_id": "CWE-798: Use of Hard-coded Credentials", 920 | "cwe_mapping_reason": "Hard-coded credentials on backend servers could be exploited to access and misuse administrative systems.", 921 | "capecs_to_exclude": [ 922 | "191" 923 | ] 924 | }, 925 | { 926 | "cwe_id": "CWE-732: Incorrect Permission Assignment for Critical Resource", 927 | "cwe_mapping_reason": "Misconfigured server permissions could allow theft of administrative data or resources.", 928 | "capecs_to_exclude": [] 929 | } 930 | ] 931 | }, 932 | { 933 | "name": "Audit Controls", 934 | "dynamic": false, 935 | "tags": "Audit Controls", 936 | "cwes": [ 937 | { 938 | "cwe_id": "CWE-778: Insufficient Logging", 939 | "cwe_mapping_reason": "Inadequate logging could prevent detection of corrupt activities within administrative systems.", 940 | "capecs_to_exclude": [] 941 | }, 942 | { 943 | "cwe_id": "CWE-223: Omission of Security-relevant Information", 944 | "cwe_mapping_reason": "Failure to log critical events could hide theft or misuse of administrative resources.", 945 | "capecs_to_exclude": [] 946 | } 947 | ] 948 | } 949 | ] 950 | }, 951 | { 952 | "name": "Identity Management Systems", 953 | "description": "Systems responsible for issuing, managing, and verifying government-issued identities, such as passports, driver\u2019s licenses, and Social Security numbers.", 954 | "sub_components": [ 955 | { 956 | "name": "match: database_technologies", 957 | "dynamic": true, 958 | "tags": "match: database_technologies", 959 | "cwes": [ 960 | { 961 | "cwe_id": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", 962 | "cwe_mapping_reason": "SQL injection could allow attackers to steal or alter identity records for fraudulent use.", 963 | "capecs_to_exclude": [] 964 | }, 965 | { 966 | "cwe_id": "CWE-522: Insufficiently Protected Credentials", 967 | "cwe_mapping_reason": "Poorly protected database credentials could be compromised, enabling theft of government-issued identities.", 968 | "capecs_to_exclude": [] 969 | } 970 | ] 971 | }, 972 | { 973 | "name": "match: validation_type", 974 | "dynamic": true, 975 | "tags": "match: validation_type", 976 | "cwes": [ 977 | { 978 | "cwe_id": "CWE-20: Improper Input Validation", 979 | "cwe_mapping_reason": "Inadequate validation could allow falsified identity data to be entered, facilitating theft or corruption.", 980 | "capecs_to_exclude": [] 981 | }, 982 | { 983 | "cwe_id": "CWE-602: Client-Side Enforcement of Server-Side Security", 984 | "cwe_mapping_reason": "Relying on client-side validation could enable bypassing of server-side checks, leading to identity theft.", 985 | "capecs_to_exclude": [] 986 | } 987 | ] 988 | }, 989 | { 990 | "name": "Data Integrity", 991 | "dynamic": false, 992 | "tags": "Data Integrity", 993 | "cwes": [ 994 | { 995 | "cwe_id": "CWE-345: Insufficient Verification of Data Authenticity", 996 | "cwe_mapping_reason": "Failure to verify identity data authenticity could allow corrupt alterations for illicit gain.", 997 | "capecs_to_exclude": [] 998 | }, 999 | { 1000 | "cwe_id": "CWE-312: Cleartext Storage of Sensitive Information", 1001 | "cwe_mapping_reason": "Storing identity data in cleartext could enable easy theft if systems are breached.", 1002 | "capecs_to_exclude": [] 1003 | } 1004 | ] 1005 | } 1006 | ] 1007 | }, 1008 | { 1009 | "name": "Resource Allocation Systems", 1010 | "description": "Systems managing the distribution of government resources, such as budgets, supplies, and contracts, susceptible to theft or corrupt redirection.", 1011 | "sub_components": [ 1012 | { 1013 | "name": "match: authentication_type", 1014 | "dynamic": true, 1015 | "tags": "match: authentication_type", 1016 | "cwes": [ 1017 | { 1018 | "cwe_id": "CWE-306: Missing Authentication for Critical Function", 1019 | "cwe_mapping_reason": "Lack of authentication could allow attackers to access and misappropriate resources for personal gain.", 1020 | "capecs_to_exclude": [ 1021 | "12", 1022 | "36" 1023 | ] 1024 | }, 1025 | { 1026 | "cwe_id": "CWE-287: Improper Authentication", 1027 | "cwe_mapping_reason": "Weak authentication could be bypassed, enabling unauthorized redirection of government resources.", 1028 | "capecs_to_exclude": [] 1029 | } 1030 | ] 1031 | }, 1032 | { 1033 | "name": "match: frontend_technologies", 1034 | "dynamic": true, 1035 | "tags": "match: frontend_technologies", 1036 | "cwes": [ 1037 | { 1038 | "cwe_id": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", 1039 | "cwe_mapping_reason": "XSS vulnerabilities could allow attackers to manipulate resource allocation interfaces for theft.", 1040 | "capecs_to_exclude": [ 1041 | "209", 1042 | "588", 1043 | "591", 1044 | "592", 1045 | "63", 1046 | "85" 1047 | ] 1048 | }, 1049 | { 1050 | "cwe_id": "CWE-352: Cross-Site Request Forgery (CSRF)", 1051 | "cwe_mapping_reason": "CSRF vulnerabilities could enable unauthorized resource allocation changes via forged requests.", 1052 | "capecs_to_exclude": [] 1053 | } 1054 | ] 1055 | }, 1056 | { 1057 | "name": "Transaction Security", 1058 | "dynamic": false, 1059 | "tags": "Transaction Security", 1060 | "cwes": [ 1061 | { 1062 | "cwe_id": "CWE-319: Cleartext Transmission of Sensitive Information", 1063 | "cwe_mapping_reason": "Unencrypted transmission of allocation data could be intercepted, facilitating resource theft.", 1064 | "capecs_to_exclude": [ 1065 | "102", 1066 | "477", 1067 | "65" 1068 | ] 1069 | }, 1070 | { 1071 | "cwe_id": "CWE-840: Business Logic Errors", 1072 | "cwe_mapping_reason": "Logic flaws could be exploited to redirect resources to unauthorized recipients.", 1073 | "capecs_to_exclude": [] 1074 | } 1075 | ] 1076 | } 1077 | ] 1078 | } 1079 | ] 1080 | } 1081 | ] 1082 | } 1083 | ] -------------------------------------------------------------------------------- /industry_focused_threat_libraries/insurance.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "threat": "Compromise of Systems and Credentials", 4 | "threat_description": "Unauthorized access to critical insurance systems and credentials, enabling attackers to manipulate underwriting processes, agent/broker interactions, regulatory reporting, or leverage stolen employee credentials for broader system access. This threat targets the integrity, availability, and confidentiality of insurance operations through exploitation of system vulnerabilities, phishing attacks, or insider threats. The primary concern is disruption of business operations, data manipulation, and unauthorized access to sensitive systems.", 5 | "motives": [ 6 | { 7 | "motive": "Manipulate underwriting data for financial gain", 8 | "components": [ 9 | { 10 | "name": "Underwriting Systems", 11 | "description": "Systems used to evaluate risks, determine premiums, and issue policies based on applicant data.", 12 | "sub_components": [ 13 | { 14 | "name": "match: authentication_type", 15 | "dynamic": true, 16 | "tags": "match: authentication_type", 17 | "cwes": [ 18 | { 19 | "cwe_id": "CWE-306: Missing Authentication for Critical Function", 20 | "cwe_mapping_reason": "Lack of authentication for critical underwriting functions could allow attackers to access and manipulate risk assessments or premium calculations for fraudulent policies.", 21 | "capecs_to_exclude": [ 22 | "12", 23 | "36" 24 | ] 25 | }, 26 | { 27 | "cwe_id": "CWE-287: Improper Authentication", 28 | "cwe_mapping_reason": "Weak authentication mechanisms in underwriting systems could be bypassed, enabling unauthorized changes to policy pricing or approvals for financial gain.", 29 | "capecs_to_exclude": [] 30 | } 31 | ] 32 | }, 33 | { 34 | "name": "Data Integrity", 35 | "dynamic": false, 36 | "tags": "Data Integrity", 37 | "cwes": [ 38 | { 39 | "cwe_id": "CWE-494: Download of Code Without Integrity Check", 40 | "cwe_mapping_reason": "Failure to verify the integrity of underwriting software updates could allow malicious code to alter risk evaluation logic for fraudulent purposes.", 41 | "capecs_to_exclude": [ 42 | "693", 43 | "695" 44 | ] 45 | }, 46 | { 47 | "cwe_id": "CWE-345: Insufficient Verification of Data Authenticity", 48 | "cwe_mapping_reason": "Inadequate validation of input data in underwriting systems could permit attackers to inject falsified applicant data to manipulate premiums or policy issuance.", 49 | "capecs_to_exclude": [] 50 | } 51 | ] 52 | } 53 | ] 54 | } 55 | ] 56 | }, 57 | { 58 | "motive": "Disrupt Broker Operations or Steal Commissions", 59 | "components": [ 60 | { 61 | "name": "Agent/Broker Systems", 62 | "description": "Platforms used by agents and brokers to manage client interactions, policy sales, and commission tracking.", 63 | "sub_components": [ 64 | { 65 | "name": "match: authorization_type", 66 | "dynamic": true, 67 | "tags": "match: authorization_type", 68 | "cwes": [ 69 | { 70 | "cwe_id": "CWE-284: Improper Access Control", 71 | "cwe_mapping_reason": "Poor access controls could allow unauthorized users to modify agent/broker records or redirect commission payments.", 72 | "capecs_to_exclude": [] 73 | }, 74 | { 75 | "cwe_id": "CWE-732: Incorrect Permission Assignment for Critical Resource", 76 | "cwe_mapping_reason": "Misconfigured permissions in agent/broker systems might enable attackers to escalate privileges and manipulate commission data or client portfolios.", 77 | "capecs_to_exclude": [] 78 | } 79 | ] 80 | }, 81 | { 82 | "name": "Session Management", 83 | "dynamic": false, 84 | "tags": "Session Management", 85 | "cwes": [ 86 | { 87 | "cwe_id": "CWE-384: Session Fixation", 88 | "cwe_mapping_reason": "Session fixation vulnerabilities could allow attackers to hijack agent sessions, gaining access to client data or commission details for theft.", 89 | "capecs_to_exclude": [] 90 | }, 91 | { 92 | "cwe_id": "CWE-613: Insufficient Session Expiration", 93 | "cwe_mapping_reason": "Long-lived sessions in agent/broker systems increase the risk of unauthorized access to sensitive operations or data.", 94 | "capecs_to_exclude": [] 95 | } 96 | ] 97 | } 98 | ] 99 | } 100 | ] 101 | }, 102 | { 103 | "motive": "Evade Regulatory Oversight", 104 | "components": [ 105 | { 106 | "name": "Regulatory Reporting", 107 | "description": "Systems responsible for generating and submitting compliance reports to regulatory bodies.", 108 | "sub_components": [ 109 | { 110 | "name": "match: validation_type", 111 | "dynamic": true, 112 | "tags": "match: validation_type", 113 | "cwes": [ 114 | { 115 | "cwe_id": "CWE-20: Improper Input Validation", 116 | "cwe_mapping_reason": "Inadequate validation of regulatory report data could allow attackers to submit falsified reports, evading compliance or triggering penalties.", 117 | "capecs_to_exclude": [] 118 | }, 119 | { 120 | "cwe_id": "CWE-346: Origin Validation Error", 121 | "cwe_mapping_reason": "Failure to verify the source of report data could enable attackers to inject manipulated data into regulatory submissions.", 122 | "capecs_to_exclude": [] 123 | } 124 | ] 125 | }, 126 | { 127 | "name": "Data Transmission", 128 | "dynamic": false, 129 | "tags": "Data Transmission", 130 | "cwes": [ 131 | { 132 | "cwe_id": "CWE-319: Cleartext Transmission of Sensitive Information", 133 | "cwe_mapping_reason": "Unencrypted transmission of regulatory data could be intercepted and altered to falsify compliance records.", 134 | "capecs_to_exclude": [ 135 | "102", 136 | "477", 137 | "65" 138 | ] 139 | }, 140 | { 141 | "cwe_id": "CWE-295: Improper Certificate Validation", 142 | "cwe_mapping_reason": "Improper validation of certificates during data submission could enable man-in-the-middle attacks to manipulate regulatory reports.", 143 | "capecs_to_exclude": [] 144 | } 145 | ] 146 | } 147 | ] 148 | } 149 | ] 150 | }, 151 | { 152 | "motive": "Gain unauthorized access to multiple systems", 153 | "components": [ 154 | { 155 | "name": "Stolen or Compromised Employee Credentials", 156 | "description": "Employee credentials that have been obtained through phishing, malware, or other means, granting attackers access to various insurance systems.", 157 | "sub_components": [ 158 | { 159 | "name": "match: authentication_type", 160 | "dynamic": true, 161 | "tags": "match: authentication_type", 162 | "cwes": [ 163 | { 164 | "cwe_id": "CWE-522: Insufficiently Protected Credentials", 165 | "cwe_mapping_reason": "Poorly protected credentials (e.g., weak passwords or lack of MFA) could be easily stolen and used to access multiple systems.", 166 | "capecs_to_exclude": [] 167 | }, 168 | { 169 | "cwe_id": "CWE-307: Improper Restriction of Excessive Authentication Attempts", 170 | "cwe_mapping_reason": "Lack of brute force protection could allow attackers to guess or crack employee credentials for system access.", 171 | "capecs_to_exclude": [] 172 | } 173 | ] 174 | }, 175 | { 176 | "name": "Credential Management", 177 | "dynamic": false, 178 | "tags": "Credential Management", 179 | "cwes": [ 180 | { 181 | "cwe_id": "CWE-798: Use of Hard-coded Credentials", 182 | "cwe_mapping_reason": "Hard-coded credentials in system configurations could be exploited by attackers to gain persistent access across systems.", 183 | "capecs_to_exclude": [ 184 | "191" 185 | ] 186 | }, 187 | { 188 | "cwe_id": "CWE-259: Use of Hard-coded Password", 189 | "cwe_mapping_reason": "Hard-coded passwords in scripts or applications could be discovered and used to compromise employee accounts and systems.", 190 | "capecs_to_exclude": [] 191 | } 192 | ] 193 | } 194 | ] 195 | } 196 | ] 197 | } 198 | ] 199 | }, 200 | { 201 | "threat": "Unauthorized Disclosure of Sensitive Insurance Data", 202 | "threat_description": "Unauthorized access to or exposure of policyholder PII or health records due to misconfigurations, insufficient access controls, or lack of encryption. This threat impacts confidentiality and regulatory compliance and may be motivated by financial gain, identity theft, or extortion.", 203 | "motives": [ 204 | { 205 | "motive": "Monetize Stolen Insurance Data", 206 | "components": [ 207 | { 208 | "name": "Policyholder Data", 209 | "description": "Repository of personal identifiable information (PII) including names, addresses, Social Security numbers, payment details, and policy records.", 210 | "sub_components": [ 211 | { 212 | "name": "match: authentication_type", 213 | "dynamic": true, 214 | "tags": "match: authentication_type", 215 | "cwes": [ 216 | { 217 | "cwe_id": "CWE-306: Missing Authentication for Critical Function", 218 | "cwe_mapping_reason": "Lack of authentication for accessing policyholder data could allow attackers to extract PII for sale on dark markets without resistance.", 219 | "capecs_to_exclude": [ 220 | "166", 221 | "36" 222 | ] 223 | }, 224 | { 225 | "cwe_id": "CWE-287: Improper Authentication", 226 | "cwe_mapping_reason": "Weak or flawed authentication mechanisms could be bypassed, enabling unauthorized access to policyholder data for illicit sale.", 227 | "capecs_to_exclude": [] 228 | } 229 | ] 230 | }, 231 | { 232 | "name": "Data Encryption", 233 | "dynamic": false, 234 | "tags": "Data Encryption", 235 | "cwes": [ 236 | { 237 | "cwe_id": "CWE-311: Missing Encryption of Sensitive Data", 238 | "cwe_mapping_reason": "Failure to encrypt policyholder data at rest increases the risk of exposure, making it easily harvestable for sale on illicit platforms.", 239 | "capecs_to_exclude": [] 240 | }, 241 | { 242 | "cwe_id": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm", 243 | "cwe_mapping_reason": "Use of outdated or weak encryption for policyholder data could be decrypted by attackers, facilitating its theft and sale.", 244 | "capecs_to_exclude": [] 245 | }, 246 | { 247 | "cwe_id": "CWE-312: Cleartext Storage of Sensitive Information", 248 | "cwe_mapping_reason": "Storing policyholder PII in cleartext within systems allows immediate access and exfiltration for sale on dark markets if breached.", 249 | "capecs_to_exclude": [] 250 | } 251 | ] 252 | }, 253 | { 254 | "name": "match: authorization_type", 255 | "dynamic": true, 256 | "tags": "match: authorization_type", 257 | "cwes": [ 258 | { 259 | "cwe_id": "CWE-284: Improper Access Control", 260 | "cwe_mapping_reason": "Inadequate access controls could permit unauthorized users to retrieve policyholder data for sale on illicit marketplaces.", 261 | "capecs_to_exclude": [] 262 | }, 263 | { 264 | "cwe_id": "CWE-269: Improper Privilege Management", 265 | "cwe_mapping_reason": "Poor privilege management might allow users to access policyholder data beyond their scope, enabling theft and resale.", 266 | "capecs_to_exclude": [] 267 | } 268 | ] 269 | } 270 | ] 271 | }, 272 | { 273 | "name": "Sensitive Health Information", 274 | "description": "Records containing policyholders' medical histories, diagnoses, treatments, and other health-related data subject to strict privacy regulations (e.g., HIPAA).", 275 | "sub_components": [ 276 | { 277 | "name": "match: authentication_type", 278 | "dynamic": true, 279 | "tags": "match: authentication_type", 280 | "cwes": [ 281 | { 282 | "cwe_id": "CWE-522: Insufficiently Protected Credentials", 283 | "cwe_mapping_reason": "Weak protection of credentials for accessing health data systems could allow attackers to steal sensitive records for sale.", 284 | "capecs_to_exclude": [] 285 | }, 286 | { 287 | "cwe_id": "CWE-307: Improper Restriction of Excessive Authentication Attempts", 288 | "cwe_mapping_reason": "Lack of brute force protections could enable attackers to compromise accounts with access to health information for illicit purposes.", 289 | "capecs_to_exclude": [] 290 | } 291 | ] 292 | }, 293 | { 294 | "name": "Data Transmission", 295 | "dynamic": false, 296 | "tags": "Data Transmission", 297 | "cwes": [ 298 | { 299 | "cwe_id": "CWE-319: Cleartext Transmission of Sensitive Information", 300 | "cwe_mapping_reason": "Unencrypted transmission of health data between systems could be intercepted, exposing sensitive records for sale on dark markets.", 301 | "capecs_to_exclude": [ 302 | "477", 303 | "65" 304 | ] 305 | }, 306 | { 307 | "cwe_id": "CWE-295: Improper Certificate Validation", 308 | "cwe_mapping_reason": "Failure to validate certificates during transmission could enable man-in-the-middle attacks, compromising health data for illicit sale.", 309 | "capecs_to_exclude": [ 310 | "459" 311 | ] 312 | } 313 | ] 314 | }, 315 | { 316 | "name": "Data Storage", 317 | "dynamic": false, 318 | "tags": "Data Storage", 319 | "cwes": [ 320 | { 321 | "cwe_id": "CWE-312: Cleartext Storage of Sensitive Information", 322 | "cwe_mapping_reason": "Storing health data in cleartext increases the risk of exposure if systems are breached, facilitating its sale on illicit markets.", 323 | "capecs_to_exclude": [] 324 | }, 325 | { 326 | "cwe_id": "CWE-922: Insecure Storage of Sensitive Information", 327 | "cwe_mapping_reason": "Insecure storage practices for health information could allow unauthorized access and exfiltration for profit on dark markets.", 328 | "capecs_to_exclude": [] 329 | } 330 | ] 331 | } 332 | ] 333 | } 334 | ] 335 | }, 336 | { 337 | "motive": "Leverage Sensitive Data for Blackmail or Extortion", 338 | "components": [ 339 | { 340 | "name": "Policyholder Data", 341 | "description": "Repository of personal identifiable information (PII) including names, addresses, Social Security numbers, payment details, and policy records.", 342 | "sub_components": [ 343 | { 344 | "name": "match: authorization_type", 345 | "dynamic": true, 346 | "tags": "match: authorization_type", 347 | "cwes": [ 348 | { 349 | "cwe_id": "CWE-732: Incorrect Permission Assignment for Critical Resource", 350 | "cwe_mapping_reason": "Misconfigured permissions could allow attackers to access policyholder data, which could then be used to identify and extort individuals.", 351 | "capecs_to_exclude": [] 352 | }, 353 | { 354 | "cwe_id": "CWE-639: Authorization Bypass Through User-Controlled Key", 355 | "cwe_mapping_reason": "Bypassing authorization via manipulated keys could grant access to policyholder data for blackmail purposes.", 356 | "capecs_to_exclude": [] 357 | } 358 | ] 359 | }, 360 | { 361 | "name": "Monitoring and Logging", 362 | "dynamic": false, 363 | "tags": "Monitoring and Logging", 364 | "cwes": [ 365 | { 366 | "cwe_id": "CWE-778: Insufficient Logging", 367 | "cwe_mapping_reason": "Inadequate logging of access to policyholder data could prevent detection of unauthorized extraction for extortion schemes.", 368 | "capecs_to_exclude": [] 369 | }, 370 | { 371 | "cwe_id": "CWE-223: Omission of Security-relevant Information", 372 | "cwe_mapping_reason": "Failure to log critical security events could allow attackers to access and use policyholder data for blackmail undetected.", 373 | "capecs_to_exclude": [] 374 | } 375 | ] 376 | } 377 | ] 378 | }, 379 | { 380 | "name": "Sensitive Health Information", 381 | "description": "Records containing policyholders' medical histories, diagnoses, treatments, and other health-related data subject to strict privacy regulations (e.g., HIPAA).", 382 | "sub_components": [ 383 | { 384 | "name": "match: authorization_type", 385 | "dynamic": true, 386 | "tags": "match: authorization_type", 387 | "cwes": [ 388 | { 389 | "cwe_id": "CWE-284: Improper Access Control", 390 | "cwe_mapping_reason": "Weak access controls could allow attackers to obtain sensitive health data, which could be leveraged to extort individuals with private medical details.", 391 | "capecs_to_exclude": [] 392 | }, 393 | { 394 | "cwe_id": "CWE-863: Incorrect Authorization", 395 | "cwe_mapping_reason": "Incorrect authorization checks might permit unauthorized access to health records, enabling blackmail based on sensitive diagnoses or treatments.", 396 | "capecs_to_exclude": [] 397 | } 398 | ] 399 | }, 400 | { 401 | "name": "Audit Controls", 402 | "dynamic": false, 403 | "tags": "Audit Controls", 404 | "cwes": [ 405 | { 406 | "cwe_id": "CWE-779: Logging of Excessive Data", 407 | "cwe_mapping_reason": "Over-logging sensitive health data in audit trails could inadvertently expose it to attackers, who could use it for extortion.", 408 | "capecs_to_exclude": [] 409 | }, 410 | { 411 | "cwe_id": "CWE-532: Insertion of Sensitive Information into Log File", 412 | "cwe_mapping_reason": "Including health data in logs without proper protection could allow attackers to harvest it for blackmail purposes.", 413 | "capecs_to_exclude": [] 414 | } 415 | ] 416 | } 417 | ] 418 | } 419 | ] 420 | } 421 | ] 422 | }, 423 | { 424 | "threat": "Unauthorized Access to Intellectual Property", 425 | "threat_description": "Theft of intellectual property, particularly proprietary pricing models, through compromised authentication or insufficient access controls. This threat targets confidentiality and competitive advantage by exposing actuarial algorithms and datasets.", 426 | "motives": [ 427 | { 428 | "motive": "Illicit Sale of Pricing Models To Competitors", 429 | "components": [ 430 | { 431 | "name": "Proprietary Pricing Models", 432 | "description": "Specialized algorithms, data sets, and methodologies developed by the insurance company to calculate premiums and assess risks, representing a critical intellectual property asset.", 433 | "sub_components": [ 434 | { 435 | "name": "match: authentication_type", 436 | "dynamic": true, 437 | "tags": "match: authentication_type", 438 | "cwes": [ 439 | { 440 | "cwe_id": "CWE-306: Missing Authentication for Critical Function", 441 | "cwe_mapping_reason": "Absence of authentication for accessing pricing model systems could allow attackers to steal proprietary data for sale to competitors.", 442 | "capecs_to_exclude": [] 443 | }, 444 | { 445 | "cwe_id": "CWE-287: Improper Authentication", 446 | "cwe_mapping_reason": "Weak authentication mechanisms protecting pricing model repositories could be exploited, enabling unauthorized access and theft of intellectual property.", 447 | "capecs_to_exclude": [] 448 | }, 449 | { 450 | "cwe_id": "CWE-798: Use of Hard-coded Credentials", 451 | "cwe_mapping_reason": "Hard-coded credentials in systems hosting pricing models could be discovered and used to extract proprietary data for illicit sale.", 452 | "capecs_to_exclude": [] 453 | } 454 | ] 455 | }, 456 | { 457 | "name": "Data Encryption", 458 | "dynamic": false, 459 | "tags": "Data Encryption", 460 | "cwes": [ 461 | { 462 | "cwe_id": "CWE-311: Missing Encryption of Sensitive Data", 463 | "cwe_mapping_reason": "Failure to encrypt proprietary pricing models at rest could allow attackers to access and steal this intellectual property for sale to competitors.", 464 | "capecs_to_exclude": [] 465 | }, 466 | { 467 | "cwe_id": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm", 468 | "cwe_mapping_reason": "Use of weak or outdated encryption for pricing model data could be cracked, exposing intellectual property to theft and resale.", 469 | "capecs_to_exclude": [] 470 | }, 471 | { 472 | "cwe_id": "CWE-312: Cleartext Storage of Sensitive Information", 473 | "cwe_mapping_reason": "Storing pricing models in cleartext within systems makes them immediately accessible to attackers for extraction and sale if breached.", 474 | "capecs_to_exclude": [] 475 | } 476 | ] 477 | }, 478 | { 479 | "name": "match: authorization_type", 480 | "dynamic": true, 481 | "tags": "match: authorization_type", 482 | "cwes": [ 483 | { 484 | "cwe_id": "CWE-284: Improper Access Control", 485 | "cwe_mapping_reason": "Inadequate access controls could allow unauthorized personnel to access and steal proprietary pricing models for competitive sale.", 486 | "capecs_to_exclude": [] 487 | }, 488 | { 489 | "cwe_id": "CWE-269: Improper Privilege Management", 490 | "cwe_mapping_reason": "Mismanaged privileges might enable users to access pricing models beyond their authorization, facilitating intellectual property theft.", 491 | "capecs_to_exclude": [] 492 | }, 493 | { 494 | "cwe_id": "CWE-732: Incorrect Permission Assignment for Critical Resource", 495 | "cwe_mapping_reason": "Misconfigured permissions on systems hosting pricing models could permit unauthorized access and extraction for sale to competitors.", 496 | "capecs_to_exclude": [] 497 | } 498 | ] 499 | }, 500 | { 501 | "name": "Data Transmission", 502 | "dynamic": false, 503 | "tags": "Data Transmission", 504 | "cwes": [ 505 | { 506 | "cwe_id": "CWE-319: Cleartext Transmission of Sensitive Information", 507 | "cwe_mapping_reason": "Unencrypted transmission of pricing model data between systems could be intercepted, allowing theft of intellectual property for resale.", 508 | "capecs_to_exclude": [] 509 | }, 510 | { 511 | "cwe_id": "CWE-295: Improper Certificate Validation", 512 | "cwe_mapping_reason": "Failure to validate certificates during data transfer could enable man-in-the-middle attacks, compromising pricing models for sale to competitors.", 513 | "capecs_to_exclude": [] 514 | } 515 | ] 516 | } 517 | ] 518 | } 519 | ] 520 | }, 521 | { 522 | "motive": "Use stolen pricing models for competitive advantage", 523 | "components": [ 524 | { 525 | "name": "Proprietary Pricing Models", 526 | "description": "Specialized algorithms, data sets, and methodologies developed by the insurance company to calculate premiums and assess risks, representing a critical intellectual property asset.", 527 | "sub_components": [ 528 | { 529 | "name": "match: authentication_type", 530 | "dynamic": true, 531 | "tags": "match: authentication_type", 532 | "cwes": [ 533 | { 534 | "cwe_id": "CWE-522: Insufficiently Protected Credentials", 535 | "cwe_mapping_reason": "Poorly protected credentials for pricing model systems could be stolen, granting attackers access to use the data for their own competitive gain.", 536 | "capecs_to_exclude": [] 537 | }, 538 | { 539 | "cwe_id": "CWE-307: Improper Restriction of Excessive Authentication Attempts", 540 | "cwe_mapping_reason": "Lack of brute force protection could allow attackers to compromise accounts with access to pricing models, enabling theft for competitive use.", 541 | "capecs_to_exclude": [] 542 | } 543 | ] 544 | }, 545 | { 546 | "name": "Monitoring and Logging", 547 | "dynamic": false, 548 | "tags": "Monitoring and Logging", 549 | "cwes": [ 550 | { 551 | "cwe_id": "CWE-778: Insufficient Logging", 552 | "cwe_mapping_reason": "Inadequate logging of access to pricing model data could prevent detection of theft, allowing attackers to use the data undetected for competitive advantage.", 553 | "capecs_to_exclude": [] 554 | }, 555 | { 556 | "cwe_id": "CWE-223: Omission of Security-relevant Information", 557 | "cwe_mapping_reason": "Failure to log critical security events related to pricing model access could enable unnoticed extraction and use by competitors.", 558 | "capecs_to_exclude": [] 559 | } 560 | ] 561 | }, 562 | { 563 | "name": "Data Storage", 564 | "dynamic": false, 565 | "tags": "Data Storage", 566 | "cwes": [ 567 | { 568 | "cwe_id": "CWE-922: Insecure Storage of Sensitive Information", 569 | "cwe_mapping_reason": "Insecure storage practices for pricing models could allow attackers to access and steal this intellectual property for their own competitive purposes.", 570 | "capecs_to_exclude": [] 571 | }, 572 | { 573 | "cwe_id": "CWE-538: File and Directory Information Exposure", 574 | "cwe_mapping_reason": "Improperly exposed file directories containing pricing models could be accessed by attackers, enabling theft for competitive use.", 575 | "capecs_to_exclude": [ 576 | "95" 577 | ] 578 | } 579 | ] 580 | }, 581 | { 582 | "name": "match: authorization_type", 583 | "dynamic": true, 584 | "tags": "match: authorization_type", 585 | "cwes": [ 586 | { 587 | "cwe_id": "CWE-639: Authorization Bypass Through User-Controlled Key", 588 | "cwe_mapping_reason": "Bypassing authorization via manipulated keys could allow attackers to access pricing models and use them for competitive advantage.", 589 | "capecs_to_exclude": [] 590 | }, 591 | { 592 | "cwe_id": "CWE-862: Missing Authorization", 593 | "cwe_mapping_reason": "Lack of proper authorization checks could permit unauthorized access to pricing models, enabling their theft and use by competitors.", 594 | "capecs_to_exclude": [] 595 | } 596 | ] 597 | } 598 | ] 599 | } 600 | ] 601 | } 602 | ] 603 | }, 604 | { 605 | "threat": "Denial of Service or Disruption of Operations", 606 | "threat_description": "Intentional interference with or degradation of critical insurance operations, specifically claims processing and catastrophe response systems. This threat involves attackers exploiting vulnerabilities, launching denial-of-service attacks, or manipulating workflows to impair the ability to process claims or respond to catastrophic events. The primary concerns are operational downtime, financial losses, customer dissatisfaction, and potential reputational damage.", 607 | "motives": [ 608 | { 609 | "motive": "Delay or Prevent Claims Processing", 610 | "components": [ 611 | { 612 | "name": "Claims Processing", 613 | "description": "Systems responsible for receiving, evaluating, and settling insurance claims submitted by policyholders.", 614 | "sub_components": [ 615 | { 616 | "name": "match: authentication_type", 617 | "dynamic": true, 618 | "tags": "match: authentication_type", 619 | "cwes": [ 620 | { 621 | "cwe_id": "CWE-306: Missing Authentication for Critical Function", 622 | "cwe_mapping_reason": "Lack of authentication for claims processing functions could allow attackers to disrupt workflows, delaying payouts.", 623 | "capecs_to_exclude": [ 624 | "12", 625 | "36" 626 | ] 627 | }, 628 | { 629 | "cwe_id": "CWE-287: Improper Authentication", 630 | "cwe_mapping_reason": "Weak authentication could be exploited to gain unauthorized access and manipulate or halt claims processing operations.", 631 | "capecs_to_exclude": [] 632 | } 633 | ] 634 | }, 635 | { 636 | "name": "Workflow Management", 637 | "dynamic": false, 638 | "tags": "Workflow Management", 639 | "cwes": [ 640 | { 641 | "cwe_id": "CWE-841: Improper Enforcement of Behavioral Workflow", 642 | "cwe_mapping_reason": "Failure to enforce proper claims processing workflows could allow attackers to disrupt the sequence, delaying or preventing payouts.", 643 | "capecs_to_exclude": [] 644 | }, 645 | { 646 | "cwe_id": "CWE-20: Improper Input Validation", 647 | "cwe_mapping_reason": "Inadequate validation of claims data inputs could be exploited to inject errors or bottlenecks, slowing down or stopping the process.", 648 | "capecs_to_exclude": [] 649 | } 650 | ] 651 | }, 652 | { 653 | "name": "Claims Processing Systems Availablity", 654 | "dynamic": true, 655 | "tags": "Claims Processing Systems Availablity", 656 | "cwes": [ 657 | { 658 | "cwe_id": "CWE-400: Uncontrolled Resource Consumption", 659 | "cwe_mapping_reason": "Unrestricted resource usage in claims systems could be exploited via DoS attacks, overwhelming the system and delaying payouts.", 660 | "capecs_to_exclude": [] 661 | }, 662 | { 663 | "cwe_id": "CWE-770: Allocation of Resources Without Limits or Throttling", 664 | "cwe_mapping_reason": "Lack of resource limits could allow attackers to flood claims processing systems, disrupting availability and preventing timely payouts.", 665 | "capecs_to_exclude": [] 666 | } 667 | ] 668 | }, 669 | { 670 | "name": "Data Transmission", 671 | "dynamic": false, 672 | "tags": "Data Transmission", 673 | "cwes": [ 674 | { 675 | "cwe_id": "CWE-319: Cleartext Transmission of Sensitive Information", 676 | "cwe_mapping_reason": "Unencrypted transmission of claims data could be intercepted and altered, disrupting processing and delaying payouts.", 677 | "capecs_to_exclude": [ 678 | "102", 679 | "477", 680 | "65" 681 | ] 682 | }, 683 | { 684 | "cwe_id": "CWE-494: Download of Code Without Integrity Check", 685 | "cwe_mapping_reason": "Failure to verify the integrity of updates to claims systems could allow malicious code to be introduced, disrupting operations.", 686 | "capecs_to_exclude": [ 687 | "693", 688 | "695" 689 | ] 690 | } 691 | ] 692 | } 693 | ] 694 | } 695 | ] 696 | }, 697 | { 698 | "motive": "Disrupt Disaster Recovery Operations", 699 | "components": [ 700 | { 701 | "name": "Catastrophe Response", 702 | "description": "Systems and processes designed to manage insurance operations during large-scale disasters, including resource allocation, claims surges, and communication with policyholders.", 703 | "sub_components": [ 704 | { 705 | "name": "Catastrophe Response Systems Availability", 706 | "dynamic": true, 707 | "tags": "Catastrophe Response Systems Availability", 708 | "cwes": [ 709 | { 710 | "cwe_id": "CWE-400: Uncontrolled Resource Consumption", 711 | "cwe_mapping_reason": "Uncontrolled resource usage could be exploited to overwhelm catastrophe response systems, impairing the ability to handle claims during disasters.", 712 | "capecs_to_exclude": [] 713 | }, 714 | { 715 | "cwe_id": "CWE-770: Allocation of Resources Without Limits or Throttling", 716 | "cwe_mapping_reason": "Lack of throttling in catastrophe response systems could allow attackers to disrupt availability during critical events.", 717 | "capecs_to_exclude": [] 718 | }, 719 | { 720 | "cwe_id": "CWE-730: Denial of Service via Algorithmic Complexity", 721 | "cwe_mapping_reason": "Exploiting inefficient algorithms in response systems could cause delays or crashes during high-demand catastrophe scenarios.", 722 | "capecs_to_exclude": [] 723 | } 724 | ] 725 | }, 726 | { 727 | "name": "match: authorization_type", 728 | "dynamic": true, 729 | "tags": "match: authorization_type", 730 | "cwes": [ 731 | { 732 | "cwe_id": "CWE-284: Improper Access Control", 733 | "cwe_mapping_reason": "Inadequate access controls could allow attackers to disrupt resource allocation or communication systems during a catastrophe.", 734 | "capecs_to_exclude": [] 735 | }, 736 | { 737 | "cwe_id": "CWE-732: Incorrect Permission Assignment for Critical Resource", 738 | "cwe_mapping_reason": "Misconfigured permissions could enable unauthorized changes to catastrophe response plans, impairing operational effectiveness.", 739 | "capecs_to_exclude": [] 740 | } 741 | ] 742 | }, 743 | { 744 | "name": "Communication Systems", 745 | "dynamic": false, 746 | "tags": "Communication Systems", 747 | "cwes": [ 748 | { 749 | "cwe_id": "CWE-665: Improper Initialization", 750 | "cwe_mapping_reason": "Improperly initialized communication systems could fail during a catastrophe, disrupting coordination and response efforts.", 751 | "capecs_to_exclude": [] 752 | }, 753 | { 754 | "cwe_id": "CWE-295: Improper Certificate Validation", 755 | "cwe_mapping_reason": "Failure to validate certificates in communication channels could allow attackers to spoof systems, impairing catastrophe response.", 756 | "capecs_to_exclude": [ 757 | "459", 758 | "475" 759 | ] 760 | } 761 | ] 762 | }, 763 | { 764 | "name": "Monitoring and Logging", 765 | "dynamic": false, 766 | "tags": "Monitoring and Logging", 767 | "cwes": [ 768 | { 769 | "cwe_id": "CWE-778: Insufficient Logging", 770 | "cwe_mapping_reason": "Inadequate logging could prevent detection of disruptions in catastrophe response systems, delaying mitigation efforts.", 771 | "capecs_to_exclude": [] 772 | }, 773 | { 774 | "cwe_id": "CWE-223: Omission of Security-relevant Information", 775 | "cwe_mapping_reason": "Failure to log critical events during a catastrophe could obscure malicious interference, impairing response capabilities.", 776 | "capecs_to_exclude": [] 777 | } 778 | ] 779 | } 780 | ] 781 | } 782 | ] 783 | } 784 | ] 785 | }, 786 | { 787 | "threat": "Unauthorized Alteration of Insurance Data or Workflows", 788 | "threat_description": "Manipulation of claims evidence, actuarial models, fraud detection systems or reinsurance records to enable fraud or impact business decisions. This threat affects the integrity of insurance operations and may originate from insiders or external actors.", 789 | "motives": [ 790 | { 791 | "motive": "Manipulate Risk Assessments or Calculations for Profit", 792 | "components": [ 793 | { 794 | "name": "Actuarial Models", 795 | "description": "Mathematical models and data sets used to assess risk, set premiums, and predict losses, critical to insurance pricing and profitability.", 796 | "sub_components": [ 797 | { 798 | "name": "match: authentication_type", 799 | "dynamic": true, 800 | "tags": "match: authentication_type", 801 | "cwes": [ 802 | { 803 | "cwe_id": "CWE-306: Missing Authentication for Critical Function", 804 | "cwe_mapping_reason": "Lack of authentication for actuarial model access could allow attackers to alter risk calculations for profit.", 805 | "capecs_to_exclude": [ 806 | "12", 807 | "36", 808 | "62" 809 | ] 810 | }, 811 | { 812 | "cwe_id": "CWE-287: Improper Authentication", 813 | "cwe_mapping_reason": "Weak authentication could be bypassed, enabling unauthorized manipulation of actuarial data to skew pricing or reserves.", 814 | "capecs_to_exclude": [] 815 | } 816 | ] 817 | }, 818 | { 819 | "name": "Data Integrity", 820 | "dynamic": false, 821 | "tags": "Data Integrity", 822 | "cwes": [ 823 | { 824 | "cwe_id": "CWE-345: Insufficient Verification of Data Authenticity", 825 | "cwe_mapping_reason": "Inadequate verification of actuarial data inputs could allow tampered data to be introduced, altering risk models for financial gain.", 826 | "capecs_to_exclude": [] 827 | }, 828 | { 829 | "cwe_id": "CWE-494: Download of Code Without Integrity Check", 830 | "cwe_mapping_reason": "Failure to verify the integrity of model updates could permit malicious code to manipulate actuarial calculations.", 831 | "capecs_to_exclude": [ 832 | "693", 833 | "695" 834 | ] 835 | } 836 | ] 837 | }, 838 | { 839 | "name": "match: authorization_type", 840 | "dynamic": true, 841 | "tags": "match: authorization_type", 842 | "cwes": [ 843 | { 844 | "cwe_id": "CWE-284: Improper Access Control", 845 | "cwe_mapping_reason": "Poor access controls could enable unauthorized users to tamper with actuarial models, skewing risk assessments for profit.", 846 | "capecs_to_exclude": [] 847 | }, 848 | { 849 | "cwe_id": "CWE-732: Incorrect Permission Assignment for Critical Resource", 850 | "cwe_mapping_reason": "Misconfigured permissions might allow tampering with actuarial data, affecting pricing and profitability.", 851 | "capecs_to_exclude": [] 852 | } 853 | ] 854 | } 855 | ] 856 | } 857 | ] 858 | }, 859 | { 860 | "motive": "Fabricate or Alter Claims for Fraudulent Payouts", 861 | "components": [ 862 | { 863 | "name": "Claims Evidence", 864 | "description": "Documentation and data submitted to support insurance claims, including photos, reports, and witness statements.", 865 | "sub_components": [ 866 | { 867 | "name": "match: validation_type", 868 | "dynamic": true, 869 | "tags": "match: validation_type", 870 | "cwes": [ 871 | { 872 | "cwe_id": "CWE-20: Improper Input Validation", 873 | "cwe_mapping_reason": "Inadequate validation of claims evidence could allow attackers to submit falsified data, enabling fraudulent payouts.", 874 | "capecs_to_exclude": [] 875 | }, 876 | { 877 | "cwe_id": "CWE-345: Insufficient Verification of Data Authenticity", 878 | "cwe_mapping_reason": "Failure to verify the authenticity of evidence could permit manipulation, supporting fraudulent claims.", 879 | "capecs_to_exclude": [] 880 | } 881 | ] 882 | }, 883 | { 884 | "name": "Data Storage", 885 | "dynamic": false, 886 | "tags": "Data Storage", 887 | "cwes": [ 888 | { 889 | "cwe_id": "CWE-922: Insecure Storage of Sensitive Information", 890 | "cwe_mapping_reason": "Insecure storage of claims evidence could allow attackers to alter records, facilitating fraudulent payouts.", 891 | "capecs_to_exclude": [] 892 | }, 893 | { 894 | "cwe_id": "CWE-312: Cleartext Storage of Sensitive Information", 895 | "cwe_mapping_reason": "Storing evidence in cleartext could enable easy tampering, supporting fraudulent claims processing.", 896 | "capecs_to_exclude": [ 897 | "37" 898 | ] 899 | } 900 | ] 901 | }, 902 | { 903 | "name": "match: authorization_type", 904 | "dynamic": true, 905 | "tags": "match: authorization_type", 906 | "cwes": [ 907 | { 908 | "cwe_id": "CWE-639: Authorization Bypass Through User-Controlled Key", 909 | "cwe_mapping_reason": "Bypassing authorization could allow attackers to modify claims evidence, enabling fraudulent approvals.", 910 | "capecs_to_exclude": [] 911 | }, 912 | { 913 | "cwe_id": "CWE-862: Missing Authorization", 914 | "cwe_mapping_reason": "Lack of authorization checks could permit unauthorized changes to evidence, supporting fraudulent payouts.", 915 | "capecs_to_exclude": [] 916 | } 917 | ] 918 | } 919 | ] 920 | } 921 | ] 922 | }, 923 | { 924 | "motive": "Modify Reinsurance Agreements for Financial Gain", 925 | "components": [ 926 | { 927 | "name": "Reinsurance Transactions", 928 | "description": "Systems and records managing agreements with reinsurers to transfer risk and share premiums or losses.", 929 | "sub_components": [ 930 | { 931 | "name": "match: authentication_type", 932 | "dynamic": true, 933 | "tags": "match: authentication_type", 934 | "cwes": [ 935 | { 936 | "cwe_id": "CWE-522: Insufficiently Protected Credentials", 937 | "cwe_mapping_reason": "Poorly protected credentials could be compromised, allowing attackers to alter reinsurance terms for profit.", 938 | "capecs_to_exclude": [] 939 | }, 940 | { 941 | "cwe_id": "CWE-307: Improper Restriction of Excessive Authentication Attempts", 942 | "cwe_mapping_reason": "Lack of brute force protection could enable unauthorized access to manipulate reinsurance transactions.", 943 | "capecs_to_exclude": [] 944 | } 945 | ] 946 | }, 947 | { 948 | "name": "Data Transmission", 949 | "dynamic": false, 950 | "tags": "Data Transmission", 951 | "cwes": [ 952 | { 953 | "cwe_id": "CWE-319: Cleartext Transmission of Sensitive Information", 954 | "cwe_mapping_reason": "Unencrypted transmission of reinsurance data could be intercepted and altered, skewing financial agreements.", 955 | "capecs_to_exclude": [ 956 | "102", 957 | "477", 958 | "65" 959 | ] 960 | }, 961 | { 962 | "cwe_id": "CWE-295: Improper Certificate Validation", 963 | "cwe_mapping_reason": "Failure to validate certificates could allow man-in-the-middle attacks to tamper with reinsurance transactions.", 964 | "capecs_to_exclude": [ 965 | "459" 966 | ] 967 | } 968 | ] 969 | }, 970 | { 971 | "name": "match: authorization_type", 972 | "dynamic": true, 973 | "tags": "match: authorization_type", 974 | "cwes": [ 975 | { 976 | "cwe_id": "CWE-284: Improper Access Control", 977 | "cwe_mapping_reason": "Weak access controls could permit unauthorized changes to reinsurance agreements, affecting financial outcomes.", 978 | "capecs_to_exclude": [] 979 | }, 980 | { 981 | "cwe_id": "CWE-269: Improper Privilege Management", 982 | "cwe_mapping_reason": "Mismanaged privileges might allow users to tamper with reinsurance data beyond their scope, enabling financial manipulation.", 983 | "capecs_to_exclude": [] 984 | } 985 | ] 986 | } 987 | ] 988 | } 989 | ] 990 | }, 991 | { 992 | "motive": "Bypass Fraud Detection", 993 | "components": [ 994 | { 995 | "name": "Fraud Detection Systems", 996 | "description": "Tools and processes designed to identify and prevent fraudulent claims or activities within insurance operations.", 997 | "sub_components": [ 998 | { 999 | "name": "match: validation_type", 1000 | "dynamic": true, 1001 | "tags": "match: validation_type", 1002 | "cwes": [ 1003 | { 1004 | "cwe_id": "CWE-20: Improper Input Validation", 1005 | "cwe_mapping_reason": "Poor validation of inputs to fraud detection could be exploited to manipulate data, evading fraud identification.", 1006 | "capecs_to_exclude": [] 1007 | }, 1008 | { 1009 | "cwe_id": "CWE-693: Protection Mechanism Failure", 1010 | "cwe_mapping_reason": "Failures in fraud detection mechanisms could allow attackers to bypass or disable alerts, hiding fraudulent activities.", 1011 | "capecs_to_exclude": [] 1012 | } 1013 | ] 1014 | }, 1015 | { 1016 | "name": "Monitoring and Logging", 1017 | "dynamic": false, 1018 | "tags": "Monitoring and Logging", 1019 | "cwes": [ 1020 | { 1021 | "cwe_id": "CWE-778: Insufficient Logging", 1022 | "cwe_mapping_reason": "Inadequate logging could prevent detection of tampering with fraud systems, allowing fraudulent activities to go unnoticed.", 1023 | "capecs_to_exclude": [] 1024 | }, 1025 | { 1026 | "cwe_id": "CWE-223: Omission of Security-relevant Information", 1027 | "cwe_mapping_reason": "Failure to log critical events could obscure manipulation of fraud detection, enabling evasion.", 1028 | "capecs_to_exclude": [] 1029 | } 1030 | ] 1031 | }, 1032 | { 1033 | "name": "match: authorization_type", 1034 | "dynamic": true, 1035 | "tags": "match: authorization_type", 1036 | "cwes": [ 1037 | { 1038 | "cwe_id": "CWE-732: Incorrect Permission Assignment for Critical Resource", 1039 | "cwe_mapping_reason": "Misconfigured permissions could allow attackers to disable or alter fraud detection rules, evading scrutiny.", 1040 | "capecs_to_exclude": [] 1041 | }, 1042 | { 1043 | "cwe_id": "CWE-862: Missing Authorization", 1044 | "cwe_mapping_reason": "Lack of authorization checks could permit tampering with fraud detection logic, hiding fraudulent behavior.", 1045 | "capecs_to_exclude": [] 1046 | } 1047 | ] 1048 | } 1049 | ] 1050 | } 1051 | ] 1052 | } 1053 | ] 1054 | }, 1055 | { 1056 | "threat": "Abuse of Claims and Payment Systems", 1057 | "threat_description": "Exploitation of claims and payment mechanisms to secure unauthorized financial gain via falsified submissions or redirected transactions. This threat affects financial integrity and is driven by motives of theft, deception, or system manipulation.", 1058 | "motives": [ 1059 | { 1060 | "motive": "Obtain Payouts through Fraudulent Claims", 1061 | "components": [ 1062 | { 1063 | "name": "Submission of Fraudulent Insurance Claims", 1064 | "description": "The process by which attackers submit falsified or exaggerated claims to secure illegitimate payouts from the insurance company.", 1065 | "sub_components": [ 1066 | { 1067 | "name": "match: validation_type", 1068 | "dynamic": true, 1069 | "tags": "match: validation_type", 1070 | "cwes": [ 1071 | { 1072 | "cwe_id": "CWE-20: Improper Input Validation", 1073 | "cwe_mapping_reason": "Inadequate validation of claim submissions could allow attackers to input falsified data, securing fraudulent payouts.", 1074 | "capecs_to_exclude": [] 1075 | }, 1076 | { 1077 | "cwe_id": "CWE-345: Insufficient Verification of Data Authenticity", 1078 | "cwe_mapping_reason": "Failure to verify the authenticity of claim documents could enable submission of forged evidence for financial gain.", 1079 | "capecs_to_exclude": [] 1080 | } 1081 | ] 1082 | }, 1083 | { 1084 | "name": "match: authentication_type", 1085 | "dynamic": true, 1086 | "tags": "match: authentication_type", 1087 | "cwes": [ 1088 | { 1089 | "cwe_id": "CWE-306: Missing Authentication for Critical Function", 1090 | "cwe_mapping_reason": "Lack of authentication for claim submission systems could allow attackers to submit fraudulent claims without verification.", 1091 | "capecs_to_exclude": [ 1092 | "12", 1093 | "36" 1094 | ] 1095 | }, 1096 | { 1097 | "cwe_id": "CWE-287: Improper Authentication", 1098 | "cwe_mapping_reason": "Weak authentication mechanisms could be bypassed, enabling unauthorized submission of fraudulent claims.", 1099 | "capecs_to_exclude": [] 1100 | }, 1101 | { 1102 | "cwe_id": "CWE-290: Authentication Bypass by Spoofing", 1103 | "cwe_mapping_reason": "Spoofing vulnerabilities could allow attackers to impersonate legitimate policyholders, submitting fraudulent claims for payouts.", 1104 | "capecs_to_exclude": [ 1105 | "667" 1106 | ] 1107 | } 1108 | ] 1109 | }, 1110 | { 1111 | "name": "Claims Workflow", 1112 | "dynamic": false, 1113 | "tags": "Claims Workflow", 1114 | "cwes": [ 1115 | { 1116 | "cwe_id": "CWE-841: Improper Enforcement of Behavioral Workflow", 1117 | "cwe_mapping_reason": "Weak enforcement of claims processing steps could allow attackers to bypass verification, facilitating fraudulent payouts.", 1118 | "capecs_to_exclude": [] 1119 | }, 1120 | { 1121 | "cwe_id": "CWE-693: Protection Mechanism Failure", 1122 | "cwe_mapping_reason": "Failures in fraud prevention controls within the claims workflow could enable fraudulent claims to be processed undetected.", 1123 | "capecs_to_exclude": [] 1124 | } 1125 | ] 1126 | }, 1127 | { 1128 | "name": "match: authorization_type", 1129 | "dynamic": true, 1130 | "tags": "match: authorization_type", 1131 | "cwes": [ 1132 | { 1133 | "cwe_id": "CWE-284: Improper Access Control", 1134 | "cwe_mapping_reason": "Inadequate access controls could allow unauthorized users to submit or approve fraudulent claims for financial gain.", 1135 | "capecs_to_exclude": [] 1136 | }, 1137 | { 1138 | "cwe_id": "CWE-639: Authorization Bypass Through User-Controlled Key", 1139 | "cwe_mapping_reason": "Bypassing authorization could enable attackers to manipulate claim approvals, securing fraudulent payouts.", 1140 | "capecs_to_exclude": [] 1141 | } 1142 | ] 1143 | } 1144 | ] 1145 | } 1146 | ] 1147 | }, 1148 | { 1149 | "motive": "Steal or Redirect Premium Payments", 1150 | "components": [ 1151 | { 1152 | "name": "Interception or Manipulation of Premium Payment Transactions", 1153 | "description": "Systems and processes handling the collection and processing of premium payments from policyholders, vulnerable to interception or alteration.", 1154 | "sub_components": [ 1155 | { 1156 | "name": "match: authentication_type", 1157 | "dynamic": true, 1158 | "tags": "match: authentication_type", 1159 | "cwes": [ 1160 | { 1161 | "cwe_id": "CWE-522: Insufficiently Protected Credentials", 1162 | "cwe_mapping_reason": "Poorly protected credentials for payment systems could be stolen, allowing attackers to redirect premium transactions.", 1163 | "capecs_to_exclude": [] 1164 | }, 1165 | { 1166 | "cwe_id": "CWE-307: Improper Restriction of Excessive Authentication Attempts", 1167 | "cwe_mapping_reason": "Lack of brute force protection could enable attackers to compromise accounts involved in premium payments.", 1168 | "capecs_to_exclude": [] 1169 | } 1170 | ] 1171 | }, 1172 | { 1173 | "name": "Data Transmission", 1174 | "dynamic": false, 1175 | "tags": "Data Transmission", 1176 | "cwes": [ 1177 | { 1178 | "cwe_id": "CWE-319: Cleartext Transmission of Sensitive Information", 1179 | "cwe_mapping_reason": "Unencrypted transmission of payment data could be intercepted, allowing attackers to steal or redirect premiums.", 1180 | "capecs_to_exclude": [ 1181 | "477", 1182 | "65" 1183 | ] 1184 | }, 1185 | { 1186 | "cwe_id": "CWE-295: Improper Certificate Validation", 1187 | "cwe_mapping_reason": "Failure to validate certificates could enable man-in-the-middle attacks, intercepting or altering premium transactions.", 1188 | "capecs_to_exclude": [] 1189 | }, 1190 | { 1191 | "cwe_id": "CWE-326: Inadequate Encryption Strength", 1192 | "cwe_mapping_reason": "Weak encryption of payment data in transit could be exploited, allowing interception and redirection of funds.", 1193 | "capecs_to_exclude": [] 1194 | } 1195 | ] 1196 | }, 1197 | { 1198 | "name": "Payment Processing", 1199 | "dynamic": false, 1200 | "tags": "Payment Processing", 1201 | "cwes": [ 1202 | { 1203 | "cwe_id": "CWE-20: Improper Input Validation", 1204 | "cwe_mapping_reason": "Inadequate validation of payment transaction inputs could allow attackers to manipulate payment destinations for theft.", 1205 | "capecs_to_exclude": [] 1206 | }, 1207 | { 1208 | "cwe_id": "CWE-840: Business Logic Errors", 1209 | "cwe_mapping_reason": "Flaws in payment processing logic could be exploited to redirect premiums to unauthorized accounts.", 1210 | "capecs_to_exclude": [] 1211 | } 1212 | ] 1213 | }, 1214 | { 1215 | "name": "match: authorization_type", 1216 | "dynamic": true, 1217 | "tags": "match: authorization_type", 1218 | "cwes": [ 1219 | { 1220 | "cwe_id": "CWE-732: Incorrect Permission Assignment for Critical Resource", 1221 | "cwe_mapping_reason": "Misconfigured permissions could allow attackers to alter payment routing, redirecting premiums for financial gain.", 1222 | "capecs_to_exclude": [] 1223 | }, 1224 | { 1225 | "cwe_id": "CWE-269: Improper Privilege Management", 1226 | "cwe_mapping_reason": "Poor privilege management might enable unauthorized users to manipulate premium transactions, stealing funds.", 1227 | "capecs_to_exclude": [] 1228 | } 1229 | ] 1230 | } 1231 | ] 1232 | } 1233 | ] 1234 | } 1235 | ] 1236 | }, 1237 | { 1238 | "threat": "Ransomware Deployment via System Compromise", 1239 | "threat_description": "Deployment of ransomware through compromised authentication or supply chain injection, resulting in encryption or inaccessibility of critical data and systems. This threat impacts availability and confidentiality and is intended to extort ransom payments or threaten data exposure.", 1240 | "motives": [ 1241 | { 1242 | "motive": "Extract ransom payments by locking critical data", 1243 | "components": [ 1244 | { 1245 | "name": "Data Repositories", 1246 | "description": "Centralized storage systems containing sensitive insurance data, such as policyholder information, claims records, and financial details, prime targets for encryption in ransomware attacks.", 1247 | "sub_components": [ 1248 | { 1249 | "name": "match: authentication_type", 1250 | "dynamic": true, 1251 | "tags": "match: authentication_type", 1252 | "cwes": [ 1253 | { 1254 | "cwe_id": "CWE-306: Missing Authentication for Critical Function", 1255 | "cwe_mapping_reason": "Lack of authentication for data repository access could allow ransomware to infiltrate and encrypt critical data, enabling extortion.", 1256 | "capecs_to_exclude": [ 1257 | "12", 1258 | "166", 1259 | "36", 1260 | "62" 1261 | ] 1262 | }, 1263 | { 1264 | "cwe_id": "CWE-287: Improper Authentication", 1265 | "cwe_mapping_reason": "Weak authentication could be exploited to deploy ransomware, locking data repositories for ransom demands.", 1266 | "capecs_to_exclude": [] 1267 | } 1268 | ] 1269 | }, 1270 | { 1271 | "name": "Data Encryption", 1272 | "dynamic": false, 1273 | "tags": "Data Encryption", 1274 | "cwes": [ 1275 | { 1276 | "cwe_id": "CWE-311: Missing Encryption of Sensitive Data", 1277 | "cwe_mapping_reason": "Unencrypted data at rest is more vulnerable to ransomware encryption, increasing the likelihood of successful extortion.", 1278 | "capecs_to_exclude": [] 1279 | }, 1280 | { 1281 | "cwe_id": "CWE-326: Inadequate Encryption Strength", 1282 | "cwe_mapping_reason": "Weak encryption could be bypassed or overwritten by ransomware, locking data and supporting ransom demands.", 1283 | "capecs_to_exclude": [] 1284 | } 1285 | ] 1286 | }, 1287 | { 1288 | "name": "match: authorization_type", 1289 | "dynamic": true, 1290 | "tags": "match: authorization_type", 1291 | "cwes": [ 1292 | { 1293 | "cwe_id": "CWE-284: Improper Access Control", 1294 | "cwe_mapping_reason": "Inadequate access controls could allow ransomware to spread within data repositories, encrypting files for extortion.", 1295 | "capecs_to_exclude": [] 1296 | }, 1297 | { 1298 | "cwe_id": "CWE-732: Incorrect Permission Assignment for Critical Resource", 1299 | "cwe_mapping_reason": "Misconfigured permissions might enable ransomware to gain sufficient access to lock critical data, facilitating ransom demands.", 1300 | "capecs_to_exclude": [] 1301 | } 1302 | ] 1303 | }, 1304 | { 1305 | "name": "Backup Systems", 1306 | "dynamic": false, 1307 | "tags": "Backup Systems", 1308 | "cwes": [ 1309 | { 1310 | "cwe_id": "CWE-693: Protection Mechanism Failure", 1311 | "cwe_mapping_reason": "Failure of backup protections could allow ransomware to encrypt or delete backups, leaving no recovery option except paying the ransom.", 1312 | "capecs_to_exclude": [] 1313 | }, 1314 | { 1315 | "cwe_id": "CWE-552: Files or Directories Accessible to External Parties", 1316 | "cwe_mapping_reason": "Exposed backup directories could be targeted by ransomware, undermining recovery efforts and strengthening extortion leverage.", 1317 | "capecs_to_exclude": [ 1318 | "150", 1319 | "639" 1320 | ] 1321 | } 1322 | ] 1323 | } 1324 | ] 1325 | } 1326 | ] 1327 | }, 1328 | { 1329 | "motive": "Disrupt Operations and Extort Payment for Restoration", 1330 | "components": [ 1331 | { 1332 | "name": "Operational Systems", 1333 | "description": "Core systems supporting insurance operations, such as claims processing, underwriting, and customer portals, critical for daily business functions and vulnerable to ransomware-induced downtime.", 1334 | "sub_components": [ 1335 | { 1336 | "name": "Insurance Core Systems Availability", 1337 | "dynamic": true, 1338 | "tags": "Insurance Core Systems Availability", 1339 | "cwes": [ 1340 | { 1341 | "cwe_id": "CWE-400: Uncontrolled Resource Consumption", 1342 | "cwe_mapping_reason": "Unrestricted resource usage could be exploited by ransomware to overwhelm systems, disrupting operations and supporting extortion.", 1343 | "capecs_to_exclude": [] 1344 | }, 1345 | { 1346 | "cwe_id": "CWE-770: Allocation of Resources Without Limits or Throttling", 1347 | "cwe_mapping_reason": "Lack of resource limits could allow ransomware to lock operational systems, forcing payment for restoration.", 1348 | "capecs_to_exclude": [ 1349 | "125", 1350 | "130", 1351 | "147", 1352 | "197", 1353 | "229", 1354 | "230", 1355 | "231", 1356 | "469", 1357 | "482", 1358 | "486", 1359 | "487", 1360 | "488", 1361 | "489", 1362 | "490", 1363 | "491", 1364 | "493", 1365 | "494", 1366 | "495", 1367 | "496", 1368 | "528" 1369 | ] 1370 | } 1371 | ] 1372 | }, 1373 | { 1374 | "name": "match: authentication_type", 1375 | "dynamic": true, 1376 | "tags": "match: authentication_type", 1377 | "cwes": [ 1378 | { 1379 | "cwe_id": "CWE-522: Insufficiently Protected Credentials", 1380 | "cwe_mapping_reason": "Poorly protected credentials could be stolen, allowing ransomware to infiltrate and disrupt operational systems for ransom.", 1381 | "capecs_to_exclude": [] 1382 | }, 1383 | { 1384 | "cwe_id": "CWE-798: Use of Hard-coded Credentials", 1385 | "cwe_mapping_reason": "Hard-coded credentials in operational systems could be exploited to deploy ransomware, locking access for extortion.", 1386 | "capecs_to_exclude": [ 1387 | "191" 1388 | ] 1389 | } 1390 | ] 1391 | }, 1392 | { 1393 | "name": "Software Updates", 1394 | "dynamic": false, 1395 | "tags": "Software Updates", 1396 | "cwes": [ 1397 | { 1398 | "cwe_id": "CWE-494: Download of Code Without Integrity Check", 1399 | "cwe_mapping_reason": "Failure to verify software update integrity could allow ransomware to be introduced, disrupting operations and enabling extortion.", 1400 | "capecs_to_exclude": [] 1401 | }, 1402 | { 1403 | "cwe_id": "CWE-829: Inclusion of Functionality from Untrusted Control Sphere", 1404 | "cwe_mapping_reason": "Incorporating untrusted updates or plugins could introduce ransomware, locking systems and supporting ransom demands.", 1405 | "capecs_to_exclude": [ 1406 | "175", 1407 | "201", 1408 | "228", 1409 | "251", 1410 | "252", 1411 | "263", 1412 | "538", 1413 | "549", 1414 | "640", 1415 | "660", 1416 | "695" 1417 | ] 1418 | } 1419 | ] 1420 | }, 1421 | { 1422 | "name": "Monitoring and Logging", 1423 | "dynamic": false, 1424 | "tags": "Monitoring and Logging", 1425 | "cwes": [ 1426 | { 1427 | "cwe_id": "CWE-778: Insufficient Logging", 1428 | "cwe_mapping_reason": "Inadequate logging could delay detection of ransomware activity, allowing operational disruption and strengthening extortion efforts.", 1429 | "capecs_to_exclude": [] 1430 | }, 1431 | { 1432 | "cwe_id": "CWE-223: Omission of Security-relevant Information", 1433 | "cwe_mapping_reason": "Failure to log critical events could obscure ransomware deployment, hindering mitigation and increasing ransom pressure.", 1434 | "capecs_to_exclude": [] 1435 | } 1436 | ] 1437 | } 1438 | ] 1439 | } 1440 | ] 1441 | } 1442 | ] 1443 | }, 1444 | { 1445 | "threat": "Exploitation of External Access or Systems", 1446 | "threat_description": "Unauthorized exploitation of external access points or systems integrated with insurance operations, specifically third-party vendor access and telematics systems. This threat involves attackers leveraging vulnerabilities in external connections, credentials, or devices to gain access, manipulate data, or disrupt services. The primary concerns are breaches of security through trusted external entities, loss of data integrity, and potential operational or financial impacts.", 1447 | "motives": [ 1448 | { 1449 | "motive": "Exploit Vendor Access to Reach Internal Systems", 1450 | "components": [ 1451 | { 1452 | "name": "Third-Party Vendor Access", 1453 | "description": "Access points and systems provided to third-party vendors for collaboration, data sharing, or service provision, often integrated with internal insurance networks.", 1454 | "sub_components": [ 1455 | { 1456 | "name": "match: authentication_type", 1457 | "dynamic": true, 1458 | "tags": "match: authentication_type", 1459 | "cwes": [ 1460 | { 1461 | "cwe_id": "CWE-306: Missing Authentication for Critical Function", 1462 | "cwe_mapping_reason": "Lack of authentication for vendor access could allow attackers to infiltrate internal systems undetected.", 1463 | "capecs_to_exclude": [ 1464 | "12", 1465 | "166", 1466 | "36" 1467 | ] 1468 | }, 1469 | { 1470 | "cwe_id": "CWE-287: Improper Authentication", 1471 | "cwe_mapping_reason": "Weak authentication mechanisms for vendor systems could be exploited to gain unauthorized access to insurance networks.", 1472 | "capecs_to_exclude": [] 1473 | }, 1474 | { 1475 | "cwe_id": "CWE-522: Insufficiently Protected Credentials", 1476 | "cwe_mapping_reason": "Poorly protected vendor credentials could be compromised, providing a gateway to internal systems.", 1477 | "capecs_to_exclude": [] 1478 | } 1479 | ] 1480 | }, 1481 | { 1482 | "name": "match: authorization_type", 1483 | "dynamic": true, 1484 | "tags": "match: authorization_type", 1485 | "cwes": [ 1486 | { 1487 | "cwe_id": "CWE-284: Improper Access Control", 1488 | "cwe_mapping_reason": "Inadequate access controls could allow vendors to exceed intended privileges, enabling exploitation of internal systems.", 1489 | "capecs_to_exclude": [] 1490 | }, 1491 | { 1492 | "cwe_id": "CWE-732: Incorrect Permission Assignment for Critical Resource", 1493 | "cwe_mapping_reason": "Misconfigured permissions for vendor access could grant excessive rights, facilitating unauthorized system exploitation.", 1494 | "capecs_to_exclude": [] 1495 | }, 1496 | { 1497 | "cwe_id": "CWE-269: Improper Privilege Management", 1498 | "cwe_mapping_reason": "Poor privilege management might allow vendors to escalate access, compromising internal insurance systems.", 1499 | "capecs_to_exclude": [] 1500 | } 1501 | ] 1502 | }, 1503 | { 1504 | "name": "Data Transmission", 1505 | "dynamic": false, 1506 | "tags": "Data Transmission", 1507 | "cwes": [ 1508 | { 1509 | "cwe_id": "CWE-319: Cleartext Transmission of Sensitive Information", 1510 | "cwe_mapping_reason": "Unencrypted data exchange with vendors could be intercepted, providing attackers access to internal systems or data.", 1511 | "capecs_to_exclude": [ 1512 | "102", 1513 | "477", 1514 | "65" 1515 | ] 1516 | }, 1517 | { 1518 | "cwe_id": "CWE-295: Improper Certificate Validation", 1519 | "cwe_mapping_reason": "Failure to validate certificates in vendor communications could enable man-in-the-middle attacks, compromising internal access.", 1520 | "capecs_to_exclude": [ 1521 | "459" 1522 | ] 1523 | } 1524 | ] 1525 | }, 1526 | { 1527 | "name": "Vendor System Security", 1528 | "dynamic": false, 1529 | "tags": "Vendor System Security", 1530 | "cwes": [ 1531 | { 1532 | "cwe_id": "CWE-829: Inclusion of Functionality from Untrusted Control Sphere", 1533 | "cwe_mapping_reason": "Integrating untrusted vendor code or systems could introduce vulnerabilities, allowing exploitation of internal networks.", 1534 | "capecs_to_exclude": [ 1535 | "175", 1536 | "201", 1537 | "228", 1538 | "251", 1539 | "252", 1540 | "263", 1541 | "549", 1542 | "640", 1543 | "660" 1544 | ] 1545 | }, 1546 | { 1547 | "cwe_id": "CWE-494: Download of Code Without Integrity Check", 1548 | "cwe_mapping_reason": "Failure to verify vendor-provided updates could allow malicious code to infiltrate systems, enabling exploitation.", 1549 | "capecs_to_exclude": [ 1550 | "662", 1551 | "693", 1552 | "695" 1553 | ] 1554 | } 1555 | ] 1556 | } 1557 | ] 1558 | } 1559 | ] 1560 | }, 1561 | { 1562 | "motive": "Manipulate or Extract Telematics Data for Profit", 1563 | "components": [ 1564 | { 1565 | "name": "Telematics Systems", 1566 | "description": "Systems collecting and processing real-time data from policyholder vehicles or devices (e.g., driving behavior, location), used for usage-based insurance and risk assessment.", 1567 | "sub_components": [ 1568 | { 1569 | "name": "match: authentication_type", 1570 | "dynamic": true, 1571 | "tags": "match: authentication_type", 1572 | "cwes": [ 1573 | { 1574 | "cwe_id": "CWE-306: Missing Authentication for Critical Function", 1575 | "cwe_mapping_reason": "Lack of authentication for telematics systems could allow attackers to access and manipulate data for profit.", 1576 | "capecs_to_exclude": [ 1577 | "12", 1578 | "36", 1579 | "62" 1580 | ] 1581 | }, 1582 | { 1583 | "cwe_id": "CWE-287: Improper Authentication", 1584 | "cwe_mapping_reason": "Weak authentication could be bypassed, enabling unauthorized access to telematics data for exploitation.", 1585 | "capecs_to_exclude": [] 1586 | } 1587 | ] 1588 | }, 1589 | { 1590 | "name": "Data Transmission", 1591 | "dynamic": false, 1592 | "tags": "Data Transmission", 1593 | "cwes": [ 1594 | { 1595 | "cwe_id": "CWE-319: Cleartext Transmission of Sensitive Information", 1596 | "cwe_mapping_reason": "Unencrypted telematics data transmission could be intercepted, allowing manipulation or extraction for profit.", 1597 | "capecs_to_exclude": [] 1598 | }, 1599 | { 1600 | "cwe_id": "CWE-326: Inadequate Encryption Strength", 1601 | "cwe_mapping_reason": "Weak encryption of telematics data in transit could be decrypted, enabling attackers to exploit it for financial gain.", 1602 | "capecs_to_exclude": [] 1603 | }, 1604 | { 1605 | "cwe_id": "CWE-295: Improper Certificate Validation", 1606 | "cwe_mapping_reason": "Failure to validate certificates could allow spoofing of telematics devices, compromising data integrity.", 1607 | "capecs_to_exclude": [] 1608 | } 1609 | ] 1610 | }, 1611 | { 1612 | "name": "Device Security", 1613 | "dynamic": false, 1614 | "tags": "Device Security", 1615 | "cwes": [ 1616 | { 1617 | "cwe_id": "CWE-798: Use of Hard-coded Credentials", 1618 | "cwe_mapping_reason": "Hard-coded credentials in telematics devices could be exploited to gain access and manipulate data for profit.", 1619 | "capecs_to_exclude": [ 1620 | "191" 1621 | ] 1622 | }, 1623 | { 1624 | "cwe_id": "CWE-862: Missing Authorization", 1625 | "cwe_mapping_reason": "Lack of authorization checks on telematics devices could allow attackers to alter data or extract it for illicit use.", 1626 | "capecs_to_exclude": [] 1627 | } 1628 | ] 1629 | }, 1630 | { 1631 | "name": "Data Integrity", 1632 | "dynamic": false, 1633 | "tags": "Data Integrity", 1634 | "cwes": [ 1635 | { 1636 | "cwe_id": "CWE-345: Insufficient Verification of Data Authenticity", 1637 | "cwe_mapping_reason": "Inadequate verification of telematics data could allow attackers to inject falsified data, manipulating risk assessments for profit.", 1638 | "capecs_to_exclude": [] 1639 | }, 1640 | { 1641 | "cwe_id": "CWE-20: Improper Input Validation", 1642 | "cwe_mapping_reason": "Poor validation of telematics inputs could enable manipulation of driving data, affecting insurance pricing or claims.", 1643 | "capecs_to_exclude": [] 1644 | } 1645 | ] 1646 | } 1647 | ] 1648 | } 1649 | ] 1650 | } 1651 | ] 1652 | } 1653 | ] --------------------------------------------------------------------------------