Gain unauthorised access

Use, disclosure, alteration, and destruction of information, including gaining access to the network to gain access to the information and/or gaining access to the building with the devices the information resides on.


Attack:

1 Gain credentials of an authorised user in a vulnerable physical context (OR)

1.1 Ask for a temporary use of password from an already authorised user (OR)
1.2 Cooperate with an already authorised user to receive credentials (OR)
1.3 Fool an authorised user to leak credentials (OR)
1.4 Shoulder surfing (OR)
1.5 Install and use keylogger (OR)
1.6 Implant other malware for further remote intrusions (OR)
1.7 Use an unattended logged-in machine (OR)
1.8 Steal devices containing credentials of authorised users (OR)
1.9 Steal devices or storage containing the information

2 Capture authorised user credentials via vulnerable web application (OR)

2.1 Phishing (OR)
2.2 Pharming (OR)

3 Steal credentials via vulnerable network (OR)

3.2 Capture password from router configuration (OR)
3.2.1 Compromise router (AND)
3.2.1.1 View unencrypted router configuration (OR)
3.2.1.2 Decrypt encrypted router configuration

4 Discover implementation flaw in access control protocol

5 Discover new attack