ID,Threat,Category,Source,Description,TTP (MITRE ATT&CK),Relevance,Targeted Assets,Likelihood,Potential Impact,Mitigation Controls,Last Reviewed
T-001,Ransomware (double extortion),Malware,BSI CSW + CERT-EU,Financially motivated groups (LockBit Black Basta Akira) target mid-size logistics,T1486 T1190 T1566.001,High,File servers domain controllers backups,High,Critical,Offline backups EDR MFA segmentation awareness,2026-04-01
T-002,Credential phishing,Social engineering,BSI Lagebericht 2025,Large-scale phishing with adversary-in-the-middle kits,T1566.002 T1111,High,User accounts M365,High,High,Mail filter awareness phishing-resistant MFA,2026-04-01
T-003,Business email compromise (CEO fraud),Social engineering,Allianz Cyber-Report,Impersonation of CEO/CFO targeting finance,T1534 T1656,Medium,Finance team,Medium,High,Dual approval for payments BEC training,2026-04-01
T-004,Supply chain compromise,Supply chain,ENISA Threat Landscape 2025,Compromise via updates or dependencies (xz SolarWinds-style),T1195.002,Medium,Build pipeline dependencies,Medium,Critical,SBOM dependency scan vendor risk review,2026-04-01
T-005,Exploitation of public-facing services,Vulnerability,CISA KEV,Mass exploitation of VPN firewall edge (Fortinet Ivanti Citrix),T1190,High,VPN firewall perimeter,High,High,Patch SLA asset exposure monitoring pentests,2026-04-01
T-006,Insider threat - malicious leaver,Insider,ACFE report,Leavers exfiltrating data via personal cloud/email,T1537 T1048,Medium,CRM HR finance data,Medium,High,DLP leaver process access review,2026-04-01
T-007,DDoS against customer-facing services,DoS,NCSC advisory,Hacktivist or extortion DDoS,T1498 T1499,Medium,Customer portal website,Medium,Medium,CDN/L7 protection rate limiting,2026-04-01
T-008,Data leakage via misconfiguration,Misconfiguration,Cloud security reports,Open cloud buckets DBs accidentally exposed,T1530,Medium,Cloud storage databases,Medium,High,IaC scan least-privilege account guardrails,2026-04-01
T-009,Malicious browser extensions,Malware,Chrome advisories,Compromised extensions exfiltrate cookies and session tokens,T1176,Medium,User endpoints,Medium,High,Extension allowlist browser hardening,2026-04-01
T-010,Living-off-the-land attacks,Post-exploit,MITRE reports,Attackers using legitimate tools (PsExec WMI PowerShell),T1059.001 T1021.002,Medium,Windows servers,Medium,High,EDR behaviour rules PowerShell logging,2026-04-01
T-011,Drive-by compromise via watering hole,Web,Google TAG reports,Targeted websites serving exploits,T1189,Low,User endpoints,Low,Medium,Web filter browser patching,2026-04-01
T-012,Physical theft of equipment,Physical,Internal history,Laptop theft from vehicles or travel,N/A,Medium,Laptops mobile devices,Medium,Medium,Full disk encryption remote wipe awareness,2026-04-01