ITM is an open framework - Submit your contributions now.

Insider Threat Matrix™

  • ID: IF026
  • Created: 01st August 2025
  • Updated: 01st August 2025
  • Contributor: The ITM Team

Denial of Service

Denial of Service (DoS) refers to any action taken by a subject to intentionally disrupt the availability or performance of critical systems, applications, or services within the organization. These disruptions may be temporary or sustained and can serve as a cover for other malicious activity, an expression of protest, or an act of sabotage.

Subsections

ID Name Description
IF026.002External Denial of Service

The subject initiates or facilitates a denial of service attack targeting public-facing organizational services, such as corporate websites, client portals, or externally accessible APIs, through external means. This may include direct volumetric attacks, abuse of known application logic weaknesses, or orchestration of resource exhaustion via cloud interfaces or third-party integrations. In some cases, the subject may coordinate with external actors to mask attribution, prolong disruption, or cause reputational damage.

IF026.001Internal Denial of Service

The subject initiates actions that degrade, overwhelm, or disable internal services, applications, or systems, denying legitimate access. These incidents may involve:
 

  • Excessive or malformed queries to internal databases
  • Overuse of automated scripts against internal APIs or systems
  • Misconfiguration or manual tampering with internal service dependencies (e.g., message queues, schedulers)
  • Saturation of internal network bandwidth or I/O on shared infrastructure