Infringement
Codebase Integrity Compromise
Data Loss
Delegated Execution via Artificial Intelligence Agents
Denial of Service
Digital Defacement
Disruption of Business Operations
Excessive Personal Use
Exfiltration via Email
Exfiltration via Media Capture
Exfiltration via Messaging Applications
Exfiltration via Other Network Medium
Exfiltration via Physical Medium
- Exfiltration via Bring Your Own Device (BYOD)
- Exfiltration via Disk Media
- Exfiltration via Floppy Disk
- Exfiltration via New Internal Drive
- Exfiltration via Physical Access to System Drive
- Exfiltration via Physical Documents
- Exfiltration via Target Disk Mode
- Exfiltration via USB Mass Storage Device
- Exfiltration via USB to Mobile Device
- Exfiltration via USB to USB Data Transfer
Exfiltration via Screen Sharing
Exfiltration via SMS/MMS
Exfiltration via Web Service
External Credential Sharing
Harassment and Discrimination
Inappropriate Web Browsing
Installing Malicious Software
Installing Unapproved Software
Internal Credential Sharing
Misappropriation of Funds
Non-Corporate Device
Providing Access to a Unauthorized Third Party
Public Statements Resulting in Brand Damage
Regulatory Non-Compliance
Sharing on AI Chatbot Platforms
Theft
Unauthorized Changes to IT Systems
Unauthorized Presence in Restricted Physical Areas
Unauthorized Printing of Documents
Unauthorized VPN Client
Unlawfully Accessing Copyrighted Material
- ID: IF033
- Created: 26th April 2026
- Updated: 26th April 2026
- Contributor: The ITM Team
Digital Defacement
Digital defacement occurs when a subject deliberately alters, replaces, or manipulates content across organizational digital assets without authorization. This includes public-facing platforms such as corporate websites and social media profiles, as well as internal systems such as intranet portals, knowledge bases, or collaboration environments.
The behavior is characterized by the compromise of trusted communication channels, where legitimate content is modified to display unauthorized messaging, misleading information, or reputationally damaging material. In some cases, defacement may be overt and disruptive; in others, it may be subtle, designed to misinform, undermine trust, or facilitate further insider activity.
Subsections (4)
| ID | Name | Description |
|---|---|---|
| IF033.004 | Internal Knowledge Base and Documentation Tampering | A subject alters content within internal knowledge repositories, including wikis, technical documentation, runbooks, or policy libraries. These modifications may appear legitimate at a glance but introduce inaccuracies, omissions, or misleading instructions that affect how tasks are performed across the organization.
This form of defacement is often subtle and persistent, making it difficult to detect without version control analysis or user reporting. The impact is typically operational rather than immediate, degrading process integrity, increasing the likelihood of errors, and potentially introducing security or compliance risks through the use of compromised guidance. |
| IF033.003 | Intranet Defacement | A subject modifies content within internal-facing platforms such as intranet portals, employee dashboards, or internal web services without authorization. This may involve altering announcements, internal communications, or shared resources that the organizational population relies on for accurate information.
Although not publicly visible, intranet defacement can have significant operational consequences. The subject may introduce misleading or false information that disrupts workflows, causes confusion, or undermines confidence in internal systems. |
| IF033.001 | Public Website Defacement | A subject alters or replaces content on externally accessible organizational websites without authorization. This may include homepage takeovers, modified text or imagery, injected messages, or redirection to external domains. The behavior typically targets high-visibility assets and is often designed to be immediately noticeable to customers, partners, or the general public.
Public website defacement is frequently used to signal grievance, ideological positioning, or dissatisfaction, but may also serve as a precursor or distraction for other malicious activity. The impact extends beyond the technical compromise, affecting brand perception, stakeholder confidence, and potentially triggering regulatory or contractual consequences depending on the nature of the content displayed. |
| IF033.002 | Social Media Profile Defacement | A subject gains control of, or misuses legitimate access to, official organizational social media accounts to post, modify, or remove content without authorization. This includes publishing unauthorized messages, altering profile information such as names, bios, or images, and deleting legitimate communications. The behavior leverages the speed and reach of social platforms to rapidly influence public perception.
Unlike traditional defacement, this activity may blend into normal operational use, making attribution and detection more challenging. The subject may post misleading, inflammatory, or false information, creating confusion among followers and stakeholders. The resulting impact can include reputational damage, misinformation propagation, and loss of trust in official communication channels. |