Mitre has released v1 of the EMB3D threat model, providing a comprehensive framework for understanding how embedded devices are exploited.
Many similarities with IT, however also some unique considerations such as inadequate bootloader protection, unauthenticated firmware installation, firmware/software update secrets extraction and such, and the elephant in the room: “device vulnerabilities unpatchable”.
Threat actors frequently target known vulnerable devices that cannot be patched (perhaps due to availability requirements), or for which there are no patches available. Cybersplice shields vulnerable devices inside an encrypted overlay network, disrupting the kill-chain for such attacks
Also interesting to see a number of side-channel attacks, mostly in the hardware domain, but also touching on network stack and application code.