In the early 2000s, the Internet meant being able to connect different communication devices, whereas the focus in the last few years is on connecting “things” to the Internet. Although there is no distinct classification for these devices and things on the Internet, the Internet of Things (IoT) ecosystem primarily consists of a complex network of devices, sensors, and things. These “things” are controlled by humans and utilize the existing cloud infrastructure. These devices provide facilities and benefits to make our lives comfortable. IoT domains include smart homes, healthcare, manufacturing, smart wearables, smart cities, smart grids, industrial IoT, connected vehicles, and smart retail. Different IoT models involve human-to-IoT, IoT-to-IoT, IoT-to-traditional systems architectures. In most scenarios, the architecture ends up connecting to the unsecured Internet. This has thrown open several critical issues leading to cybersecurity attacks on IoT devices. IoT communications, protocols or the architecture were never been conceptualized to handle the new age cybersecurity attacks. IoT devices have limited compute, storage, network, or memory. In this research, the authors present a unique IoT attack framework named IAF focusing on the impact of IoT attacks on IoT applications and service levels. The authors also proposed an all-inclusive attack taxonomy classifying various attacks on IoT ecosystems.