The Internet of Things (IoT) offers many opportunities for the industrial and private sector through its various functionalities. However, the omnipresent deployment of computing devices also introduces many possibilities for attackers.In order to understand the threats in the IoT environment,it is necessary to establish a common terminology. Previously proposed taxonomies are either ambiguous or cover the IoT only partially and are therefore not applicable. It is also not sufficient to use existing security taxonomies for computer systems as they do not consider the cyber-physical aspect of IoT systems. We propose a taxonomy for IoT threats that is based on the attacked layer and fundamental security principles. Our naming scheme enables an accurate and future-proof description of threats,as well as consistent future extensions. Our taxonomy enables classifying and comparing different IoT attacks with regards to violated security goals and functionalities. We validate our approach based on existing taxonomy and attack descriptions.