- Insider Threats: Employees or contractors who have access to sensitive information or systems can be a major source of intelligence for adversaries.
- Social Engineering: Adversaries may use social engineering techniques, such as phishing or pretexting, to obtain information or access to systems.
- Exploitation of Publicly-Available Information: Adversaries may exploit publicly available information, such as social media posts, financial disclosures, or job listings, to gather intelligence on individuals or organizations.
- Compromised Systems: If adversaries have compromised a system, they may be able to collect information on user activities, network traffic, or stored data.
- Unsecured Networks: Adversaries may be able to eavesdrop on unencrypted network traffic or gain unauthorized access to networks through vulnerabilities in network devices or protocols.
- Outdated Software: Software that is not up-to-date may contain vulnerabilities that adversaries can exploit to gain unauthorized access to systems.
- Phishing: Adversaries often use phishing emails, texts, or social media messages to trick people into clicking on malicious links or providing sensitive information.
- Malware: Adversaries may use malware to infect computers and collect sensitive information, such as passwords and credit card numbers.