▶11 - Malware3
▶1.1Malware variants17
▶1.2Malware-as-a-service (MaaS)2
▶1.3Malware development, support and delivery11
▶22 - Vulnerabilities and Exploits2
▶2.1Vulnerabilities11
▶2.2Exploit development1
▶33 - Malicious Infrastructure3
▶3.1Infrastructure-as-a-service (IaaS)4
·3.2Legitimate infrastructure repurposed for malicious activity
·3.3Dedicated criminal infrastructure
▶44 - Fraud, Identity Theft and Unauthorized Access7
▶4.1Fraud supply chain monetization15
▶4.2Compromised data or access6
▶4.3Account takeover (ATO)4
▶4.4Social engineering6
▶4.5Access control bypass1
▶4.6Artificial intelligence (AI) fraud2
▶4.7Access classification2
▶55 - Adversary Tactics and Activities5
▶5.1Pre-attack tactics2
▶5.2Post-attack tactics12
▶5.3Physical attack techniques against systems3
·5.4Insider threat tactics
▶5.5Information compromise or disclosure tactics6
▶66 - Threats Impacting Industry or Region2
▶6.1All sectors and industries13
▶6.2All geographic regions9