Malware is designed to infect target systems, to the detriment of users. It might spread through means such as malicious email attachments and hijacked network communications protocols (e.g., Server Message Block in the case of WannaCry).
2. Potentially unwanted programs (PUPs)
PUPs are similar to malware but generally more subtle in their designs. For example, instead of presenting the dramatic demands of ransomware, a PUP might simply linger in the background and log keystrokes, with the intent of capturing credentials. Alternatively, it might monitor your browser cookies and hard drive in order to serve you annoying targeted ads.
Unlike malware or PUPs, phishing lets the target do most of the work. A phishing attempt usually happens via email, with instructions for the recipient to click a link, send money to a bank account or supply sensitive information such as a username-password combo. Nothing is installed.
4. Brute-force attacks
Such attacks are exactly what they sound like: The use of raw computing power and automation to repeatedly guess a login until successful. Brute-force campaigns are often supported by massive botnets.
5. Outdated and unpatched software
Software that’s not up-to-date is a magnet for exploitation. Just ask Equifax. An unpatched vulnerability in its Apache Struts web framework led to the breach of 145 million social security numbers, addresses, driver’s license numbers, and credit card numbers.