Today, the following attacks are the most common:

Risks to Internet-based services (including cloud services of third parties)
Here, the vulnerability of companies or cloud services or other Internet-based services is exploited to adequately protect against known threats.

Phishing and social engineering-based attacks
Attackers entice legitimate users with correct credentials to perform actions that open the door to unauthorized users and allow them to transmit information and data to the outside world (data exfiltration).

Password compression
Unauthorized users use software or other threat techniques to discover passwords in order to gain access to confidential systems, data or assets.

Fake information exploitation
Users disseminate and misuse information or data.

Network-related and man-in-the-middle attacks
Attackers can eavesdropon unsecured network traffic or redirect or disrupt traffic because messages inside and outside an organization’s firewall are not encrypted.

Supply chain attacks
Partners, suppliers, or other third-party assets or systems (or code) are impacted.

Denial-of-service (DoS) attacks
Attackers overwhelm enterprise systems and cause a temporary shutdown or slowdown.

Ransomware
This software infects enterprise systems and restricts access to encrypted data or systems until a ransom is paid to the perpetrator.