Attackers can install malicious code or malware on a victim system when the user visits an infected website without the user having to actively click anything or download a file. This technique exploits vulnerabilities in web browsers, browser extensions or plugins to deliver the malicious payload to the victim's system.

Adversaries can trick, manipulate, or deceive users into installing malicious applications. This can be achieved through fake e-mails / websites / notifications / advertisements. Users believe that they are downloading a legitimate application when in fact they are receiving malware. Although app stores have strict security policies and reviews for published apps, some malicious apps can still bypass these reviews and appear in the official stores.

Products, software, and workflows are initially infected or counterfeited. They are manipulated before reaching the end consumer and are then utilized to gain access to control systems. The ultimate objective is to compromise data or systems once infected products enter the target environment.

The OBD interface is a physical or wireless interface usually used by authorized mechanics or diagnostic equipment to access the vehicle's diagnostic data. Attackers can connect devices to the OBD interface and access and manipulate the vehicle's ECUs to introduce malicious software into the vehicle. This allows attackers to gain access later and even control it remotely.

Malicious code or malware runs when a USB device or memory card is connected. Many computers and devices are configured to automatically run software after connecting a USB device or memory card. The malicious code is executed and attackers can then gain access to a system.