Social engineering: An attacker might use social engineering techniques, such as phishing or pretexting, to trick a user into divulging their login credentials or into performing actions that give the attacker access to the system.
Default or weak passwords: An attacker might be able to gain access to a system by using a default or weak password that has not been changed by the user.
Unsecured physical access: An attacker might be able to gain access to a system by physically accessing an unsecured device, such as a laptop or server, and using the default login credentials or accessing the system through a bootable USB drive.
Unsecured remote access: An attacker might be able to gain access to a system by exploiting vulnerabilities in remote access protocols, such as Remote Desktop Protocol (RDP) or Virtual Private Network (VPN).
Malware: An attacker might be able to gain access to a system by installing malware that gives the attacker access to the system or by exploiting vulnerabilities in the system through the malware.
Misconfigured systems: An attacker might be able to gain access to a system by exploiting misconfigured settings or permissions on the system.