Threat actors may attempt to exploit a weakness in an Internet-facing host or system to initially access a network. The weakness in the system can be a software bug, a temporary glitch, or a misconfiguration.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.