Threat actors may manipulate or compromise products or product delivery mechanisms before the customer receives them in order to achieve data or system compromise.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.