Threat Actors may leverage databases to mine valuable information. These databases may be hosted on-premises or in the cloud (both in platform-as-a-service and software-as-a-service environments).
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.