The frequently used vector to gain initial access is phishing attack and deployment of the malware – observed in nearly 43% of cases that SISA investigated. Most often, the phishing emails originate from a trusted ID, making the tactic highly successful.