Delivery is the first moment the attack crosses into the target's environment, and the first real detection opportunity. Email remains the dominant vector: phishing and spear phishing campaigns are tailored using reconnaissance data to appear convincingly legitimate. Other delivery methods include drive-by downloads from compromised websites, watering hole attacks, physical USB drops, and supply chain compromises where malware is embedded in trusted software updates. Defending this phase requires layered email filtering, web proxies, endpoint protection, and ongoing user awareness training to help employees recognize and report suspicious communications before damage is done.
These are listed in order of most to least common.