From Verizon's 2011 Data Breach Investigations Report (p. 26)
Table 8. Top 15 Threat Action Types by number of breaches and number of records
Category Threat Action Type Short Name Breaches Records
1 Malware Send data to external site/entity SNDATA 297 1,729,719
2 Malware Backdoor (allows remote access / control) MALBAK 294 2,065,001
3 Hacking Exploitation of backdoor or command and control channel HAKBAK 279 1,751,530
4 Hacking Exploitation of default or guessable credentials DFCRED 257 1,169,300
5 Malware Keylogger/Form-grabber/Spyware (capture data from user activity) KEYLOG 250 1,538,680
6 Physical Tampering TAMPER 216 371,470
7 Hacking Brute force and dictionary attacks BRUTE 200 1,316,588
8 Malware Disable or interfere with security controls DISABL 189 736,884
9 Hacking Footprinting and Fingerprinting FTPRNT 185 720,129
10 Malware System/network utilities (PsTools, Netcat) UTILITY 121 1,098,643
11 Misuse Embezzlement, skimming, and related fraud EMBZZL 100 37,229
12 Malware RAM scraper (captures data from volatile memory) RAMSCR 95 606,354
13 Hacking Use of stolen login credentials STLCRED 79 817,159
14 Misuse Abuse of system access/privileges ABUSE 65 22,364
15 Social Solicitation/Bribery BRIBE 59 23,361
Honorable Mention at #16
16 Hacking SQL Injection SQLINJ 54 933,157