CDE an online ticket sales agent, has unwittingly become an accomplice in cyber crime and is suffering attacks on its own business as a result CDE's website was poorly designed and cyber-attackers have managed to inject the site with malware, so that it collects all of CDE's customer log-in information and enables the cyber-attackers to retrieve it.

The cyber-attackers subsequently use this information to set up Botnet agents in the customers' devices which are then used in a Distributed Denial of Service (DDoS) attack whenever very popular tickets are being placed on sale such as international football matches.

The cyber-attackers secure access to a single portal on the site and buy multiple tickets for subsequent sale on the black market while the DDoS causes all other portals to be overloaded preventing real fans acquiring the tickets at face value.

Which TWO of the following apply in this scenario?