Modern technological innovations have disrupted the ways with which organizations operate. Companies are transitioning to the cloud at a faster pace. And in doing so, transforming their application landscape with cloud-native microservices and SaaS solutions. These shifts have greatly expanded the attack surface while introducing innumerable blind spots, all making organizations much more vulnerable today than ever in the past. As publicly accessible applications become more widespread, users are exposed to an expanding array of threats. And organizational security readiness has become a board-room conversation at a much higher frequency than ever before.  

Therefore it has become increasingly important for security professionals to identify and understand the most common ways that cyber attacks occur.  

Common threats that take organizations by surprise 

 
Denial-of-service (DoS)

DoS attacks are among the simplest in a complex hierarchy of potential threats. They work on the principle of making a device so busy that it can’t perform its job. Any networked device has a certain level of capacity that it’s able to use when connected. Throttling the bandwidth results in little to no traffic and causes the application or device to fail. 

A simple DoS attack can be perpetrated by a networked device focusing all of its available capacity onto another networked device with less capacity. While destructive, the target can track where the attack originated and take action, either legally or via counterdefense.  

Distributed Denial-of-service (DDoS)  

With DDoS attacks, instead of using a device to send traffic, the attacker takes control of a group of exploited nodes to perform the attack. The path to the attacker is thus indirect, and much harder to trace. Malware.  

Malware, otherwise known as malicious software, includes attack methods such as snippets of code injection, viruses, worms, rootkits, spyware, Trojans, spam, and adware. These methods differ from others in operation but exploit some part of a targeted system—including the users. 

Reconnaissance attacks are data-gathering attacks that happen in both logical and physical systems. Data gathering exfiltration occurs via snooping network traffic or through social engineering means like phishing. Some common examples of reconnaissance attacks include packet sniffing, ping sweeping, port scanning, etc. The logical form of reconnaissance port scans is a return of data through an IP address that was listening on port 443 for HTTPS traffic which allows the hacker to know that they can attempt exploitation geared towards HTTPS. 

Malware

Malware, otherwise known as malicious software, includes attack methods such as snippets of code injection, viruses, worms, rootkits, spyware, Trojans, spam, and adware. These methods differ from others in operation but exploit some part of a targeted system—including the users. Reconnaissance attacks are data-gathering attacks that happen in both logical and physical systems. Data gathering exfiltration occurs via snooping network traffic or through social engineering means like phishing. Some common examples of reconnaissance attacks include packet sniffing, ping sweeping, port scanning, etc.  The logical form of reconnaissance port scans is a return of data through an IP address that was listening on port 443 for HTTPS traffic which allows the hacker to know that they can attempt exploitation geared towards HTTPS. 

It is indeed a pipe dream to believe that an organization's network infrastructure is safe and protected. What then becomes important is to focus on deploying a security defense solution that can identify a broad range of malicious threat vectors by maintaining visibility into North-South Traffic and East-West traffic. While a well-designed network security infrastructure has multiple levels of protection and includes solutions that are both broad and narrow in their field of view, there is a need for the deeper inspection of threats which includes understanding relationships between different indicators of compromise. The basic idea behind deeper inspection is that it allows for the hyper aggregation of events from all endpoints, and provides a more precise line of sight into the lateral movements of threats.