Halloween is Thursday, but if you work in a security operations center, you might feel like every day is All Hallows’ Eve considering the level of dread that can greet you at any moment.

The truth is that you’re probably not seeing the real scary stuff that your adversaries have to offer  – why use a flashy zero-day exploit when something far more rudimentary works just as well – but that doesn’t mean hacks, breaches and other incidents have slowed in 2019.

Your enemies are organized, resourceful and innovative. They are also smart, meaning they would much prefer to take the path of least resistance, choosing targets of opportunity versus exerting costly effort. And that is why many familiar threats are still finding high success rates: While their characteristics evolve and capabilities are tweaked, these threats largely rely on misconfigurations, human error and other tenets of lax security. 

That doesn’t make them any less frightening. 

Here is a list of five threats that are still sending chills up the spines of security operations professionals.

1) Ransomware

Ransomware attacks have been steadily increasing over the past five years, and the widespread NotPetya and WannaCry attacks of a couple of years ago only cemented their seriousness. While destructive global outbreaks such as those two have thankfully slowed, ransomware incidents have not. According to McAfee, targets are increasing against virtually every industry, most notably hospitals and local governments. The latest attacks are being marked by growing sophistication, as hackers develop new variants like Ryuk, which contains command-and-control elements. In some cases, ransomware is dropped as part of an initial attack from botnet malware, such as Emotet.


2) Phishing & Social Engineering

Email-based attacks remain the primary vehicle by which malicious hackers compromise your defenses. Whether it’s to pilfer credentials, steal money, install malware or establish an initial foothold on a target network, these dubious dispatches are growing more nefarious because of their personalization. And according to a new study from Akamai, phishing is “no longer just an email-based threat, but has expanded to include social media and mobile devices, creating a wide-reaching problem that touches all industries.” Arguably the most lucrative subset of phishing attacks are business email compromise (BEC) attacks, in which fraudsters impersonate senior executives. BEC has cost companies billions of dollars over the last half of this decade.

3) Web Skimming Malware

One of the arguably less heralded but most impactful threats of recent months is Magecart, which references multiple cybercriminal groups that target e-commerce companies and other industries to compromise their websites and implant digital credit card-stealing skimmers via malicious JavaScript. The campaigns have become so pronounced, yet less conspicuous than other threats, that the FBI was compelled to issue an alert.

4) Supply Chain Attacks

While your security may be in check, your business likely relies on third-party providers and suppliers to survive, from keeping the lights on to distributing your product and growing profits. Attackers infiltrating your network via outside partners has become a common starting point for high-profile breaches. From cloud and collaboration platforms to HVAC vendors, your supply chain runs the gamut. And as worries over IoT and industrial control attacks worsen, businesses like yours will need to ensure appropriate controls are being implemented, including for detection and response.

5) Brute Forcing & Credential Stuffing

Security firm McAfee has spotted a significant uptick in brute-force attacks targeting remote desktop protocol (RDP) and server message block (SMB) protocols.  “Significant traffic originating on the SMB protocol has been detected targeting various machines in an attempt to exploit them and gain access,” the company said. Meanwhile, credential stuffing, considered a subset of brute-force attacks, involves automated login attempts, largely using stolen usernames and passwords – a product of the billions of records breached.


Once businesses accept that these threats will only continue, they need to think about how to best bolster response. Security orchestration, automation and response (SOAR), via playbooks, can help streamline the triage process for all of these menaces and enable your analysts to more efficiently and effectively deal with their growing volume. 

 Dan Kaplan is director of content at Siemplify.