It's a war zone out there. In the seemingly endless game of cyber cat and mouse, accurate intelligence remains the best tool for beating attackers at their own game.\nHere's an analysis of today's six top network threats and tips for how to identify and quash them.\n1. Ransomware\nRansomware is easily the greatest network threat, since it gives attackers the biggest bang for the buck with a relatively low probability of getting caught. "There's also a low bar in the skill category to break into this sort of thing," says Andy Rogers, a senior assessor at cybersecurity and compliance firm Schellman. "There are plenty of Ransomware-as-a-Service (RaaS) businesses that will be more than willing to ensure you have the tools you need to unleash a ransomware campaign."\n\nThese "service-providers" face minimal risk, since they themselves aren't launching any attacks. "It\u2019s a pretty sweet deal for them," he says. Additionally, the payment comes in the form of cryptocurrency, so they are difficult to track.\nRansomware has become one of the world's most profitable criminal industries due to its cloak of anonymity and potentially high payout. "Many of the recent high profile supply chain attacks, like Colonial Pipeline in 2021, have been ransomware attacks where hard disk drives (HDDs) and solid state drives (SDDs) were encrypted and the hackers used them to demand ransoms for upwards of $4.4 million in cryptocurrency," Rogers notes.\nEstablishing solid security policies and procedures, including security awareness training, is the best way to avoid becoming a ransomware victim. Rogers recommends monthly system and applications patching, as well as segregating vulnerable systems that can\u2019t be patched from critical systems and data. "Maintain regular \u00a0backups of your data and do it in such a way that they can\u2019t be written to by ransomware," he adds.\u00a0\n\u00a02. Zombie botnets\nZombie botnets are created to execute specific malicious actions, such as distributed denial-of-service (DDoS) attacks, keylogging, and spamming. "Such threats are potentially devastating because they can be used to do things like steal your identity or cripple an entire network with a single attack," says Eric McGee, senior network engineer at data center services provider TRG Datacenters.\nEach computer in a botnet is described as a zombie due to the fact that the computer\u2014and its owner\u2014are unaware that the machine is dutifully and mindlessly performing malicious actions. Smart Internet of Things (IoT) devices are particularly tempting targets for zombie botnet attacks.\n"It can be easy to overlook the security of your IoT devices ... but such devices are often the easiest way that attackers gain access to your system," McGee cautions. He suggests guarding against zombie botnets on IoT networks by restricting each device's ability to open inbound connections and requiring strong passwords on all connected accounts.\n3. Outdated processes and policies\nAntiquated and siloed manual processes and policies pose a serious, albeit largely self-inflicted, threat to network security. "The number of emerging vulnerabilities and potential exploits is increasing exponentially," says Robert Smallwood, technology vice president at General Dynamics (GDIT). "An organization\u2019s processes and policies need to enable agility and speed so that the organization can pivot and respond rapidly and automatically to emerging threats."\nOrganizations that have fallen behind or even completely neglected enterprise modernization and refresh processes risk being saddled with a technical debt that can expand a network\u2019s attack surface.\nMany enterprises continue to struggle under rigid and outdated policies while failing to take advantage of the automated hybrid complex environments that make up a modern network, Smallwood notes. "Additionally, many organizations provide policy exceptions for legacy protocols or equipment without sufficiently providing threat mitigation, circumventing security measures such as multifactor authentication," he adds.\nCritical processes should be regularly reviewed as a fundamental change management task. "As network-impacting changes are made, the related processes and policies need to be assessed," Smallwood says. For some organizations, this may require an evaluation of all network-related processes. "In such cases, it\u2019s best to start with your typical IT service management practices ... as well as any processes that heavily rely on manual activities."\n4. Man-in-the-middle attacks\nIn a man-in-the-middle (MTM) attack, a third-party intercepts communication between two unsuspecting parties in order to eavesdrop on, or alter, exchanged data. It's a task that can be accomplished in several ways, such as by spoofing IP addresses, using a malicious proxy server, or via Wi-Fi eavesdropping.\nAn MTM attack can be relatively simple, such as sniffing credentials in order to steal usernames and passwords. On a higher level, MTM can be employed to create a sophisticated subterfuge that redirects victims to a bogus, yet highly realistic website that's designed to achieve a particular nefarious goal.\nIn any of its forms, an MTM attack can be devastating, since once inside a network an intruder can attack laterally, starting in one part of the network then discovering vulnerabilities that will allow them to migrate to other areas.\n"Since attackers are logging in with 'valid' credentials, it's often difficult to detect the intrusion, so they have time to work their way deeper into the network," says Benny Czarny, CEO of OPSWAT, a firm that specializes in in protecting critical infrastructure networks.\nMTM attacks are often overlooked and underestimated, says Keatron Evans, principal security researcher at security training firm Infosec Institute. "People think [the threat] can be fixed with encryption of data in transit, but this only addresses a small part of the problem," he says.\nAnother misconception is that network-based threats will magically go away as soon as an organization migrates to a cloud service. "It\u2019s simply not true," Evans warns. "Stay diligent even when you\u2019ve migrated to a cloud service.\u201d\nTo ward off MTM attacks, Evans recommends adding port-based security with DHCP snooping and dynamic Address Resolution Protocol (DARP) inspection, as well as upgrading to IPv6 as soon as possible. He also suggests replacing ARP, one of the primary enablers of network-based man-in-the-middle attacks, with a newer protocol called Neighbor Discovery Protocol (NDP).\n5. Business Email Compromise\nBusiness email compromise (BEC) is a serious network threat faced by enterprises of all sizes in all industries. "As companies increasingly adopt conditional access policies, like single sign-on, BEC fraud grows in reach and financial impact," says Jonathan Hencinski, director, threat detection and response at Expel, a managed detection and response cybersecurity company.\nBEC attacks lead directly to credential compromise. The most difficult type of attack to detect is one where the attacker is entering through the front door with valid credentials. BEC attackers use VPNs and hosting providers to bypass conditional access policies.\n"A common approach for these types of attacks is to use legacy protocols to bypass multi-factor authentication (MFA) in Office 365," Hencinski says. "Once an attacker has compromised credentials and is in-network, they can gain access to critical controls and sensitive information across the organization."\nBEC attacks can strike any network at any time. "Since 2019, we\u2019ve seen a 50% increase in the use of VPN services and hosting providers to access compromised accounts," Hencinski says. "Using these services allows attackers to bypass conditional access policies that deny log-ins from certain countries by geo-IP records."\nDetecting BEC attempts is a straightforward three-step process. "The first step is e-mail inspection to prevent and detect phishing e-mails trying to steal employee credentials and to spot when a threat actor uses an employee\u2019s account to send phishing e-mails," Hencinski says. The second step is authentication monitoring to detect use of stolen credentials. "The third is account monitoring to detect hallmark signs of BEC account takeover," he notes.\n6. Tool sprawl\nTool sprawl, with IT and network leaders struggling to manage dozens of different network-protection technologies, can make the goal of becoming an attack-proof enterprise harder to achieve. The cyber-complexity caused by tool sprawl, and lack of easy cybersecurity management, can leave IT and security teams open to devastating cyberattacks, warns Amit Bareket, CEO and co-founder of network security service provider Perimeter81.\nBareket points to a study his organization recently conducted that found that 71% of CIOs and related executives believe that a high number of cyber tools makes it more difficult to detect active attacks or defend against data breaches.\nKeith Mularski, managing director of cybersecurity at EY Consulting, says that adhering to basic security practices remains the best way to protect against all types of network threats. "Isolate mission-critical systems and networks from the Internet and tightly control who or what has access," he advises.\nTrust nothing and segment everything across your operational systems, Mularski recommends. "Make sure you avoid "implicit trust" -- everything and everyone accessing your network should be authenticated, no matter where they are, when they access it, or who they are."\nTo enhance preparedness, Mularski also suggests running scheduled simulations. "Like an athlete, you want your team to increase their muscle memory and execute on response procedures quickly and more intuitively in the event of a breach or incident."