The specific type of attack that is attempted depends on where the weaknesses are and where the baddies THINK the weaknesses are.

Could the specific type of attack that happened in 2001 recur? I don't think it could, since now there are multiple overlapping controls to prevent that.

I don't think it's useful to discuss where we think weaknesses still exist. A critical mindset we need to adopt, whether it's physical security, logical security, or even business continuity is to think about this from the perspective of 'what has nobody ever thought of?'.

To be more specific, things fail, quite often, due to a 'failure of imagination'. This means you need to not only harden the targets for the risks/threats you know about, but also THINK about what nobody ever dreamed someone would do.

There's a saying 'it's so stupid it just might work' which very much applies.

To use a sports analogy, we have to adopt a 'zone' defense, considering a wide array of attack vectors, and be careful relying too much on a 'man to man' defense thinking we know what the most likely attack will be.