In passive attacks, hackers monitor and scan systems for vulnerabilities or entry points that allow them to intercept information without changing any of it. In an active attack, hackers attempt to modify the integrity and availability of the information they have intercepted—with the goal of gaining access or greater privileges. Simply put, hackers may use data they have gathered during passive attacks to compromise a target in an active attack.
The internet is full of risks! Whenever you go online, there is a possibility that you will encounter a risk. Within that range of risks, there are different types of computer threats with varying associations of damaging effects. For example, some threats may damage or corrupt your installed operating system and force you to reinstall it. Another type may steal your credentials and saved passwords. Still other threats may not bring any harm to your PC; instead, they will track your online activities and invade your privacy.
Today, criminals are smarter than ever before, and malicious programs are more sophisticated. Modern malware can infect a target PC and remain undetected for a long time, the advance of computing power makes it possible to crack difficult passwords in a fraction of seconds. The motive behind the majority of cyberattacks nowadays is not to damage your machine, but instead to steal your money, to access your private information, or to acquire your login credentials. Conceptually, cybersecurity risks can be divided into two main categories: passive and active attacks, in this article, we will briefly talk about the difference between these two types and give some illustrative examples for each one.
In a passive attack, an intruder monitors a system and network communications and scans for open ports and other vulnerabilities. For example, they might exploit an unpatched system or take advantage of an expired certificate on a security device (In fact, the Equifax data breach was a aided by an expired certificate that wasn’t discovered by the company’s security team).
Once the intruder has infiltrated the network, they can collect information in a couple of ways. In a footprinting passive attack, the intruder will try to collect as much intelligence as they can to use it later to attack the target system or network in a later step. An example is when an intruder records network traffic using a packet analyzer tool, such as Wireshark, for later analysis.
Installing a keylogger is another sort of passive attack, where an intruder waits for the user to enter their credentials and records them for later use.
The two most common use cases of passive attacks are:
Other types of passive attacks include “passive reconnaissance,” where an attacker tries to gain important information about the target organization connected to the internet without sending any traffic (packets) to the target server or network. An example of such type of attack include browsing a website contents for relevant information (such as employee contact information) that can be used in active attacks or finding files that have been left unprotected on a target server, such as meeting papers or intellectual property.
Detecting a passive attack is very difficult and impossible in many cases because it does not involve data alteration in any way. However, you can implement protective measures to stop it, including:
An active attack involves using information gathered during a passive attack to compromise a user or network. There are many types of active attacks. In a masquerade attack, an intruder will pretend to be another user to gain access to the restricted area in the system. In a replay attack, the intruder steals a packet from the network and forwards that packet to a service or application as if the intruder were the user who originally sent the packet. Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks are also examples of active attacks, both of which work by preventing authorized users from accessing a specific resource on a network or the internet (for example, flooding a web server with more traffic than it can handle).
Unlike a passive attack, an active attack is more likely to be discovered quickly by the target upon executing it. The following are some protective measures against this type of attack:
Figure 2 - Demonstration of Active attack (Modification of a message)
Cybersecurity risks can be broadly segmented into two types: passive and active attacks. In a passive attack, no modification of data occurs and the target does not know about its occurrence, unless they have a system that monitors and protects machine identities. In an active attack, system resources and data are modified or otherwise damaged system, affecting its normal operations. Although a user will more likely become aware of an active attack than a passive one, the root cause of active attacks are hard to determine without proper monitoring and protection of human and machine identities.