Modern cyberattack techniques are classified into two broad categories—active and passive attacks. Passive attacks often preempt active ones. While hackers often use a combination of the two, sometimes within a single attack, some distinct differences set these methods apart.
The Anatomy of a Cyberattack
Cyberattacks rely on varied techniques with myriad permutations. However, two broad categories that comprise all methods and help differentiate them are separating techniques according to active and passive attacks. While most types of active attacks target system resources or day-to-day operations, most passive attacks focus on learning and intelligence gathering.
While categorizing the types of passive attacks may seem more innocuous than the types of active attacks, they are often used in tandem to increase their odds of launching a successful assault.
Comparing the Targets of Active and Passive Attacks
Understanding the two types, including which resources they target, is critical to identifying, resolving, and preventing both.
Knowledgeable and motivated hackers use different types of active attacks to target the system resources that drive daily operations. Potential targets include:
- Servers – This includes large-scale data servers, eCommerce servers, and simple web servers.
- User workstations and devices – Active cyberattacks launched against users will commonly target their workstations and devices to gain network access.
- Legacy backup systems – Legacy systems are often attacked via known exploits and vulnerabilities.
In contrast, passive attacks are used during intelligence gathering. This could be a simple learning exercise for the hacker or a part of a much larger scheme. In cases of the latter, an active attack is almost sure to follow. Common targets for passive cyberattacks include:
- Databases – Most types of passive attacks are executed to gather intelligence, but unsecured data may be leaked to the public or ransomed.
- Email servers – Personal messages sent on email servers, instant messengers, and social media are prime targets for modern hackers.
- Network monitors – Hackers use network monitors to analyze traffic flow. Legitimate monitors can be hijacked, or ambitious hackers might use their own.
These attacks are steered directly by the hacker. Active cyberattacks include methods like traditional brute force hacking and standard denial-of-service (DoS) attacks. Although automated programs and scripts can be created to oversee these processes for the hacker, ultimately letting them take a hands-off role, the attacks they execute are still considered active in nature.
Denial of Service
As the name implies, the purpose of a DoS attack is to disrupt, delay, or deny services to a specific website or network-connected resource. These attacks, along with distributed denial of service (DDoS) attacks, are among the easiest and most effective cyberattacks for a hacker to execute.
Ransomware and malware pose an increasing threat for organizations and consumers. Often disguised as legitimate software, these cyberattacks are launched when an unsuspecting victim attempts to use the program.
These types of active attacks have various purposes. Some try to delete critical system files to render a PC or server inoperable. Others, like ransomware, try to encrypt the system and hold it for ransom.
Hackers use masquerade in tandem with other types of active attacks—usually phishing attempts—to increase their odds of success. In these incidents, the hacker or malicious actor impersonates another entity to gain the victim’s trust. Once achieved, the hacker can easily gain access to passwords, critical system files, or, in some cases, confidential information.
Although phishing attacks are generally launched to collect data, such as a user’s login credentials, they are considered active cyberattacks. This is due to the direct interaction required on behalf of the hacker. Phishing attacks pose one of the biggest cyberthreats—especially for those who don’t know how to spot the telltale signs.
Instead of modifying or disabling critical system resources, passive cyberattacks are purely educational. Whether or not the gathered network and system insight is meant for nefarious purposes is up to the individual hacker. Still, most passive attacks are conducted in preparation for a much larger, active attack.
Since they never outright modify or destroy system resources, general data breaches are considered passive cyberattacks. They might happen alongside an active attack, and active attacks might be based on specific data breaches, but the release of information itself is a passive cyberattack.
Also known as eavesdropping, traffic monitoring is amongst the most popular types of passive attacks. These attacks are wholly inane and meant solely for educational purposes in some cases. Other cases, however, might be a precursor for attacks to come.
If you’re currently using traffic monitoring software for legitimate purposes, a hacker might try to hijack the software that’s already in place. If that’s not an option, most won’t hesitate to use their own solutions.
Responding to Cyberattacks Quickly and Efficiently
Understanding the different types of cyberattacks, including the differences between active and passive attacks, makes it easier to address ongoing attacks while supporting future planning and preparation.
For more information on the cyber threats currently facing your organization, contact RSI Security today.