Understanding passive vs. active cyber attacks and their impact

Understanding passive vs. active cyber attacks and their impact RiskXchange The leader in Third-Party Cyber Risk Management

Even with the spate of technological innovations devoted to cybersecurity, we’re still seeing a greater rise in cyber attacks than we are seeing in defensive capabilities. Just last week, a UK-based data analytics agency, Polecat, was held ransom with an estimated 30TB of compromised business records.

Investigations since then have revealed that a server owned by the company was exposing all this data. What’s worse is that this server was not protected by any special authentication access or any form of encryption—something that’s almost inconceivable in this day and age.

Today, we’re all caught hung up on cutting-edge technology and systems we can invest in to protect our resources. The truth is that basic security protocols are just as important as these investments. In the absence of these, passive attacks, like what occurred against Polecat, are not surprising at all.

How do active attacks work?

An active attack involves the hacker using the information collected during a passive attack to infiltrate your data or network. Cybercriminals will mask their identity or pose as someone else to gain access to a restricted area in your network or systems to steal your data.

In an active attack, cybercriminals will attempt to modify the data they have compromised to gain greater access to more restricted and valuable data. This makes an active attack more likely to be discovered compared to a passive attack.

Types of active cyber attacks

Denial of Service

A denial of service (DoS) attack is when an attacker disrupts the routine use of communication facilities. This type of attack can be targeted towards a specific entity, or it can be used to disrupt an entire network by overloading it with messages. This type of attack can have serious consequences, including the disabling of the network and degradation of performance.

Modification of Messages

Modification of messages is an attack on the integrity of the original data. This attack occurs when an unauthorized party gains access to data and then alters or delays it to produce an unauthorized effect. This can include altering transmitted data packets or flooding the network with fake data. A common example of this attack is when a message is changed to allow unauthorized access to confidential information.

Masquerade

A masquerade attack is when an entity pretends to be a different entity to gain access to sensitive information. This attack is particularly dangerous if the authorization procedure is only partially secure. Masquerade attacks can be carried out in various ways, including stealing passwords and logins, finding program gaps, or bypassing the authentication process.

Repudiation

A repudiation attack occurs when a malicious user manipulates data on behalf of others, which can lead to false data being saved in log files. This type of attack can be difficult to detect, leading to severe consequences for the organization. This attack can occur when the network is not completely secured, or the login control has been tampered with.

Replay

A replay attack captures and transmits a message to produce an authorized effect. The attacker aims to save a copy of the original data on the network and then use it for personal gain. Once the data has been corrupted or leaked, it is no longer secure and can be easily exploited by attackers.

How can we safeguard our businesses from active attacks?

Regardless of whether you have experienced incidents where your business data has been compromised, you need to implement certain measures to stay safe against an imminent or active cyber attack.

The protective measures you can implement include:

● Using one-time passwords to authenticate transactions and sessions.

● Implementing a random session key, which is valid for only one transaction.

● Using a Kerberos authentication protocol, which defends your operations against replay attacks with different countermeasures.

● Using cyber risk ratings to keep track of your threat landscape in real-time.

How can passive cyber attacks compromise your data?

A passive attack attempts to access your data via hackers monitoring and scanning your systems for vulnerabilities that will give them this kind of access. This type of attack does not involve data alterations, which, generally, makes it very difficult to detect.

Passive attacks involve pre-meditation. Once criminals gain access to your network, they collect information in several ways. They try to collect as much intelligence to attack your system or network at a later time.

Another indication of passive cyber threats is the installation of a keylogger. This is where an intruder waits for the user to enter their credentials to record them and use them down the line.

Types of passive attacks

Traffic Analysis

Traffic analysis is a form of attack that involves monitoring the communication between two parties to gain insight into the nature of the communication. Even if the information being transmitted is encrypted, an attacker can still determine the location and identity of the communicating hosts, as well as the frequency and length of messages being exchanged. This information can be useful in guessing the nature of the communication that is taking place.

The Release of Message Content

The release of message content is another threat that can compromise the security of a network. This occurs when sensitive or confidential information is transmitted through telephonic conversation, electronic mail, or transfer files. The goal is to prevent an attacker from learning the contents of these transmissions.

How can we prevent passive cyber attacks?

One course of action to safeguard your data from passive attacks is to put in place some level of access control and encrypt the data at rest. If Polecat had any encryption on their abandoned server, for instance, the hackers’ attempt to gain access to their data would not have been so successful.

Today, there are two types of encryption you can leverage. These include:

● Using symmetric keys where the same decryption key is used by both sides. What you need to keep in mind, here, is that you may face issues in exchanging the key, in secret, without threat actors gaining access to it.

● Using public-key encryption where each party involved in the communication has two keys—one public key and one private key.

Another obvious way of keeping your sensitive information safe is to avoid posting data on any public forum. This way, hackers may find it more difficult to gain access to your private networks later.

Set comprehensive cybersecurity strategies in place to block passive and active cyber attacks

Cybercriminals are becoming more and more equipped to infiltrate our operations and gain access to our data.

That’s why it’s a good time for us to look back and expand our awareness when it comes to cybersecurity basics—concepts that are evolving constantly. In doing so, you may be able to add more sophisticated layers to your security strategy and prevent rudimentary breaches from having damaging, irreparable consequences for your business.