What is a Passive Attack?
A passive attack refers to an unauthorized attempt to covertly access and monitor network traffic, without actually manipulating or modifying the data. The primary goal of this type of cyberattack is to quietly gather sensitive information, such as private login details, personal data, financial information, or other confidential data, without raising any suspicion. Passive attacks involve monitoring and scanning systems for open ports and vulnerabilities, allowing cyberattackers to intercept information without changing it. A passive attack contrasts with an active attack, where a cyberattacker attempts to alter data on the target system, or to alter target system data that is in transit. Passive attacks are difficult to detect, compared with active attacks, since they don’t directly interfere with the normal functioning of the system or network.
Passive attacks involve the use of malicious software including computer viruses, worms, Trojan horses, ransomware, and spyware. Some formats of passive attacks include:
Eavesdropping. Eavesdropping attacks involve a third party listening to, and possibly recording, messages being exchanged over a network in real-time. Eavesdropping attacks often involve a cyberattacker stealing a target’s credentials when they are connected to a public Wi-Fi.
Dumpster Diving. Dumpster diving refers to threat actors searching through discarded paperwork or deleted records of an individual or company system with the hopes of finding sensitive information that can be used for cyberattacks, such as passwords or log-in details.
Wardriving. Wardriving, also referred to as Access Point Mapping, involves cyberattackers driving around to find unprotected wireless local area networks (WLANs) to access either their Wi-Fi or their private documents.
Packet Sniffing. In a packet sniffing passive attack, cyberattackers install hardware or software that monitors all data packets sent over a network. The attacker monitors data traffic without interfering in the exchange process.
Footprinting. Footprinting involves gathering information about the target system through openly available sources. Digital footprints include data trails left behind after surfing the web, such as IP addresses. This information can be used to search for more details that will expose the target network’s weak points, which can then be exploited to execute a cyberattack.
Traffic Analysis. Traffic analysis involves looking over large amounts of exchanged information to determine a communication pattern. This can help a cyberattacker to gather information about the users of that network, that can be used to execute a cyberattack.
The following tips can help prevent passive attacks:
- Use an Intrusion Protection System (IPS)
- Encrypt sensitive data
- Avoid entering credentials or sensitive data on public Wi-Fi
- Use firewalls
- Keep computer screens locked
- Shred paperwork containing sensitive data