Partner
Cyber attacks involve the unauthorized access of private or confidential information contained on computer systems or networks, but the techniques and methods used by the attacker further distinguish whether the attack is an active cyber attack, a passive type attack, or some combination of the two. According to Symantec, both active and passive cyber attack types are defined by unique characteristics and techniques, and each type of attack presents unique challenges to victims, system users, system administrators and cybersecurity professionals. Knowing the difference between passive and active cyber attacks can help system users and administrators identify when an attack is taking place so that action can be take to try and contain the attack.
Active attacks are often aggressive, blatant attacks that victims immediately become aware of when they occur. Highly malicious in nature, active attacks often locking out users, destroying memory or files, or forcefully gaining access to a targeted system or network. Viruses, worms, malware, Denial of Service attacks, and password crackers are all examples of active cyber attacks. Usually, hackers that use active attacks are not much concerned with their activities being detected because by the time the attack is detected the damage is already done or is underway.
Passive attacks often employ non-disruptive and covert methods so that the hacker does not draw attention to the attack. The purpose of the passive attack is to gain access to the computer system or network and to collect data without detection. Many data security breaches involving the exposure of credit card and debit card payment information are the result of passive attacks, as are data breaches where the targeted data collected during the attack is user name, passwords and other personal identifying information.
Passive attacks are usually data gathering operations, which means they usually employ some sort of malware or hack that eavesdrops on system communications (i.e., scrubs email for personal identifying information) or records system communications (i.e., keystroke recording malware). Information that is gathered in a passive cyber attack is usually sold on the blackmarket and dark web for the financial gain of whoever perpetrated the passive attack.
There are many hackers that use a combination of active and passive techniques to gain unauthorized access to a system, network, or data. Oftentimes, a passive information gathering technique will be used first, and then once desired data has been collected, the hacker often launches an active attack to make a point or to accomplish some other goal. For instance, it is not uncommon for a hacker to acquire login credentials using a passive attack technique, and then actively access the system to wreck havoc on the network once inside. We’ve written previously about how hackers gain access to computer systems here.
Any business that is subjected to a cybersecurity breach needs to take steps to contain the breach and to notify those who have had their personal identifying information or payment information exposed as a result of the attack. Many states have breach notification laws that specify certain timeframes in which victims need to be notified. You will have to move quickly after a cyber security breach. The professionals at Revision Legal can help. Contact us using the form on this page or call us at 855-473-8474.
Understanding the specific techniques used in active attacks helps businesses assess their legal obligations after an incident. Active attacks typically fall into several well-recognized categories, each with distinct forensic signatures and different impacts on affected parties.
Ransomware is perhaps the most disruptive form of active cyber attack currently plaguing businesses. Ransomware encrypts the victim’s data or locks them out of their systems entirely, then demands payment — typically in cryptocurrency — in exchange for the decryption key. Ransomware attacks frequently trigger data breach notification obligations even when no data was exfiltrated, because many state breach notification statutes define a security breach to include unauthorized access to personal information regardless of whether the data was actually viewed or taken. The FBI and CISA advise against paying ransomware demands, noting that payment does not guarantee data recovery and funds ransomware criminal enterprises.
DDoS attacks flood a target’s servers with traffic sufficient to take them offline, denying legitimate users access to the service. While a pure DDoS attack may not directly expose personal data, it frequently precedes or accompanies data exfiltration attacks. Businesses victimized by DDoS attacks may have civil claims against the attackers under the Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030, which prohibits intentional impairment of a protected computer and authorizes civil actions by parties who suffer loss or damage as a result of the violation.
MitM attacks bridge the gap between active and passive categories. In a MitM attack, the hacker intercepts communications between two parties — for example, between a customer’s browser and an e-commerce website — to capture credentials, session tokens, or payment card data. The interception phase is passive; the subsequent exploitation of the captured data is active. MitM attacks on unencrypted network communications are prohibited under the Wiretap Act, 18 U.S.C. § 2511, which makes it unlawful to intentionally intercept electronic communications.
Passive attacks are designed for sustained, undetected data collection. Several techniques are particularly common in corporate and government network intrusions.
Packet sniffing tools capture and analyze data packets as they traverse a network. On unencrypted networks, this allows an attacker to read email content, capture login credentials, and observe any unprotected data in transit. The deployment of a packet sniffer on a corporate network without authorization violates the Wiretap Act and the Computer Fraud and Abuse Act. Businesses can dramatically reduce packet sniffing risk by encrypting all network traffic using TLS and deploying VPNs for remote access.
Keyloggers silently record every keystroke on an infected machine, capturing passwords, credit card numbers, social security numbers, and confidential business communications. Spyware more broadly monitors user activity, browsing history, and application usage. Both are deployed through phishing emails, malicious downloads, or compromised websites. Once installed, keyloggers can operate undetected for months, giving attackers time to accumulate and exfiltrate large volumes of sensitive data before the breach is ever detected.
Whether an attack is active or passive, the legal obligations triggered by a breach are substantially similar. Businesses must:
The clock begins running at discovery, and notification deadlines can be as short as 72 hours under certain state laws. Working with experienced data breach counsel from the moment a breach is identified is the most effective way to navigate these obligations correctly and minimize regulatory and litigation exposure. Contact the data breach attorneys at Revision Legal using the form on this page or call us at 855-473-8474.
Image Credit: GlobeSign
EMV chip credit cards were supposed to reduce fraud, but questions remain about their effectiveness. Here’s what chipped cards protect against and where vulnerabilities remain.
Read more about Are New Chipped Credit Cards Safe From Fraud?
Advanced persistent threats are sophisticated, long-term cyber attacks targeting organizations for data theft or disruption. Here’s how APTs work and how businesses can defend themselves.
Read more about What Are Advanced Persistent Threats?
Smart TVs connected to home networks can be compromised by ransomware and other malware. Here’s what the risks are and how consumers and businesses can protect connected devices.
Read more about Smart TV Ransomware Risk: What You Need to Know