There are two types of security attacks, namely passive and active attacks. In an active attack, an attacker tries to modify the content of messages. In a passive attack, an attacker observes and copies messages.
Passive Attacks
The first type of attack is a passive attack. A passive attack involves monitoring, observing, or collecting data from a system for certain purposes. However, it doesn’t impact system resources, and the data remains unchanged. It is difficult for the victim to detect passive attacks since they are conducted secretly. The main aim of a passive attack is to gather information or scan open ports and vulnerabilities in the network.
An eavesdropping attack is considered a type of passive attack. It involves stealing data transmitted between two devices connected to a network. Traffic analysis is included under eavesdropping. Such an attack occurs when attackers insert a software package in the network path to capture and study network traffic. Attackers must gain access to the network path between the endpoint and the UC system to capture the traffic. If there are more network layers and the paths are longer, it becomes easier for the attacker to insert malicious software into the network path.
The release of messages is another kind of passive attack. In this case, attackers install malicious software (such as a virus or malware) on a device to monitor its activities, like messages, emails, or transferred files containing personal or confidential information. The attackers can then use this data to compromise the device or the network.
Other attacks have also emerged due to the growing interconnection of insecure devices, such as IoT infrastructure. These include protocol-specific and wireless network-based attacks. For example, in IoT-based smart home systems, the RPL (Routing Protocol for Low-Power and Lossy Networks) is commonly used because it suits resource-constrained IoT devices that cannot use traditional protocols.
Active Attacks
An active attack is a network exploit where attackers modify or alter content, impacting system resources and causing damage to victims. Attackers often perform passive attacks first to gather information before launching an active one. Their goal is to disrupt or compromise the system. Unlike passive attacks, victims usually become aware of active attacks since they affect system integrity and availability. Active attacks are also more complex to execute.
A Denial-of-Service (DoS) attack is one example of an active attack. A DoS attack occurs when attackers attempt to shut down a device or network, preventing legitimate users from accessing it. Attackers flood the target device or network with traffic until it becomes unresponsive or crashes. Services such as email, websites, and online banking may be affected. DoS attacks can be carried out from virtually any location.
As mentioned above, DoS attacks include flooding or crashing the device or network. A buffer overflow attack is a common example, where excessive data is sent to exceed the buffer capacity, leading to a crash. Another example is the ICMP flood (Ping flood), in which spoofed packets flood the target with ICMP echo requests, forcing it to respond until it becomes inaccessible to normal traffic.
A SYN flood is another flooding attack. Attackers continuously send SYN packets to all server ports using fake IP addresses. The unaware server responds with SYN-ACK packets, but since the client never completes the handshake, resources are exhausted, and the server may crash. Statistical methods, such as Bayesian-based models, have been proposed to detect such attacks.
Trojan horse attacks are another form of active attack, with backdoor Trojans being the most common. A backdoor Trojan allows unauthorized attackers to gain access to a system, network, or software application. For instance, attackers may hide malware in a link; once a user clicks it, a backdoor is downloaded, granting the attacker access to the device. A rootkit is another example—it provides hidden privileged access to a system, allowing attackers to control it without detection. They can modify settings, access files, or monitor user activity. Some well-known rootkits include NTRootKit, Zeus, Stuxnet, and Flame. Flame, discovered in 2012, was designed to target Windows OS and could record audio, take screenshots, and monitor network traffic.
A replay attack is another example of an active attack. Attackers eavesdrop on communications and later resend a valid message from an authorized user. Replay attacks allow attackers to gain access to data stored on compromised devices or even replicate financial transactions. They do this by capturing and reusing the same session information multiple times.
A related form, the cut-and-paste attack, involves combining parts of different encrypted messages (ciphertext) and sending them to the victim. This enables attackers to extract or manipulate data to compromise the system.
Conclusion
Cybersecurity is a vital part of modern life. Protecting our devices from malicious activities is essential. Active and passive attacks are major challenges for any organization. Advanced Persistent Threats (APTs) typically begin with passive attacks to gather intelligence about the infrastructure and network, which is then used to craft targeted active attacks. Such attacks can be difficult to detect and may cause severe damage to the organization.
