AMU Cyber & AI Original

Active vs. Passive Cyberattacks: Which Is More Dangerous?

Get started on your cybersecurity degree at American Military University.

By Susan Hoffman
Contributor

In order to execute successful cyberattacks, hackers commonly use different techniques. For instance, a hacker might use a packet analyzer for data packet sniffing in order to see your data as it travels over a network. Similarly, an attacker could install keylogging software to track what you type on your computer or create a Trojan horse virus to infect your computer.

These attacks generally fall into two categories: active cyberattacks and passive cyberattacks. But which is more dangerous? How do you protect yourself at home and at work?

The Differences between Active and Passive Cyberattacks

According to John DiGiacomo of the Michigan Internet law firm Revision Legal, active and passive cyberattacks have unique characteristics. For instance, active cyberattacks have the following features:

  • Hackers have unauthorized access to private information on computer systems or networks.
  • Victims are immediately aware of the attack.
  • The attack may involve viruses, malware, a Denial of Service or password cracking.
  • Attackers may seek a ransom or want revenge for being fired from a job.

Conversely, passive cyberattacks are more subtle. During a passive cyberattack, attackers want to:

  • Gain access to confidential and personally identifying information such as credit card and debit card numbers, usernames, and passwords.
  • Avoid detection for as long as possible to maintain a maximum dwell time.
  • Sell your private information on the dark Web for profit.

Some attackers may even use a combination of the two methods to gain what they want.

Danger of Cyberattacks Depends on What Was Affected

While both types of cyberattacks are dangerous, which type of attack is more dangerous is a matter for debate. It depends on what information was captured, what was affected and what was the result of the attack.

For instance, the WannaCry hack involving the UK’s National Health Service not only resulted in a $100 million financial loss, but also caused treatment delays for patients at UK hospitals.

Similarly, the NotPetya/ExPetr ransomware attack caused about $10 billion in damages. It used malware that affected critical infrastructures such as airports and nuclear power plants.

Protecting Yourself from Active and Passive Cyberattacks

Although it is difficult to guard everyone and everything all the time, there are many ways to reduce your risk of becoming the victim of active and passive cyberattacks:

  • Keep your antivirus software up to date.
  • Stay informed of cyberattacks and learn from the security mistakes that others have made.
  • Use Virtual Private Networks (VPNs) and firewalls.
  • Educate everyone in your organization and in your family about how to avoid becoming the unwitting victim of attackers.
  • Teach everyone how to create secure, hard-to-guess passwords that involve uppercase letters, lowercase letters, symbols and numbers.
  • Constantly monitor your computer networks for signs of unusual activity.

Insufficient cybersecurity has a huge cost not only in the loss of customer trust, but in financial terms as well. According to Security Today, the global average cost of a data breach is $3.86 million.

However, increased education and the willingness to pay for the best possible cybersecurity  — whether for one’s household or business — can go a long way toward preventing either active and passive cyberattacks. It is particularly important for consumers to maintain good security, since their security is more vulnerable to penetration than many organizations, due to smart devices and other Internet of Things products.

Susan Hoffman is a Managing Editor at Edge, whose articles have appeared in multiple publications. Susan is known for her expertise in blogging, social media, SEO, and content analytics, and she is also a book reviewer for Military History magazine. She has a B.A. cum laude in English from James Madison University and an undergraduate certificate in electronic commerce from American Public University.

Comments are closed.