Active Versus Passive Versus Host-Based Cyberattack Vectors

Budding authors and journalist are taught the difference between active and passive voice in first year writing classes. They understand that active is about “doing” and passive is about “observing.” These techniques can also be applied to cybersecurity as it relates to attack vectors.

According to SearchSecurity a cybersecurity “attack vector is a path or means by which a hacker (or cracker) can gain access to a computer or network server in order to deliver a payload or malicious outcome. Attack vectors enable hackers to exploit system vulnerabilities, including the human element.” Attack vectors come in two flavors: active and passive.

Active Cyberattack Vectors

TechTarget defines an active vector attack as “a network exploit in which a hacker attempts to make changes to data on the target or data en route to the target.”  The three most common active cyberattack vectors include:

• “Spoofing: Addresses to the use of techniques for identity theft.
• Modification: Consists in modifying the routing table so that the sender sends message through longer paths causing major delays.
• DDoS: Attack of Denial of Service (DDoS) is to keep busy consuming network bandwidth with constant messages that disrupt normal service delivery.
• Fabrication: False routing message generated to prevent information of reaching its destination.”

Passive Cyberattack Vectors

TechTarget defines a passive vector attack as “a network attack in which a system is monitored and sometimes scanned for open ports and vulnerabilities. The purpose is solely to gain information about the target and no data is changed on the target.” The three most common passive cyberattack vectors include:

• “Sniffing or traffic analysis: An attacker detects the communication path between sender and receiver. Following, finds the amount of data moving between sender and receiver. There are no changes in the data.
• Eavesdropping: Occurs in the ad-hoc mobile network. The main objective of this attack is finding out secret or confidential information by intercepting the means of communication.
• Supervision: Attack where hackers can read confidential data but cannot edit it.”

Host-Based Cyberattack Vectors

Attacks that target a mobile device or machine or even a person directly are considered host-based cyberattack vectors.  The three most common host-based cyberattack vectors include:

• “Malware: Includes all programs that introduce malicious codes (viruses, worms, Trojans) on our computers, causing multiple and invaluable damage.
• Keyloggers: Employs programs to collect everything that the user types via keyboard. They can even take screenshots.
• Social engineering: Obtaining confidential information from a person or organization to use it for malicious purposes. The most striking examples are phishing and spam.”

Realtime Prevention

The best way to prevent active, passive and host-based cyberattack vectors is a solution that works on your behalf, 24/7. Selected technologies must evaluate every line of code, making well documented evasion techniques ineffective. It should be agnostic to file type, client-side application type, or the client operating system used within the organization. It should provide protection regardless of operating system, CPU architecture and function (client, server) of the targeted machine.

Check out this whitepaper on an evasion-proof approach against modern cyberattacks that can be a CISO’s best tool in the war on cybercrime. It will outline how to strengthen your cyber defenses dramatically by preventing attacks before they enter and harm your organization, your customers and your brand. Remediation is costly, prevention is not.