What is a Passive Attack?
A passive attack refers to the actions of a hacker or threat agent after gaining unauthorized access to a network. Rather than immediately stealing data, encrypting files, or unleashing malware, the bad actor simply observes the network. Passive attacks are often precursors to active ones, though they may simply be for intelligence gathering without taking further steps.
How to Recognize This Threat: Network visibility is key to recognizing a passive attack. Admins with a comprehensive view of their network and all its endpoints can often spot unusual activity, even if it is passive. Warning signs may include a user accessing the network from an unusual location or at unusual times of day.
How to Prevent This Threat: Preventing a passive attack involves similar actions to preventing an active one. Passive attacks still require unauthorized access, which typically occurs through theft of user credentials or exploitation of a back door. Train users to avoid acting on phishing emails, downloading suspect attachments, or clicking unverified links. And keep all software patched to protect against vulnerabilities. And of course, deploy a firewall with active security services to further protect network assets.