- Advertisement -
HomeTechnologies UpdatesDifference Between Active and Passive Attacks - A Brief Comparison

Difference Between Active and Passive Attacks – A Brief Comparison

- Advertisement -

This weblog comprises:

Check out this newest cyber safety tutorial and coaching without spending a dime

What is an Active assault?

Attacks through which hackers attempt to control or alter the content material of communications or data are often called lively assaults.

These cyberattacks, in opposition to cyber security, jeopardize the system’s integrity and authenticity. These threats can harm programs and tamper data.


Let me clarify it to you with an instance.

Imagine Tom and Jerry are associates. Tom is sending a letter to Jerry. So, earlier than the letter reaches Jerry, Rachel takes the letter and alters the message. Now, what Jerry receives will not be the data despatched by Tom.

Here, the data has been altered by a 3rd celebration. This is a possible risk as a result of what if the data despatched by Tom was delicate and essential. If Jerry will not be intelligent sufficient to establish the alteration within the message, he may proceed with the modified data. This can result in loads of issues and is a critical risk to any group.

So, that is the reply for what’s an lively assault?

Sometimes, the victims are notified in regards to the assault. This is a bonus as a result of as soon as an assault is recognized, it’s doable to revive the info in addition to the system. So, precedence is given to detecting such assaults somewhat than stopping them.

Active assaults will be diminished through the use of OTP to authenticate the communication course of between two entities.

It is feasible to create a random session key that’s solely efficient for one transaction. This makes it harder for the attacker to switch information after the session has expired.

Get 50% Hike!

Master Most in Demand Skills Now !

What is a Passive Attack?

It is the kind of assault through which a third-party attackermonitors the messages between two entities and replicates the content material of these messages with malicious intent.


The goal of a majority of these assaults is to assemble delicate and confidential information. Neither do these assaults alter the info nor do they destroy the system.

Let me simplify the method. In the prior instance, Rachael altered the message between Tom and Jerry. Here, Rachel doesn’t alter the message. Rachel merely observes the content material of the message between Tom and Jerry, in order that she is conscious of the delicate data that’s being conveyed between Tom and Jerry.

In different phrases, Rachel invaded the privateness of Tom and jerry. Hope this solutions the query, what’s a passive assault?‘

One of the possible protective measures that can be taken to prevent these types of passive attacks is using encryption methods for sensitive information so that it remains unreadable for outsiders.

Such passive attacks can also be avoided by not using online platforms to share confidential and sensitive information.

Preparing for cyber security job interviews? Have a look at our blog on Cyber Security interview questions and excel in the hiring process.

Difference between Active and Passive Attacks

Active Attacks Passive Attacks
Effect on info The message is disrupted and modified Message remains unaltered
Effect on system System integrity and accessibility are harmed Systems and resources are not disrupted
Importance is given to Detection of such attacks Prevention of such attacks
Impact on resource Resource is manipulated and damaged No impact on resource
How do attacks happen? Information is gathered through passive attacks to attack the system Sensitive and confidential information, such as passwords and private chats, is gathered
Difficulty Very difficult to prohibit or prevent such attacks Comparatively easy to prevent such attacks

Types of Active and Passive Attacks

Let us take a gander at the different types of active attacks and passive attacks.


It is a type of attack in which one person acts or pretends like someone else and alters the system and data. This person might delete, corrupt, or alter the information. Hence, it is an active attack. A simple pictorial representation of masquerade attacks is given below.

masquerade attack


This attack can be carried out by either the sender or the receiver. The sender or receiver might send or receive a particular message, but they refuse this fact later on. Let us understand it clearly with an example.


It is a type of passive attack in which an intruder observes and captures a message or content and uses the same to produce an authorized effect. Let us take an example.

Suppose Julie is a higher authority official sending a message to Mark. John captures Julie’s message or content material, and sends it to Mark to persuade Mark that John is the authority. Now, on this state of affairs, Mark would interpret John because the official. This is called replay.


Learn extra about this area from our Cyber Security training curated by trade specialists.

Denial of Service or Fabrication

In this kind of assault, the intruder prevents all types of communication between two entities. All communications addressed to a sure vacation spot will be disabled by an entity. Another kind of service denial is when a complete community is disrupted, both by deactivating it or by flooding it with messages to deteriorate efficiency.

A easy instance of this type of assault is proven within the picture beneath. Emily is sending a message to Ruby. Rob, the cracker, overloads the server by sending false data and requests. This can impression the velocity at which Emily’s message is distributed to Ruby.


Traffic Analysis

Due to the elevated lively assaults and passive assaults, the encryption of knowledge has been a current savior. When data is encrypted, an intruder can not learn the content material of the messages. But, the intruder can nonetheless observe the frequency, size, and time of the messages. The intruder may exploit this data to foretell what sort of dialog and communication is going on. This is called visitors evaluation.


Have a glance into our Cyber Security tutorial to study extra about cyber assaults!

Become a Cyber Security Expert

Examples of Active and Passive assaults

In this part, allow us to take a look at a number of standard assaults within the historical past of cyber safety.

Nasa Cyber Attack

James Jonathan, a 15-year-old, was capable of hack NASA’s programs and shut them down for 21 days in 1999. During the assault, roughly 1.7 million applications and software program had been downloaded, costing the house behemoth round $41,000 in repairs.

Ashley Madison Data Breach

Ashley Madison, a infamous web site marketed as permitting extramarital relationships, had its person information stolen by a gaggle, referred to as the Impact Team, in July 2015.

The group copied the non-public data of the location’s customers and warned that they’ll disclose the customers’ names and personally identifiable data. More than 60 terabytes of buyer data, together with person data, had been launched by the hackers.

The ironic factor about that assault was that they disclosed the names of customers that included many standard authorities authorities.

The 2014 Cyberattack on Yahoo

When 500 million Yahoo accounts had been hacked in 2014, it was one of many largest cyberattacks of the yr. Fortunately, solely primary data and passwords had been reportedly taken and never financial institution data.

Channel Nine Attack

Channel Nine, an Australian TV channel, was jolted by a cyberattack on March 28, 2021. The assault restricted the channel from airing its Sunday information bulletin and quite a few different applications.

CNA Financial Cyber Attack

Surprisingly, CNA Financial, United States’ largest cyber insurance coverage supplier, was struck by a well-planned ransomware assault, compelling the enterprise to exit of operation for the following few days.

The hackers who claimed duty for the assault employed a bug referred to as Phoenix CryptoLocker to encrypt the insurance coverage firm’s data. Unfortunately, CNA needed to pay a whopping $40 million to get well possession of its protected information.

Despite CNA’s lack of an official response, the assault has undoubtedly taught the insurance coverage firm, in addition to different companies, a harsh lesson.

Enroll in our Cyber Security courses and begin your profession on this scorching area! Be an professional now!

LinkedIn Attack

In June 2021, information belonging to 700 million LinkedIn members was uploaded on a darkish internet, exposing 90 % or extra of the corporate’s person base. Data scraping methods had been employed by a hacker often called God User, who exploited the location’s and others’ API earlier than disclosing a primary information assortment of roughly 5 billion customers.

According to LinkedIn, no delicate, personal private information was uncovered, however the incident was an infringement of the phrases and settlement.


So, we’ve coated loads of details about lively assaults and passive assaults. From the examples, we are able to certainly soar to the conclusion that such assaults are critical threats to any group and have the potential to trigger loads of destruction.

Increased assaults demand skillful cyber safety specialists who can stop such assaults and restore the system after such assaults.

Do you’ve got any queries? Ask it out proper now in our Cyber Security community.

- Advertisement -
- Advertisement -

Stay Connected


Must Read

Related News

- Advertisement -spot_img
Visit Us On FacebookVisit Us On Twitter