Classification Of Security Threats and Attacks

Security threats are divided into five categories by the IATF: passive, active, close-in, insider, and distribution.


  • Passive attack is an attempt to gather information about the target without getting detected for example Open-Source Intelligence (OSINT).  
  • Sniffers are used by attackers to conduct reconnaissance on network activities. Because the attacker has no active involvement with the target system or network, these attacks are difficult to detect.
  • Basically, passive attacks are used in an information-gathering phase where one can find critical information about the target, for example, one can gain unencrypted data in transit, clear-text credentials, or other sensitive information that can be used in active attacks.
  • Examples: Footprinting, Sniffing and Eavesdropping, and Network Traffic Analysis.
  • Tools: Nikto, Wireshark, Maltego, Google, Shodan
  • An active attack is a type of attack in which we use the information gathered from the passive attack and exploit the target if found any vulnerabilities. 
  • In an active attack, attackers communicate directly with the target, tampering with data in transit or disrupting communication or services across systems in order to bypass or break into secure systems. Attackers basically exploit the target and modify the user's crucial data after exploiting it.
  • Examples: DoS attacks, Spoofing Attacks, Replay Attacks, Password-based Attacks, Session Hijacking, DNS and ARP Spoofing, and many more.
  • Tools: Nmap, Metasploit, and Veil to name a few.


  • Close-in attacks are when the attacker is in close physical proximity to the target system or network. 
  • The main goal of performing this type of attack is to gather or modify the information or disrupt its access. For example, an attacker might shoulder surf user credentials.
  • Examples: Social Engineering like shoulder surfing, dumper diving, etc.


  • Insider attacks are performed by trusted persons who have physical access to the critical assets of the target. An insider attack involves a person having inside information concerning the organization's security practices, data, and computer systems.
  • They take advantage of the company's resources to jeopardize the confidentiality, integrity, and availability of information systems. 
  • These attacks have a negative influence on the company's commercial operations, reputation, and profits. An insider attack is difficult to detect.
  • Examples: Eavesdropping, Wiretapping, Theft of Physical Devices, Social Engineering, Planting Keyloggers, Backdoors, malware, etc.
  • Know more about CIA Triad.


  • When attackers interfere with hardware or software prior to installation, this is known as a distribution attack. Attackers tamper with hardware or software at the point of manufacture or while in transit. 
  • Backdoors established by software or hardware providers at the time of manufacture are examples of distribution attacks. Backdoors are used by attackers to obtain unauthorized access to the target's data, systems, or network.
  • This is one of the reasons why companies or professionals asked us to buy hardware and software for authorized sellers only.
We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

No comments:

Post a Comment