Passive threats from the network

A passive threat can only be realized with some action from a user on the compromised system.

There are several common reasons why a passive threat may get realized and have a system compromised.

A system has a security vulnerability. This means that even if a user-initiated action was not supposed to compromise a system, it does.
A user unknowingly permits a harmful operation to occur. This happens when the source of malware pretends to be legitimate malware-removal software and have a user install it.