IT DATA SECURITY

What is data security?

Data security is the practice of protecting digital information from unauthorized

access, corruption or theft throughout its entire lifecycle. This concept encompasses the entire
spectrum of information security. It includes the physical security of hardware and storage
devices, along with administrative and access controls. It also covers the logical security of
software applications and organizational policies and procedures.

Types of data security

To enable the confidentiality, integrity and availability of sensitive information,

organizations can implement the following data security measures:
1. Data Encryption
2. Data erasure
3. Data masking
4. Data resiliency

Encryption

By using an algorithm to transform normal text characters into an unreadable format,

encryption keys scramble data so that only authorized users can read it. File and database
encryption software serve as a final line of defense for sensitive volumes by obscuring their
contents through encryption or tokenization. Most encryption tools also include security key
management capabilities.

Data erasure

Data erasure uses software to completely overwrite data on any storage device,
making it more secure than standard data wiping. It verifies that the data is unrecoverable.

Data masking

By masking data, organizations can allow teams to develop applications or train

people that use real data. It masks personally identifiable information (PII) where necessary
so that development can occur in environments that are compliant. Data masking creates fake
versions of an organization's data by changing confidential information. Various techniques
are used to create realistic and structurally similar changes. Once data is masked, you can't
reverse engineer or track back to the original data values without access to the original
dataset.

Common Data Masking Examples

1. Masking customer data
Almost all medium- to large-size companies today use a CRM to
store and manage customer data, including names, phone numbers, email
addresses, employment history, and more. Protecting customers’ privacy (as
well as active and inactive leads) requires companies to take appropriate
measures to ensure this data is not accessible to unauthorized users. DM is
an effective method for anonymizing CRM data while maintaining data
reporting and BI (Business Intelligence) functionality. Shuffling, data aging,
and data pseudonymization are all effective methods for this data masking
example.
2. Masking employee data
Most large companies manage employee data in an HCM system. By
masking an HCM, organizations can protect the sensitive information it
contains, such as names, addresses, phone numbers, salary information,
health insurance status, and more. Specific data masking methods, such as
data pseudonymization or shuffling, could keep sensitive employee
information secure while ensuring that the data remains usable for legitimate
purposes, by relevant data consumers.
3. Masking financial data
Financial firms use various systems to store and manage investment
portfolios for their clients. System databases would contain a variety of
sensitive financial information pertaining to customers’ investments,
including account numbers, account balances, transaction histories, names,
Social Security Numbers, addresses, and more. The firm could anonymize
 its data by replacing sensitive information with dummy values, for example.
Anonymized data would still be accessible to authorized data consumers,
while upholding data security standards and complying with regulations
such as the Gramm-Leach-Bliley Act (GLBA).
4. Masking IP addresses
Companies that use log files to track the activities of users on its
application, website, or network may choose to mask the IP addresses in the
log files. Encrypted lookup substitution, redaction, or shuffling are all data
masking methodologies organizations could use to obscure real IP
addresses. In this data masking example, the organization could still use
masked IP addresses for testing or analytics purposes, while ensuring
compliance with user privacy laws, such as GDPR.
5. Masking medical data
Hospital and health system databases, such as EHR systems, store
and manage a wide range of personal information about patients, including
names, address, phone numbers, medical histories, and more. To protect
patients’ privacy and ensure compliance with relevant regulations (such as
HIPAA), hospitals can mask EHR data using shuffling or data aging
techniques to restrict access to unauthorized parties. In this data masking
example, patient data can still be used for analysis and reporting but would
not expose the hospital or patient to risk.

Shuffle Masking
Shuffle masking masks the data in a column with data from the same
column in another row of the table. Shuffle masking switches all the values
for a column in a file or database table. You can restrict which values to
shuffle based on a lookup condition or a constraint. Mask date, numeric, and
string data types with shuffle masking.
 For example, you might want to switch the first name values from one
customer to another customer in a table. The table includes the following
rows:

100 Kamatchi Kartheeban

101 Ravi Kumar
102 Ram Gopalakrishnan
103 Santhosh Pandian

When you apply shuffle masking, the rows contain the following data:

100 Ram Kartheeban

101 Santhosh Kumar
102 Kamatchi Gopalakrishnan
103 Ravi Pandian

Data resiliency

Resiliency depends on how well an organization endures or recovers from any type of
failure—from hardware problems to power shortages and other events that affect data
availability. Speed of recovery is critical to minimize impact.

Data resiliency refers to an organization's ability to recover from data breaches and
other types of data loss, immediately enact business continuity plans, effectively recover lost
assets and aggressively protect that organization's data moving forward.

Data security strategies

A comprehensive data security strategy incorporates people, processes and

technologies. Establishing appropriate controls and policies is as much a question of
organizational culture as it is of deploying the right tool set. This means making information
security a priority across all areas of the enterprise.

Consider the following facets in your data security strategy:

 1. Physical security of servers and user devices
2. Access management and controls
3. Application security and patching
4. Backups
5. Employee education
6. Network and endpoint security monitoring and controls

Physical security of servers and user devices

You might store your data on premises, in a corporate data center

or in the public cloud. Regardless, you need to secure your facilities
against intruders and have adequate fire suppression measures and
climate controls in place. A cloud provider assumes responsibility for
these protective measures on your behalf.

Access management and controls

Follow the principle of “least-privilege access” throughout your entire IT

environment. This means granting database, network and administrative account access to as
few people as possible, and only to individuals who absolutely need it to get their jobs done.

Application security and patching

Update all software to the latest version as soon as possible after patches or the
release of new versions.

Backups

Maintaining usable, thoroughly tested backup copies of all critical data is a core
component of any robust data security strategy. In addition, all backups should be subject to
the same physical and logical security controls that govern access to the primary databases
and core systems.

Employee education

Transform your employees into “human firewalls”. Teaching them the importance of
good security practices and password hygiene and training them to recognize social
engineering attacks can be vital in safeguarding your data.
Network and endpoint security monitoring and controls

Implementing a comprehensive suite of threat management, detection and response

tools in both your on-premises and cloud environments can lower risks and reduce the chance
of a breach.

Data Security Threats

 A data security threat is any action that could DEMAGE the confidentiality, integrity
or availability of data.
 Data security threats can come from a variety of sources, including hackers, insider
threats, natural disasters and human error.
 Data breaches can have serious consequences for businesses and consumers alike,
including financial losses, compromised identities and damaged reputations.
To protect their assets, companies need to do their due diligence and make sure they have a
system in place that will minimize data security threats by educating employees, monitoring
networks for vulnerabilities and more.

Types Of Data Security Threats

There are many data security threats that organizations face daily. Some of these
threats include
 malware
 ransomware
 phishing attacks and social engineering.

1. Malware is a type of software that is designed to harm or damage a computer system.

It can be installed on a system through various means, including email attachments,
infected websites and malicious adverts. Once installed, malware can delete files,
steal information or make changes to a system that can render it unusable.
2. Ransomware is a type of malware that encrypts a victim's files and demands a ransom
be paid to decrypt them. This type of attack can be particularly damaging to
organizations, as it can result in the loss of important data.
3. Phishing attacks are another common type of threat that organizations face. These
attacks involve sending emails that appear to be from a trusted source, such as a bank
 or other financial institution. The email will usually contain a link that leads to a
website that looks identical to the legitimate site. However, the website is designed to
steal the victim's login credentials.

How To Protect Data From Cybercriminals

 Data security is one of the most important aspects of online life. Without data
security, our personal information, financial information and other sensitive data
would be vulnerable to cybercriminals. There are many ways to protect your data
from cybercriminals, including using strong passwords, installing antivirus software
and using firewalls.

 One of the best ways to protect your data is to use a password manager. A password
manager helps you create and manage strong passwords, and it keeps all of your
passwords in one place. This makes it easier to create and remember complex
passwords, and it also makes it harder for cybercriminals to hack your account.

 Another way to protect your data is to install antivirus software. Antivirus software
helps to protect your computer from malware, which can include viruses, spyware and
other malicious software. Antivirus software can also help remove any existing
malware from your computer.

 Finally, you can use a firewall to protect your data. A firewall is a piece of hardware
or software that helps to block incoming and outgoing network traffic. Firewalls can
be used to prevent cybercriminals from accessing your computer, and they can also
help to protect your data from being stolen.
 Types of Viruses

Armored Virus
 An armored virus is a computer virus that contains a variety of
mechanisms specifically coded to make its detection and decryption very
difficult.

 One of these methods involves fooling anti-virus software into believing

that the virus is resides somewhere other than its real location, which
makes it difficult to detect and remove.

 Another kind of armor is implemented by adding complicated and

confusing code, which has no other purpose other than to mask the virus
and prevent virus researchers from creating an effective countermeasure.

Companion Virus
 A companion virus is a type of computer virus that attaches itself to
legitimate programs and runs simultaneously with them.

 It doesn’t modify the original program’s file; instead, it creates a separate

infected file with a similar name, leading the user to execute the virus
unintentionally.

 As a result, the virus spreads and can cause damage or allow unauthorized
access to the infected system.

Key Takeaways
1. Companion Virus is a type of malware that disguises itself as a legitimate
program and is designed to run parallel to an existing executable file
without altering or infecting it directly.
 2. It typically spreads by attaching itself to other applications or files and is
executed when the user inadvertently launches the infected program,
leading to the simultaneous launch of the virus.

3. Preventing Companion Virus infections requires adopting good security

practices like using a reputable antivirus program, updating software
regularly, and avoiding the download of files from unknown sources.

Macro virus - Melissa virus

 A macro virus is a piece of malicious code written in the same macro

language used in everyday applications, such as Microsoft Word, Excel, and
Powerpoint.

 The attack code commonly hides in documents and spreadsheets and is

activated as soon as you open the file.

 As a result, it can infect any computer running any kind of OS,

including Windows, macOS and Linux.

 With the release of Microsoft Office 2000 and all subsequent versions,
Microsoft disabled macros by default. Since then, it's become more
difficult for bad actors to easily launch macro viruses.

 However, as long as macros are available to users, the risk of macro

viruses remains serious.

Multipartite Virus
 A multipartite virus is a type of fast-acting malware that attacks a
device's boot sector and executable files simultaneously.
  Multipartite viruses are often considered more problematic than
traditional computer viruses due to their ability to spread in multiple
ways.
 They are considered to be much more destructive than other viruses.
Multipartite viruses infect computer systems multiple times, at varying
times and in order to eradicate the virus it must be purged from the entire
system.
 Failure to do so can result in the system being repeatedly re-infected if
all parts of the virus are not eradicated.

Signs Your System is Infected

 Constant pop-up messages warning you that your computer has low

memory. As the virus spreads to the executable files, it will automatically

consume memory
 The computer's hard drive may be reformatted. Specific types of
multipartite viruses do this in an effort to override anti-malware solutions.
Even if anti-malware software removes the infection, the virus may
reformat the hard drive in an effort to reinfect the computer

Polymorphic Virus:
‘Poly’ refers to many and ‘morphic’ refers to forms. Therefore as the name
suggests polymorphic virus is a complicated computer virus that changes its
form as it propagates to avoid detection by antivirus. It is a self-encrypting
virus that pairs a mutation engine along with a self-propagating program code.
A Polymorphic Virus Consists of:
 A decryption routine.
 An encrypted virus body.
 A mutation engine that generates randomized decryption routines.
 In polymorphic viruses, the mutation engine and virus body are
encrypted.
  When an infected program is executed, the virus decryption routine
gains control of the computer decrypts the virus body and mutation
engine. The control is then transferred to the virus which locates a
new program to infect.
 As the virus body is encrypted and the decryption routine also varies
from infection to infection, the virus scanners cannot scan for a fixed
signature or a fixed decryption routine making it difficult to detect.

Working of Polymorphic Virus:

 malware like Emotet is a banking Trojan that steals sensitive

information while misleading cybersecurity tools to hide. Another

example of polymorphic malware is Win32/VirLock ransomware.

What is a stealth virus?

  A stealth virus is a computer virus that uses various mechanisms to avoid
detection by antivirus software.
 It takes its name from the term stealth, which describes an approach to
doing something while avoiding notice.
 Typically, a stealth virus can hide in the legitimate files, partitions or boot
sectors of a computing device without alerting the antivirus software or
notifying the user of its presence.
 Once injected into a computer, the virus enables the attackers to operate
and gain control over parts of the system or the entire system.

 A stealth virus has an intelligent architecture, making it difficult to

eliminate it completely from a computer system. The virus is smart
enough to rename itself and send copies to a different drive or location,
evading detection by the system's antivirus software. The only way to
remove it is to completely wipe the computer and rebuild it from scratch.
 booting a computer system from a removable disk, such as a USB drive,
prevents the stealth virus from running amok before the antivirus
or antimalware software scans for malware. Sophisticated, up-to-date
antivirus software can also help reduce the risk of infection or eradicate a
virus entirely.

Critical data for organizations

o Customer Information – The data associated to its customer should be of topmost
priority.
o Product Information – Protecting information about the existing products and the
products to be launched can be a high priority thing for many organizations.
o Employee Information – All the detailed personal information of the employees are
in the possession of most of the organizations.
o Company Information – An organization has various critical data which it needs to
protect.

Elements to consider for a better security mechanism

 o Cost – The cost plays an important role.
o The Price of Disruption – An organization must always go with the
option which causes the least amount of disruption while implementing
data security mechanism.
o What is to lose – Security needs of an organization must be of utmost
priority if the business of this organization realize on the trust of the
customer.
o Where Potential Threat are – An organization should always consider
the biggest threat that their sensitive data faces.
Processes

Key Elements of Robust Data Protection Strategy

 A data protection strategy can help companies lessen the risks associated with various
data-related activities.
 It achieves this goal by identifying and tackling these risks while reducing the
possibility of other damaging events.
 Identifying the desired result and the necessary steps to build compelling data
protection strategies is crucial.
 Moreover, to ensure effectiveness, companies must clearly understand how these
strategies can address their specific concerns.

1. Transparent Data Risk Analysis

o The first and most important exercise for data protection is to assess the need
for tools and policies.
o There should be a clear and accurate assessment of the risks that the data
faces.
o This would also help to calculate the losses in the incident of a breach.
o Another critical aspect of an accurate risk assessment is that it will also clarify
the budgets needed for the strategy to be put in place.

2. Strong Data Encryption

o A good data protection strategy should ensure appropriate measures are in
place to prevent unnecessary risks.
o The companies that most effectively manage their data throughout its lifecycle
will have the best opportunities for success.
o Encrypting data makes it more secure, to begin with. It discourages threat
actors form accessing data they try to steal or compromise.

3. Stringent Data Backup and Recovery Tools

o Another notable element of any data protection plan is the ability to recover
from any data breach or attack.
o To achieve this, companies should keep regular backups of all critical data and
systems.
o Even if there is an incident, they will be able to restore data and neutralize
cyber threats.
o Threats that can disrupt a business are practically infinite.
o Updating policies and procedures regularly allows an organization to be well-
prepared to take on threats.
o Furthermore, the type of data that needs to be backed up, its frequency, and
storage location should also be identified in advance.
4. Zero Trust Access Policies
o To protect data, it is critical to ensure that all reasonable precautions are in
place.
o Ensuring no trust for unauthorized access is critical to ensure any semblance
of data security.
o A data protection strategy needs to be stringent about multiple authentications
of users for access to data. The primary approach to achieving this is to
prevent all unauthorized access by parties. This will play a big role in blocking
attacks on the network and infrastructure.
o Deploying data breach prevention strategies using antivirus and antispyware
utilities and other tools can offer improved threat protection. Enterprises can
use firewalls and other perimeter security hardware and software for added
protection.

5. Meeting Data Storage Safety Standards and Regulatory Compliance

o Complying with domestic and foreign data protection laws is vital in today’s
business world. Businesses can also enhance their efficiency and profitability
by investing in data compliance.
o Effective data compliance practices keep company data up-to-date and
accurate. It helps protect it from costly errors and improves the overall quality
of business operations.
o With valuable data compliance strategies, businesses can significantly reduce
the time and money spent on handling data. Then it becomes an investment
that pays off both in the short and long term, ensuring success and peace of
mind for all involved.
 Cryptographic Attacks
What is cryptography?
Cryptography is a security mechanism for storing and transmitting sensitive data such
that only the sender and the intended receiver can read or understand it. Key(s) are used to
encode (at the sender's end) and decode (at the receiver's end) the data. Encryption is the
process of converting plaintext or data into ciphertext or encoded data (that is not readable to
everyone). Converting the ciphertext or encrypted data to a readable form or decoded version
is called decryption.

What are cryptography attacks?

A cryptographic attack is a method used by hackers to target cryptographic solutions
like ciphertext, encryption keys, etc. These attacks aim to retrieve the plaintext from the
ciphertext or decode the encrypted data. Hackers may attempt to bypass the security of a
cryptographic system by discovering weaknesses and flaws in cryptography techniques,
cryptographic protocol, encryption algorithms, or key management strategy.

Passive and active attacks

A cryptography attack can be either passive or active.

 Passive attacks: Passive cryptography attacks intend to obtain

unauthorized access to sensitive data or information by intercepting or
eavesdropping on general communication. In this situation, the data and
 the communication remain intact and are not tampered with. The attacker
only gains access to the data.
 Active attacks: On the other hand, active cryptography attacks involve
some kind of modification of the data or communication. In this case, the
attacker not only gains access to the data but also tampers with it.

Types of cryptography attacks

Depending on the type of cryptographic system in place and the information available to
the attacker, these attacks can be broadly classified into six types:

 Brute force attack

Public and private keys play a significant role in encrypting and

decrypting the data in a cryptographic system. In a brute force attack, the
cybercriminal tries various private keys to decipher an encrypted message
or data. If the key size is 8-bit, the possible keys will be 256 (i.e., 28).
The cybercriminal must know the algorithm (usually found as open-
source programs) to try all the 256 possible keys in this attack technique.

Types of Brute Force Attacks

Each brute force attack can use different methods to uncover your sensitive data. You
might be exposed to any of the following popular brute force methods:
1. Simple brute force attack: It uses a systematic approach to
'guess' that doesn't rely on outside logic. Hackers attempt to
logically guess your credentials, which completely unassisted from
software tools or other means. These can reveal extremely simple
passwords and PINs.
2. Dictionary attacks: It guesses usernames or passwords using a
dictionary of possible strings or phrases. A hacker chooses a target
and runs possible passwords against that username. Dictionary
attacks are the most basic tool in brute force attacks. While not
necessarily being brute force attacks in themselves, these are often
used as an important component for password cracking.
3. Hybrid brute force attacks: It starts from external logic to
determine which password variation may be most likely to succeed
and then continues with the simple approach to try many possible
variations. A hybrid attack usually mixes dictionary and brute force
attacks. These attacks are used to figure out combo passwords that
mix common words with random characters.
4. Rainbow table attacks: A rainbow table is a pre-computed table
for reversing cryptographic hash functions. You can use it to guess a
function up to a certain length consisting of a limited set of
characters.
 5. Reverse brute force attack: A reverse brute force attack reverses
the attack strategy by starting with a known password. It uses a
common password or collection of passwords against many possible
usernames. Then hackers search millions of usernames until they
find a match. Targets a network of users for which the attackers
have previously obtained data. Many of these criminals start with
leaked passwords that are available online from existing data
breaches.
6. Credential stuffing: It uses previously-known password-username
pairs, trying them against multiple websites. If a hacker has a
username-password combo that works for one website, they'll try it
in tons of others as well. Since users have been known to reuse
login info across many websites, they are the exclusive targets of an
attack. Exploits the fact that many users have the same username
and password across different systems.

Brute Force Attack Tools

Guessing a password for a particular user or site can take a long time, so hackers have
developed tools to do this task faster.

 Ciphertext-only attack

In this attack vector, the attacker gains access to a collection of

ciphertext. Although the attacker cannot access the plaintext, they can
 successfully determine the ciphertext from the collection. Through this
attack technique, the attacker can occasionally determine the key.

 Chosen plaintext attack

In this attack model, the cybercriminal can choose arbitrary plaintext data
to obtain the ciphertext. It simplifies the attacker's task of resolving the
encryption key. One well-known example of this type of attack is the
differential cryptanalysis performed on block ciphers.
Let’s now consider the chosen-plaintext attack.
In this case, we can relax the previous constraint and assume we aren’t
certain of the encryption algorithm being used. However, we can still choose a
set of plaintexts and compare them with the resulting ciphertexts in order to
learn something about the encryption algorithm and its associated key.

If we begin with the plaintext, plaintext=11111111 , we will obtain

the ciphertext=01010101 as we discussed earlier. We could then consider
changing the last bit of the plaintext and observe how the ciphertext
changes accordingly. In doing so, and in changing every remaining bit of the
plaintext in sequence, we would develop the following table of associations:

Plaintext Ciphertext

11111111 01010101

11111110 01010100

11111101 01010111

11111011 01010001

11110111 01011101

11101111 01000101
 Plaintext Ciphertext

11011111 01110101

10111111 00010101

01111111 11010101

In varying each individual bit of the plaintext and comparing the corresponding
encrypted text, we could notice that the bit we vary is consistently negated in
the encryption process. We could also notice that, as one bit varies, the
remaining ones are left untouched: in this case, we should strongly suspect that
the encryption involves a bit-wise operator of some kind; that would, in turn,
significantly restrict the search space of the possible encryption algorithms
that generate the ciphertexts.

 Chosen ciphertext attack

In this attack model, the cybercriminal analyzes a chosen ciphertext

corresponding to its plaintext. The attacker tries to obtain a secret key or
the details about the system. By analyzing the chosen ciphertext and
relating it to the plaintext, the attacker attempts to guess the key. Older
versions of RSA encryption were prone to this attack.

A chosen ciphertext attack (CCA) is a type of attack on an encryption

scheme where an attacker has the ability to decrypt chosen ciphertexts
and use the results to deduce the encryption key or decrypt other
ciphertexts. Here's a simple example:
 Suppose we have a simple substitution cipher where each letter is shifted
by a fixed number of positions in the alphabet (e.g., Caesar cipher). The
encryption key is the shift value.

1. Attacker chooses a ciphertext: "zhofrh wr fvh"

2. Attacker asks the oracle (the decryption function) to decrypt the
ciphertext.
3. Oracle responds with the plaintext: "WELCOME TO CSE"
4. Attacker analyzes the decryption result and notices that the first letter
"Z" was decrypted to "W", which means the shift value is 3 (since Z is 3
positions ahead of W in the alphabet).
5. Attacker uses this knowledge to decrypt other ciphertexts or even
encrypt their own messages using the same key.

 Known plaintext attack

In this attack technique, the cybercriminal finds or knows the plaintext of

some portions of the ciphertext using information gathering techniques.
Linear cryptanalysis in block cipher is one such example.
Let’s try the following values:

 The encryption key, whose value we don’t know, is KEY=10101010

 The first plaintext we consider for both attacks will be
plaintext=11111111

We’ll begin with the known-plaintext attack. By the hypothesis of this attack,
we get to know in advance the ciphertext that results out of
encryption(Plaintext,key). Accordingly, the value of ciphertext is 01010101.
Because we know both plaintext=11111111 and ciphertext=01010101, in this
case we can exactly compute key as key=plaintext + ciphertext, and
therefore key=11111111 + 01010101 = 10101010.

 Key and algorithm attack

 Here, the attacker tries to recover the key used to encrypt or decrypt the
data by analyzing the cryptographic algorithm.

How to Create Protect Passwords

 As a user, you can do many things to support your protection in the
digital world. The best defence against password attacks is ensuring that
your passwords are as strong as they can be.
 Brute force attacks rely on time to crack your password. So, your goal is
to make sure your password slows down these attacks as much as
possible because if it takes too long for the breach to be worthwhile, most
hackers will give up and move on.

Here are a few ways you can create strong passwords against brute attacks, such
as:

o Use an advanced username and password: Protect yourself with

stronger credentials than admi and password to keep out these attackers.
The stronger this combination is, the harder it will be for anyone to
penetrate it.
o Use a password manager. Installing a password manager automates
creating and keeping track of your online login info. These allow you to
access all your accounts by first logging into the password manager. You
can then create extremely long and complex passwords for all the sites
you visit, store them safely, and you only have to remember the one
primary password.
o Stay away from frequently used passwords. It’s important to avoid the
most common passwords and to change them frequently.
 Phishing Attacks

Phishing attacks are a type of cyber-attack where an attacker sends a fake

message, email, or link that appears to be from a legitimate source, aiming to
trick victims into revealing sensitive information or installing malware.

The most common examples of phishing are used to support other malicious
actions, such as on-path attack and cross-site scripting attacks

i. on-path attack
 On-path attackers place themselves between two devices (often a web
browser and a web server) and intercept or modify communications between the
two. The attackers can then collect information as well as impersonate either of
the two agents. In addition to websites, these attacks can target email
communications, DNS lookups, and public WiFi networks.

You can think of an on-path attacker like a rogue postal worker who sits
in a post office and intercepts letters written between two people. This postal
worker can read private messages and even edit the contents of those letters
before passing them along to their intended recipients.
In a more modern example, an on-path attacker can sit between a user and
the website they want to visit, and collect their username and password. This
can be done by targeting the HTTP connection between the user and the
website; hijacking this connection lets an attacker act as a proxy, collecting and
modifying information being sent between the user and the site. Alternately the
attacker can steal a user’s cookies (small pieces of data created by a website and
stored on a user’s computer for identification and other purposes). These stolen
cookies can be used to hijack a user’s session, letting an attacker impersonate
that user on the site.

What is cross-site scripting?

Cross-site scripting (XSS) is an exploit where the attacker attaches code onto a legitimate
website that will execute when the victim loads the website. That malicious code can be
inserted in several ways. Most popularly, it is either added to the end of a url or posted
directly onto a page that displays user-generated content. In more technical terms, cross-site
scripting is a client-side code injection attack.

1. Email Phishing:
 - An email claiming to be from a bank, asking you to click a link to update
your
account information.
- The link leads to a fake website that steals your login credentials.

https://www.baeldung.com/cs/cryptography-known-plaintext-attack-vs-chosen-plaintext-
attack