The effects of Coronavirus disease at a global level led the years 2020, 2021, and 2022. This global pandemic caused millions of organizations to shift to online workspaces to curb the rising numbers of contaminations. In doing this rapid change from physical to digital spaces, organizations were not adequately prepared for the aftermath. This included more sophisticated phishing attacks, directed scams, and taking advantage of poorly executed processes for the product supply chain. In this chapter, the authors will cover the events and the aftermath of security threats focusing on the onset of the pandemic.
TopSocial Engineering And Covid-19
The implementation of social distancing helped control the pandemic and increased the risk of cybersecurity attacks that take advantage of the human element. The FBI’s Internet Crime Complaint Center (IC3) is reported to have received 1,200 complaints related to COVID-19 scams (Abukari & Bankas, 2020). There has been an increase in the use of phishing campaigns, DOS attacks, fake news portals, and applications to deceive individuals and organizations by cyber actors (Abukari & Bankas, 2020). The number of cyber attacks affecting individuals has increased by approximately 41% compared to 4% of crimes against organizations (Buil-Gil et al., 2020). This is mainly because businesses closed temporarily during the lockdown, and individuals spent more time online.
The majority of the attacks were through socio-technical approaches via emails, websites, and mobile apps (Hijji & Alam, 2021). Various mobile applications were created to help disseminate corona updates. However, some applications were developed with malicious intent, such as CovidLock (Khan, Brohi, and Zaman, 2020). CovidLock locks out individuals and demands USD100 in bitcoins within 48 hours (Khan, Brohi, and Zaman, 2020). Also, an application called SMSTrojan was developed to exploit users during the pandemic (Khan, Brohi, and Zaman, 2020). A fake COVID-19 information app alleged to be from WHO was also created to steal browser cookies, passwords, browser history, and transaction information (GoldSparrow, 2020).
Nefarious agents have been taking advantage of techniques that incorporate the concepts of reciprocity, obligation, concession, scarcity, authority, consistency and commitment, liking, social proof, or any combination of these concepts (Hadnagy et al.). In the onset of the pandemic it was expected that future attacks that companies and civilians can potentially face would include websites that provide health practices for COVID-19, phone calls that suggest a family member is hospitalized, or text messages that include links leading to cures for an ill person. Information Technology is considered one of the 16 critical infrastructure sectors identified by the Department of Homeland Security (Cybersecurity and Infrastructure Security Agency). The Presidential Policy Directive 21 identifies the areas whose elements’ security is a priority to avoid a massive catastrophic impact on security, national economic security, national public health or safety, and any combination of these (Cybersecurity and Infrastructure Security Agency).