Abstract
As a result of quick transformation to digitalization for providing the employees teleworking/home office services with the capabilities to access company resources from outside the company over Internet using remote desktop and virtual private network (VPN) applications and the increase in digital activity during COVID-19 such as the usage of audio/video conferencing applications, many businesses have been victims of cyber attacks. This paper investigates whether there was an increase in the frequency of cyber attacks during COVID-19. It also identifies the motivations for such attacks in light of software/hardware/system vulnerabilities. Following this research, we also categorize vulnerabilities and develop a taxonomy. Such a taxonomy helped to identify the type of attacks on their frequency and their impact. To do that, we developed a research methodology to collect attack and vulnerability information from the selected databases. Using relevant key words, we developed the taxonomy that led us to create insightful information to answer the research questions that are thoroughly analyzed and presented accordingly. This work also recommended a list of mitigation measures that can be considered in the future to prepare the industry for a similar pandemic including establishing and maintaining a Information Security Management System (ISMS) by following relevant standards (ISO/SAE 2700x, BSI-Standards 200-x, SMEs: CISIS12®).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Al Asif, M.R., et al.: Stride-based cyber security threat modeling for IoT-enabled precision agriculture systems. In: 2021 3rd International Conference on STI 4.0, pp. 1–6. IEEE (2021)
Bejarano, M.H., et al.: Cybersecurity and business continuity in pandemic times. Ann. Roman. Soc. Cell Biol. 25(6), 7280–7289 (2021)
Bozzetti, M.R., et al.: Cybersecurity impacts of the COVID-19 pandemic in Italy. In: 5th Italian Conference on Cybersecurity, ITASEC 2021, pp. 145–155 (2021)
BSI (2022). Standards, Training, Testing, Assessment and Certification | BSI. Accessed 15 Sep 2022
Cimpanu, C.: Microsoft says three APTs have targeted seven COVID-19 vaccine makers (2020). https://www.zdnet.com/article/microsoft-says-three-apts-have-targeted-seven-covid-19-vaccine-makers/. Accessed 24 Feb 2022
Hasan, K.F., et al.: Cognitive internet of vehicles: motivation, layered architecture and security issues. In: 2019 International Conference on STI 4.0, pp. 1–6. IEEE (2019)
Hasan, K.F., et al.: Security, privacy, and trust of emerging intelligent transportation: cognitive internet of vehicles. In Next-Generation Enterprise Security and Governance, pp. 193–226. CRC Press (2022)
Hejase, H.J., et al.: Cyber security amid COVID-19. Comput. Inf. Sci. 14(2), 1–10 (2021)
ISO (2022). ISO - International Organization for Standardization. Accessed 15 Sep 2022
ISO 20252:2019(en): Market, opinion and social research, including insights and data analytics — Vocabulary and service requirements. Standard, International Organization for Standardization, Geneva, CH (2019)
ISO/IEC 2382:2015(en): Information technology — Vocabulary.Standard, International Organization for Standardization, Geneva, CH (2015)
ISO/IEC 27032:2012(en): Information technology — Security techniques — Guidelines for cybersecurity. Standard, International Organization for Standardization, Geneva, CH (2012)
ISO/IEC 27033-3:2010(en): Information technology — Security techniques — Network security — Part 3: Reference networking scenarios — Threats, design techniques and control issues. Standard, International Organization for Standardization, Geneva, CH (2010)
ISO/IEC 29115:2013(en): Information technology — Security techniques — Entity authentication assurance framework. Standard, International Organization for Standardization, Geneva, CH (2013)
ISO/IEC TS 19249:2017(en): Information technology — Security techniques — Catalogue of architectural and design principles for secure products, systems and applications. Standard, International Organization for Standardization, Geneva, CH (2017)
ISO/IEC TS 27100:2020(en): Information technology — Cybersecurity — Overview and concepts. Standard, International Organization for Standardization, Geneva, CH (2020)
ISO/TR 14873:2013(en): Information and documentation — Statistics and quality issues for web archiving. Standard, International Organization for Standardization, Geneva, CH (2013)
ISO/TR 22100-4:2018(en): Safety of machinery — Relationship with ISO 12100 — Part 4: Guidance to machinery manufacturers for consideration of related IT-security (cyber security) aspects. Standard, International Organization for Standardization, Geneva, CH (2018)
Lallie, H.S., et al.: Cyber security in the age of COVID-19: a timeline and analysis of cyber-crime and cyber-attacks during the pandemic. Comput. Secur. 105, 102248 (2021)
Na, S., Kim, T., Kim, H.: A study on the classification of common vulnerabilities and exposures using Naïve Bayes. In: BWCCA 2016. LNDECT, vol. 2, pp. 657–662. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-49106-6_65
NIST (2022). National Institute of Standards and Technology. Accessed 15 Sep 2022
NIST 1800–25: Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events. NIST special publication 1800–25, National Institute of Standards and Technology, US (2020)
NIST 800–101: Guidelines on Mobile Device Forensics. NIST special publication 800–101, National Institute of Standards and Technology, US (2014)
NIST 800–133. Recommendation for Cryptographic Key Generation. NIST special publication 800–133, National Institute of Standards and Technology, US (2020)
NIST 800–39: Information Security, Managing Information Security Risk Organization, Mission, and Information System View. NIST special publication 800–39, National Institute of Standards and Technology, US (2011)
NIST 800–53: Security and Privacy Controls for Information Systems and Organizations. NIST special publication 800–53, National Institute of Standards and Technology, US (2020)
NIST 800–59: Guideline for Identifying an Information System as a National Security System. NIST special publication 800–59, National Institute of Standards and Technology, US (2003)
NIST 800–82: Guide to Industrial Control Systems (ICS) Security. NIST special publication 800–82, National Institute of Standards and Technology, US (2013)
NISTIR 8053: De-Identification of Personal Information. NIST internal report 8053, National Institute of Standards and Technology, US (2015)
Pranggono, B., Arabo, A.: COVID-19 pandemic cybersecurity issues. Internet Technol. Lett. 4(2), e247 (2021)
Ramadan, R.A., et al.: Cybersecurity and countermeasures at the time of pandemic. J. Adv. Transp. 2021, 1–9 (2021)
SECURE LIST: COVID-19: Examining the threat landscape a year later (2021). https://securelist.com/covid-19-examining-the-threat-landscape-a-year-later/101154//. Accessed 24 Feb 2022
SWI: Jump in cyber attacks during COVID-19 confinement (2020)
Talukder, M.A., et al.: A dependable hybrid machine learning model for network intrusion detection. JISA 72, 103405 (2023)
Weil, T., Murugesan, S.: It risk and resilience-cybersecurity response to COVID-19. IT Prof. 22(3), 4–10 (2020)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Mim, S.A., Rahman, R., Asif, M.R.A., Hasan, K.F., Khondoker, R. (2023). Cybersecurity Attacks and Vulnerabilities During COVID-19. In: Barolli, L. (eds) Advanced Information Networking and Applications. AINA 2023. Lecture Notes in Networks and Systems, vol 655. Springer, Cham. https://doi.org/10.1007/978-3-031-28694-0_50
Download citation
DOI: https://doi.org/10.1007/978-3-031-28694-0_50
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-28693-3
Online ISBN: 978-3-031-28694-0
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)