Skip to main content
SpringerLink
Log in

Cybersecurity Attacks and Vulnerabilities During COVID-19

  • Conference paper
  • First Online:
Book cover Advanced Information Networking and Applications (AINA 2023)

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 655))

  • 629 Accesses

Abstract

As a result of quick transformation to digitalization for providing the employees teleworking/home office services with the capabilities to access company resources from outside the company over Internet using remote desktop and virtual private network (VPN) applications and the increase in digital activity during COVID-19 such as the usage of audio/video conferencing applications, many businesses have been victims of cyber attacks. This paper investigates whether there was an increase in the frequency of cyber attacks during COVID-19. It also identifies the motivations for such attacks in light of software/hardware/system vulnerabilities. Following this research, we also categorize vulnerabilities and develop a taxonomy. Such a taxonomy helped to identify the type of attacks on their frequency and their impact. To do that, we developed a research methodology to collect attack and vulnerability information from the selected databases. Using relevant key words, we developed the taxonomy that led us to create insightful information to answer the research questions that are thoroughly analyzed and presented accordingly. This work also recommended a list of mitigation measures that can be considered in the future to prepare the industry for a similar pandemic including establishing and maintaining a Information Security Management System (ISMS) by following relevant standards (ISO/SAE 2700x, BSI-Standards 200-x, SMEs: CISIS12®).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 229.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 299.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Al Asif, M.R., et al.: Stride-based cyber security threat modeling for IoT-enabled precision agriculture systems. In: 2021 3rd International Conference on STI 4.0, pp. 1–6. IEEE (2021)

    Google Scholar 

  2. Bejarano, M.H., et al.: Cybersecurity and business continuity in pandemic times. Ann. Roman. Soc. Cell Biol. 25(6), 7280–7289 (2021)

    Google Scholar 

  3. Bozzetti, M.R., et al.: Cybersecurity impacts of the COVID-19 pandemic in Italy. In: 5th Italian Conference on Cybersecurity, ITASEC 2021, pp. 145–155 (2021)

    Google Scholar 

  4. BSI (2022). Standards, Training, Testing, Assessment and Certification | BSI. Accessed 15 Sep 2022

    Google Scholar 

  5. Cimpanu, C.: Microsoft says three APTs have targeted seven COVID-19 vaccine makers (2020). https://www.zdnet.com/article/microsoft-says-three-apts-have-targeted-seven-covid-19-vaccine-makers/. Accessed 24 Feb 2022

  6. Hasan, K.F., et al.: Cognitive internet of vehicles: motivation, layered architecture and security issues. In: 2019 International Conference on STI 4.0, pp. 1–6. IEEE (2019)

    Google Scholar 

  7. Hasan, K.F., et al.: Security, privacy, and trust of emerging intelligent transportation: cognitive internet of vehicles. In Next-Generation Enterprise Security and Governance, pp. 193–226. CRC Press (2022)

    Google Scholar 

  8. Hejase, H.J., et al.: Cyber security amid COVID-19. Comput. Inf. Sci. 14(2), 1–10 (2021)

    Google Scholar 

  9. ISO (2022). ISO - International Organization for Standardization. Accessed 15 Sep 2022

    Google Scholar 

  10. ISO 20252:2019(en): Market, opinion and social research, including insights and data analytics — Vocabulary and service requirements. Standard, International Organization for Standardization, Geneva, CH (2019)

    Google Scholar 

  11. ISO/IEC 2382:2015(en): Information technology — Vocabulary.Standard, International Organization for Standardization, Geneva, CH (2015)

    Google Scholar 

  12. ISO/IEC 27032:2012(en): Information technology — Security techniques — Guidelines for cybersecurity. Standard, International Organization for Standardization, Geneva, CH (2012)

    Google Scholar 

  13. ISO/IEC 27033-3:2010(en): Information technology — Security techniques — Network security — Part 3: Reference networking scenarios — Threats, design techniques and control issues. Standard, International Organization for Standardization, Geneva, CH (2010)

    Google Scholar 

  14. ISO/IEC 29115:2013(en): Information technology — Security techniques — Entity authentication assurance framework. Standard, International Organization for Standardization, Geneva, CH (2013)

    Google Scholar 

  15. ISO/IEC TS 19249:2017(en): Information technology — Security techniques — Catalogue of architectural and design principles for secure products, systems and applications. Standard, International Organization for Standardization, Geneva, CH (2017)

    Google Scholar 

  16. ISO/IEC TS 27100:2020(en): Information technology — Cybersecurity — Overview and concepts. Standard, International Organization for Standardization, Geneva, CH (2020)

    Google Scholar 

  17. ISO/TR 14873:2013(en): Information and documentation — Statistics and quality issues for web archiving. Standard, International Organization for Standardization, Geneva, CH (2013)

    Google Scholar 

  18. ISO/TR 22100-4:2018(en): Safety of machinery — Relationship with ISO 12100 — Part 4: Guidance to machinery manufacturers for consideration of related IT-security (cyber security) aspects. Standard, International Organization for Standardization, Geneva, CH (2018)

    Google Scholar 

  19. Lallie, H.S., et al.: Cyber security in the age of COVID-19: a timeline and analysis of cyber-crime and cyber-attacks during the pandemic. Comput. Secur. 105, 102248 (2021)

    Article  Google Scholar 

  20. Na, S., Kim, T., Kim, H.: A study on the classification of common vulnerabilities and exposures using Naïve Bayes. In: BWCCA 2016. LNDECT, vol. 2, pp. 657–662. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-49106-6_65

    Chapter  Google Scholar 

  21. NIST (2022). National Institute of Standards and Technology. Accessed 15 Sep 2022

    Google Scholar 

  22. NIST 1800–25: Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events. NIST special publication 1800–25, National Institute of Standards and Technology, US (2020)

    Google Scholar 

  23. NIST 800–101: Guidelines on Mobile Device Forensics. NIST special publication 800–101, National Institute of Standards and Technology, US (2014)

    Google Scholar 

  24. NIST 800–133. Recommendation for Cryptographic Key Generation. NIST special publication 800–133, National Institute of Standards and Technology, US (2020)

    Google Scholar 

  25. NIST 800–39: Information Security, Managing Information Security Risk Organization, Mission, and Information System View. NIST special publication 800–39, National Institute of Standards and Technology, US (2011)

    Google Scholar 

  26. NIST 800–53: Security and Privacy Controls for Information Systems and Organizations. NIST special publication 800–53, National Institute of Standards and Technology, US (2020)

    Google Scholar 

  27. NIST 800–59: Guideline for Identifying an Information System as a National Security System. NIST special publication 800–59, National Institute of Standards and Technology, US (2003)

    Google Scholar 

  28. NIST 800–82: Guide to Industrial Control Systems (ICS) Security. NIST special publication 800–82, National Institute of Standards and Technology, US (2013)

    Google Scholar 

  29. NISTIR 8053: De-Identification of Personal Information. NIST internal report 8053, National Institute of Standards and Technology, US (2015)

    Google Scholar 

  30. Pranggono, B., Arabo, A.: COVID-19 pandemic cybersecurity issues. Internet Technol. Lett. 4(2), e247 (2021)

    Article  Google Scholar 

  31. Ramadan, R.A., et al.: Cybersecurity and countermeasures at the time of pandemic. J. Adv. Transp. 2021, 1–9 (2021)

    Article  Google Scholar 

  32. SECURE LIST: COVID-19: Examining the threat landscape a year later (2021). https://securelist.com/covid-19-examining-the-threat-landscape-a-year-later/101154//. Accessed 24 Feb 2022

  33. SWI: Jump in cyber attacks during COVID-19 confinement (2020)

    Google Scholar 

  34. Talukder, M.A., et al.: A dependable hybrid machine learning model for network intrusion detection. JISA 72, 103405 (2023)

    Google Scholar 

  35. Weil, T., Murugesan, S.: It risk and resilience-cybersecurity response to COVID-19. IT Prof. 22(3), 4–10 (2020)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of CSE, Bangladesh University of Engineering and Technology, Dhaka, Bangladesh

    Sharmin Akter Mim

  2. IDLC Finance Limited, Dhaka, Bangladesh

    Roksana Rahman

  3. Department of CSE, University of Barishal, Barishal, Bangladesh

    Md. Rashid Al Asif

  4. Queensland University of Technology, Brisbane, Australia

    Khondokar Fida Hasan

  5. Department of Business Informatics, THM University of Applied Sciences, Friedberg, Germany

    Rahamatullah Khondoker

Authors
  1. Sharmin Akter Mim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Roksana Rahman
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Md. Rashid Al Asif
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Khondokar Fida Hasan
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Rahamatullah Khondoker
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sharmin Akter Mim .

Editor information

Editors and Affiliations

  1. Department of Information and Communication Engineering, Faculty of Information Engineering, Fukuoka Institute of Technology, Fukuoka, Japan

    Leonard Barolli

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Mim, S.A., Rahman, R., Asif, M.R.A., Hasan, K.F., Khondoker, R. (2023). Cybersecurity Attacks and Vulnerabilities During COVID-19. In: Barolli, L. (eds) Advanced Information Networking and Applications. AINA 2023. Lecture Notes in Networks and Systems, vol 655. Springer, Cham. https://doi.org/10.1007/978-3-031-28694-0_50

Download citation

Publish with us

Policies and ethics

Search

Navigation