While people across the world are struggling to keep safe from the Novel
Coronavirus in this post-COVID-19 era, cybercriminals have an absolutely
different outlook. The COVID-19 crisis is endangering millions of human lives
and severely crippling economies of nations worldwide and amid all this
commotion, cybercriminals are looking for monetary incentives to get richer by
all wrong means. According to a study by IBM X-Force, there has been a
4,300% upsurge in coronavirus-oriented digital spamming attacks which are
Since the majority of educational institutions, businesses, and other
professional organizations have switched to digital pedagogies, thereby
endorsing the work-from-home model, technology is ironically our best friend as
well as the worst enemy in this global pandemic. COVID-19 has coerced
schools/universities to conduct online classes and examinations to ensure a
coherent administration, employees in both public and private sectors are
encouraged to resort to digitized channels and virtual workspaces for mutual
co-ordination, and even healthcare institutions across the globe have adopted
digital canons to facilitate remote counseling and diagnostic services.
Among all these noble ingenuities which demonstrate the resilience and sheer
determination of human beings to come through this pandemic, cybercrimes are at
their zenith. The following article aims to determine some of the major
technological pitfalls and the varieties of cyber-crimes that are extremely
prevalent in this pandemic. The latter half of the article deals with
suggestions for the road ahead and how to safeguard ourselves from becoming a
potential victim of cyber-crime.
Assessing The Threat At Hand:
While Coronavirus usually spreads to a couple or a few more people without
adequate social-distancing measures, digital viruses have a far more
influential domain of infection. The 2003 Slammer/Sapphire worm, proclaimed to
be one of the fastest internet worms in history, doubled in size approximately
every 8.5 seconds, scattering to over 75,000 infected devices in under 10
minutes and 10.8 million devices in a single day. Therefore, there is barely
any rivalry between the potential of the corporeal Coronavirus and its cyber
Now, if we try to equalize the economic impact of the nationwide lockdowns which
were enforced in most of the major nations all around the world, with an
imaginary global cyber-lockdown, the assessed economic impact is catastrophic to
comprehend. The COST (Cost of Shutdown Tool) calculator
by NetBlocks.org evaluates that if the world imposed one day of a total
shutdown of internet services, it would account for a loss of more than $50
billion. A single-day of cyber lockdown imposed in India would estimate losses
Therefore, it is apparent enough that shutting down internet services is futile
to safeguard ourselves from cyber threats and such measures would summon more
harm than good.
Types Of Potential Cyber-Attacks To Watch Out For:
Malware Attacks:Malware based attacks are growing extensively popular in this pandemic. Such
attacks maliciously infect our devices without our knowledge and the malware
installed thereby might steal our sensitive information or any vital log-in
credentials. Popular malware applications include coronavirus tracking/mapping
applications which might spy on us through the microphone and cameras of our
mobile devices and they possess several other surveillance features under
Section 43 of the Information Technology Act, 2000, hereinafter referred to as
the “IT Act” inter alia, criminalizes the offence of accessing a computer
system/network without the prior approval of its owner. Any act of mining data
or causing interruptions in the regular functioning of the system imposes a
compensatory fine on such offenders. Section 43 of the IT Act provides for the
main substructure dealing with unauthorized hacking attempts as well as other
Phishing Attacks:Phishing attacks or counterfeit e-mail attacks are one of the easiest yet
fruitful cyber-attacks to execute. Phishing attacks are among the favorite forms
of cyber-attacks of amateur cybercriminals because they appear legitimate to a
majority of end-users who lack any technical expertise and they possess the
potential of making easy-money with the least exertion. A popular example of
prevalent phishing attacks these days is receiving e-mails from a person who
claims to be a WHO official who requests the receiver to visit some URL in order
to know more about the virus or to answer a survey. This might look harmless at
first blush but such emails or even URLs might contain sophisticated
multi-layered payload viruses viz. Trojan: Win32, which might infect the
Phishing attacks are generally prosecuted under Section 66C of the IT Act which
provides that a person is liable for being punished into incarceration up to 3
years along with a monetary fine extending up to one lakh rupees, in case he
fraudulently or dishonestly attempts to make use of the electronic
signature/password/digital signature or any other miscellaneous provision
concerning the identification purposes of another individual.
Furthermore, Section 74 enunciates a penalty of imprisonment up to 2 years with
a fine up to one lakh rupees in case of fabricating a forged Electronic
Text Message (SMS) Attacks:SMS attacks are similar to E-mail based phishing attacks with the key
distinction being that in these attacks, the adversaries try to trick their
victims to click a URL or donate to an agency by texting them from a temporary
digital service provider on their mobile device. Since some users click on the
links erroneously mistaking the adversaries to be genuine authorities, their
private data or log-in credentials are quite perceptible to be compromised.
Section 66D of the IT Act articulates the offence of using a computer resource
(inclusive of mobile phones, tablets, laptops, etc.) for cheating by
impersonation. Such offences are punished with imprisonment up to 3 years along
with a fine extending up to one lakh rupees.
Fraudulent Mobile-based Applications:A lot of fraudulent applications are being continually released on mobile
application markets by Cyber fraudsters which include both iOS and Android
platforms. Users might be tempted to install such applications because of some
free perks associated with an installation such as complimentary masks, PPE
kits, cashback offers, etc. These proxy applications from third-party developers
who claim to be authentic WHO/Central Government authorities efficaciously con
the users by delivering malevolent malware in the background post-installation
and the majority of users remain ignorant to remove or uninstall such
applications being conversant with their fallouts. Robust malware programs are
susceptible to persist in the mobile's operating system even if, the mother
application via which it was delivered is uninstalled.
On June 29, 2020, taking into account the conceivable threats to national
security and sovereignty, the IT Ministry under the Government of India invoked
its power under Section 69A of the IT Act, 2000 read with the relevant
provisions of the Information Technology (Procedure and Safeguards for Blocking
of Access of Information by Public) Rules, 2009, to ban 59 Chinese applications
including some widely popular ones viz. TikTok, WeChat, Cam Scanner, Xender, Shein, Club Factory, Clash
Unified Payment Interface (UPI)/Donation Scams:UPI is an instantaneous real-time payment system which assists the user to
instantly transfer funds between two bank accounts through a mobile device. Some
of the popular UPI-based payment platforms in India include PhonePe, Google
Pay, BHIM UPI, Paytm UPI among others. Opportunist cybercriminals have turned
adversity into pecuniary prospects in this pandemic by creating a surfeit of
identical fake UPI IDs representing governmental charity accounts like PMO Care
Funds, WHO Global Relief Fund, PM-Care Fund, etc. Apparently, half a dozen
identical websites were created similar to PM Cares Fund established by PM
Narendra Modi in a matter of a few hours as soon as the initiative was publicly
Section66D of the IT Act, 200 could be read in synchronicity with Section 419 of
the Indian Penal Code, 1860, which provides for superficial instances of
cheating by impersonation. On account of the Sony.Sambandh.com case (Arif Azim
2003), the accused was convicted u/s 419 of the Indian Penal Code
read with Section 66D of the IT Act, for deceitfully stealing the credit card
details of an American national citizen and using it to order Sony products from
a website operated by Sony India Pvt. Ltd. to exclusively enable non-residential
Indian citizens to gift Sony products to their friends or family members.
While these attacks are barely a drop in the ocean in the realm of budding
cyber-crimes, these attacks are predominant in frequency and inclined towards
single-individuals to possibly encounter. However, to be cognizant and keep safe
from the various other forms of cybercrime and cyber offences which could target
small/large scale businesses or other established enterprises, we must always
keep up with the recent developments in the field of cybersecurity so as to be
conversant with its perilous fallouts.
Steps To Stay Digitally Uninfected:
Below are some recommended security measures via which we can ensure that we
remain aloof from any cyber vulnerabilities which might sneak into our devices.
Refrain from clicking any suspicious URL or hyperlink unless you are absolutely
positive that it's trustworthy or from a credible origin.
Double-check the email-ID/phone number to affirm the true identity of the sender
even if he/she happens to be someone close or a professional acquaintance.
Use different passwords for different websites, especially for banking and
financial applications/services, and ensure that the passwords are a homogenous
combination of alphabets, numbers, and special characters.
In light of the above note, please do not share your passwords with any near or
dear ones irrespective of the intimacy in your interpersonal association.
Use password manager applications like LastPass, 1Password, Dashlane, etc. to
help store and auto-fill multiple encrypted passwords for all different services
you might use.
Use two-factor authentication (2FA) features for all services which support the
service to receive an additional OTP confirmation on your mobile device. Even in
case, your password gets compromised, it's unlikely that your phone will be in
the possession of the hacker. Services that support 2FA include Gmail, Instagram,
and many more.
Avoid using unprotected public Wi-Fi networks where possible and if the
circumstances are inevitable, make sure to use a virtual private network (VPN)
application before connecting to the network. A VPN encrypts the network
connection of our devices to the public routers ensuring that no data
accidentally/fraudulently leaks during transfer. Most mobile manufacturing
companies like Samsung & OnePlus provide pre-installed VPN services.
Invest in a reliable antivirus software program that provides additional
security for your device(s) and detect any abnormal anomalies which might be
present in your device.
Never donate to counterfeit charity/donation drives without ensuring that your
hard-earned money is falling into the right hands. Moreover, ensure that you
never share your OTPs, UPI MPINs, card details, with any person even if he
claims to be a genuine representative of the bank/company.
Regularly update your device software as well as your antivirus application
whenever fresh updates are released, this ensures that your device is efficient
in combatting any recently fabricated vulnerabilities which might have recently
Whenever you are skeptical about the legitimacy of a website or
webpage which typically requires user log-in, confirm by clicking on the URL bar
of the browser that the 'HTTPS' prefix appears before the domain name (website).
HTTPS is a secure transfer terminal that enciphers any sensitive user data in
contrast to the regular HTTP protocol. Additionally, there appears a “lock”
on the URL bar which signifies whether the website is SSL/TLS certified. You can
validate the legitimacy of a webpage by confirming that it owns a valid SSL/TLS
certificate which reassures the identity of its certifying authority as well as
data encryption standards.
Post Covid-19 Challenges For Cyber Security:
Since the threat of COVID-19 is expectantly ephemeral, it will positively
collapse someday. But this will again obscure the landscape for the IT as well
as cybersecurity personnel as they have proactively toiled themselves to adapt
to this pristine way of life in quarantine. Bearing the aftermath in our minds
is crucial in order to envision policies and regulations to deal with the
coronavirus-free world, which seems sanguinely pleasing to the ears in the
present ill-fated circumstances.
While there is a lot of ambiguity and conjectures pertaining to the future, an
article by Tata Consultancy Services (India) cogently identifies six definite
- Many organizations will switch to new operating models to facilitate articulate
framework along with access scrutiny to permit the previous shift systems.
- All major companies will have to reestablish rigorous security measures to
certify there are no violators to minimize potential criminal infringement
- Upcoming cyber risks will be critically assessed to foresee any forthcoming
digital disasters during the retrieval period.
- Reassessment of corporate IT security architecture – access/support mechanism,
risk/context-based security authentication measures, etc.
- Policies to sanction remote access and carrying our personal devices will be
- Deployment of advanced technological utilities such as big data, artificial
intelligence, machine learning, internet of things, etc. in order to simplify
manual labor by developing automated comprehensive technologies to allow plans
for dynamic scalability and simultaneous resolution delivery with the foresight
of any probable calamity like COVID-19 in the future.
The future beholds a newfound horizon for cybersecurity and with more employees
working remotely in the future, the demand for remote workforces will rise
Recommendations For The Road Ahead & The Verdict:
Although it might be extremely arduous to adapt to this unanticipated lifestyle
amid this pandemic, we must not overlook a few cooperative policies which we
could implement in our vocational infrastructure to tackle the ongoing scenario.
A few idealistic standards which we could incorporate are enumerated below:
For Employees Working Remotely:
For Healthcare Institutions:
- Avoidance of physical presence of employees in office unless utterly necessary.
Preference to those employees must be given who live in proximity to the office
if work cannot be executed from home.
- Fabricating a robust digital infrastructure with baselines of digital security
- Digital sanitization of information and databases to ensure data confidentiality
- Deployment of reliable configuration standards for processing complex
- User distribution to help segregate the work effectively
- Establishing a digital grievance redressal committee to help employees facing
issues in network, hardware, or software configurations
For Educational Institutions:
- Informing patients about the nature of the personal data collected for examining
their medical history
- Mandating prior consent of the patient, or their family in case the patient
isn't sentient before utilizing any sensitive record or information
- Formulating both intrinsic as well as extrinsic regulations for reinforcing
- Ensuring transparency in the usage of data and certifying that such policies are
in harmony with the appropriate legal directives
- Deletion of redundant data once it is rendered unnecessary and of no future use
- Conducting online/virtual examinations as well as classes until the situation is
deemed fit to reinstate physical attendance
- Implementing measures in light of academic integrity such as plagiarism checks,
paraphrasing tools, etc. to minimize any potential occurrences of dishonest or
unfair means during the conduction of online-based examinations
- Educators shall refrain from sharing or presenting any sensitive information to
the students during online classes and they shall conduct such classes only on
credible and secure digital learning platforms.
- Educational institutions must promote online payment methods to enable the
students to pay their respective fees without the trouble of physically
disbursing cash. It shall be the responsibility of the institutions to ensure an
encrypted payment platform that facilitates all forms of modern-day payment
- The IT department of all educational institutions capable of imparting virtual
education shall formulate consistent and user-friendly workarounds to help
teachers as well as students to learn in a safe, secure, and tranquil
- Educators shall promote the significance of digital awareness and cybersecurity
among the young students and inform them about the cautionary dos and don'ts of
the Internet in order to secure their digital footprint.
Since COVID-19 is followed by the worst economic crises in recent history, a lot
of people had to, unfortunately, lose their jobs or were victims of severe
pay-cuts. Therefore, students who are not in a financial position to pay off
their academic fees must not be obligated or compelled by the authorities to
pay, instead, they shall be provided financial aid by the institutions until the
looming contagion meet its fate. A few flexible EMI strategies could be
envisaged to simplify the fiscal burden.
Nevertheless, no unnecessary fee apart from tuition fees (and any other
mandatory fees) shall be acquired during the pandemic since the institutions are
correspondingly saving their resources such as electricity bills, maintenance
charges, etc. Likewise, teachers of extra-curricular subjects such as physical
education, arts, music, et al. must not be terminated from their jobs simply
because their presence is not essential in digital learning.
conception might not be immensely beneficial from the standpoint of cybersecurity, no policy shall prevail over the fundamental values of humanity
which are enshrined in the crux of our Constitution.
For Police Officials and Other Law Enforcement Agencies:
- Adherence to all safe hygiene practices and medical advisories curated by the
Ministry of Health & Family Welfare (MoHFW) must be duly followed by the
- Sanitization protocols of accessories as well as vehicles must be stringently
- Precautionary safeguards while arrest and detention of individuals must be
acquiescent with the stipulated social-distancing norms.
- Forensic inspectors handling digital devices must take due care while examining
electronic devices that were in prior possession of the accused.
- Substituting physical meetings and roll calls with virtual meetings wherever
- Backing up any important information on secure digital servers with the aid of
cloud computing technologies
- Eliminating all possible vulnerabilities from their digital infrastructure
- All law enforcement officials must be trained in basic technical expertise so
that they are aware of their cyber safety on the Internet.
- A dedicated cybersecurity task force must be formed in every state of the nation
to battle the uprising cybercrimes amid the ensuing pandemic.
- Lastly, the government must take immediate cognizance of the outdated and
underprivileged cyber administration in most jurisdictions and extend financial
as well as logistical support to the police departments.
In a nutshell, we might surmise that COVID-19 will indeed change our perspective
forever towards the way we used to live by previously. With totally distinct
ways of living, hygiene practices, social-distancing measures, and a transformed
viewpoint about the futility of our previous administrative practices, the fight
against the Novel Coronavirus is much more than its cybersecurity oriented
insinuations, instead, it's the fight for collective survival as a species
irrespective of any prejudicing bias such as caste, color, creed, race, or sex.
To sum up in the optimistic words of Hellen Keller, “Although the world is full
of suffering, it is also full of the overcoming of it.”
- Wendi Whitmore & Gerald Parham, COVID-19 cyberwar: How to protect your
business, IBM (2020), https://www.ibm.com/downloads/cas/Y5QGA7VZ.
- Bill Chappell, Coronavirus: New York Infection Rate is 'Doubling About
Every 3 Days,' Cuomo Says, NPR (Mar. 24, 2020), https://www.npr.org/sections/coronavirus-live-updates/2020/03/24/820891370/coronavirus-n-y-infection-rate-is-doubling-about-every-3-days-cuomo-says?t=1588350179004.
- Nicholas Davis & Algirde Pipikaite, What the COVID-19 pandemic teaches
us about cybersecurity – and how to prepare for the inevitable global
cyberattack, World Economic Forum (Jun. 01, 2020), https://www.weforum.org/agenda/2020/06/covid-19-pandemic-teaches-us-about-cybersecurity-cyberattack-cyber-pandemic-risk-virus/.
- Cost of Shutdown Tool (COST), Netblocks.org with Internet Society, (last
accessed Jul. 07, 2020, 10:55 PM), https://netblocks.org/cost/.
- Thomas Brewster, Coronavirus Scam Alert: COVID-19 Map Malware Can Spy On
You Through Your Android Microphone And Camera, Forbes (Mar. 18,
- Yuthika Bhargava, Government bans 59 apps including China-based TikTok,
WeChat, The Hindu (Jun. 29, 2020),https://www.thehindu.com/news/national/govt-bans-59-apps-including-tiktok-wechat/article31947445.ece.
- Tech Desk, Fraudsters using fake PM CARES FUND links to dupe people;
don't fall for it, The Indian Express (Apr. 05,
- Talwant Singh, Cyber Law & Information Technology 12, Addl. District &
Sessions Judge, Delhi (last accessed Jul. 12, 2020, 09:45 PM), https://delhidistrictcourts.nic.in/ejournals/CYBER%20LAW.pdf.
- See: Bojana Dobran, 17 Types of Cyber Attacks to Secure Your Company
From in 2020, Phoenix NAP Global IT Services (Feb. 21, 2019), https://phoenixnap.com/blog/cyber-security-attack-types; See
also: Resource Guide for Cybersecurity During the COVID-19 Pandemic, Center
for Internet Security – CIS (Apr. 20, 2020), https://www.cisecurity.org/blog/resource-guide-for-cybersecurity-during-the-covid-19-pandemic/.
- Natt Garun, How to set up two-factor authentication on all your online
accounts – An extra step of security never hurt anybody, The Verge (Mar. 27,
- Prashant Deo et al., How Covid-19 is Dramatically Changing Cybersecurity,
Tata Consultancy Services (2020), https://www.tcs.com/perspectives/articles/how-covid-19-is-dramatically-changing-cybersecurity.
- Hellen Keller Quotes, BrainyQuote.com, BrainyMedia Inc. (last
accessed Jul. 06, 2020, 11:11 AM), https://www.brainyquote.com/quotes/helen_keller_109208.