Cybersecurity Issues and Challenges during Covid- 19 Pandemic

The world is currently experiencing COVID-19, one of the worst pandemics that have happened in this century, affecting 10.7 million people worldwide. It has caused massive growth in the number of employees working from home. However, employees have minimal cybersecurity resources unlike organizations with security teams protecting them against attacks. Hence, cybersecurity plays an important role as users can be easily targeted by cybercriminals. This paper examines how cyberattacks have increased during this pandemic and shows how greatly they have affected health organizations, individuals and social networking applications. Results of the attacks include data breaches, false announcements and operations being disrupted. Attacks occurring during this pandemic and how they were handled are also critically discussed. The existing contributions do touch on related attacks but do not provide in-depth solutions regarding the issues. Even though there are many works and findings that were done previously, technology is ever evolving. Therefore, we need to be well versed with current and future issues and provide the latest mechanisms to prevent cybersecurity threats from occurring. On our share, we intend to present our findings on the challenges being faced by the population and its increasing threats as well as presenting unique solutions that can help organizations or related persons understand or spread awareness on the importance of cybersecurity. Through the research performed in this paper, it is found that there are many ways these issues can be alleviated. However, the issue is that there is significant lack of action and investment in terms of actual implementation and application of the available solutions.


Real Attacks
In mid-March 2020, the Health and Human Services Department (HHS) in the U.S suffered the damage of the DDoS attack [7] [8] with the inaccuracy of the announcement to the pandemic. They experienced a suspicion of intrusion in the system and investigated the problem as soon as possible to help enhance the security and maintain the integrity of the data being spread. The attacker did not access any of the data, but these cyberattacks were being suspected when the organization suspected the attack in the system with the sudden swarm of views on their website that aimed to slow the system to the point of the system hitting and interruption and resulting in a server crash.
Another real attack that happened was a malware attack called "Zoom-bombing" involving Zoom, a video conferencing platform which its users grew from 10 million to 300 million during this pandemic. Morphisec Labs researchers discovered that Zoom enables attackers to record sessions and screenshot chats without notifying the participants, enabling them to spy on the sessions. Records show that over 500,000 accounts are available on the dark web in April 2020. Zoom has added features such as reporting a user, approval from the host before entering a meeting and passwords to enter meetings with AES 256 bits GCM encryption [9][10][11].
The next real attack was a data breach [12][13] that involves EasyJet, a Swiss budget airline. EasyJet admitted it was hacked and confirmed the attacker accessed customers' information in the airline's systems between October 2019 and March 2020. They notified the U.K. Information Commissioner's Office and the National Cyber Security Centre. This attack has caused 9 million customers' data and 2000 credit card details to be leaked. EasyJet contacted the customers involved and warned users to be careful of unsolicited communications in case of phishing emails. EasyJet will be fetching ￡18 billion compensation to its customers.
Unacademy [14], an online educational platform also admitted they suffered a data breach, involving around 11 million users. However, Cyble who discovered the Zoom attack, said that it has acquired the leaked database containing 21 million users' account details, including usernames, passwords and emails from the dark web on May 3. Accounts that are using corporate emails are also on the line if the users use the same passwords on their company network, allowing the attacker to have access to the company networks. Unacademy is currently doing a complete background check to provide a more detailing report to the users involved.
Lastly was the NetWalker [15] ransomware attack [16] against the Illinois Champaign-Urbana Public Health District (CUPHD) website on March 10. They discovered the attack while officials were delivering COVID-19 updates on the website. Email addresses and health records were unaffected although the system went down temporarily preventing employees from accessing certain files. CUPHD has restored the availability of its website and is currently working with the U.S. Department of Homeland Security, Kroll and FBI on the investigation.

Recent Cybersecurity Attacks
One of the recent attacks [17] that happened during this pandemic was a DDoS attack on March 22 which targeted the Paris Hospital Authority(AP-HP). DDOS attack happens when a large number of systems flood the targeted system with traffic, normally done by using a botnet. AP-HP is the largest hospital network currently in Europe, having almost 39 hospitals with a large number of coronavirus patients. AP-HP offers not only healthcare but also research, education and prevention. In the AP-HP case, it is said that the attack was to overwhelm hospital computers and eventually disrupt digital operations. The attack lasted for an hour, paralyzing internet access to several services. It was then curbed at the right time.
Another recent attack that occurred was a malware attack [18] with coronavirus themed Winlocker which locks users out of affected devices. Malware attack is where attackers intend to infect networks or devices through virtual delivery that can cause the altering of the computer systems. [19] In the recent attack, the machine will drop a number of files with a hidden folder named "COVID-19" and modify the windows registries when the coronavirus-themed malware is executed. It will then play a sound and a virus-themed window with a message saying "System is locked" will be displayed. The machine will after that automatically restarts and a password is required to unlock the system. Some attacks and threats that are particularly observed during the pandemic period are shown in Fig. 1.

Fig. 1
Famous attacks and threats in the COVID-19 [18] Phishing attacks happened recently as well where attackers use spam emails to lure the victims to provide them confidential information or to achieve their intended goals. As early as February 2020, attackers have been sending many coronavirus-related emails with malicious attachments to users. There are also attackers who deceive victims using domain spoofing by pretending to be people from the World Health Organization (WHO). They used the email coronavirusfund@who.org instead of the WHO official email that ends with "int" to trick the victims. Fig. 2 shows the rapid increase in malware and phishing websites visited by users during this pandemic. The next recent attack that happened during this pandemic was malicious apps. Most common malicious apps contain spyware that can record phone conversations, download other malware on the infected device, read location and other data stored in the device. Attackers are creating COVID-19 related apps and launching them in the Apple App Store and Android Play Store. Apple and Google can be seen removing some apps from the platform to reduce the number of victims of these malicious apps. During this pandemic, an android app that provides information about COVID-19 was launched. However, the app is filled with Android-targeting ransomware that is currently known as COVIDLock.
The ransomware apparently locks the victim's phone, asks the victim for $100 in bitcoin within 48 hours and threatens the victim that it will erase data such as contacts and media stored in the mobile device.
The last attack that happened recently was the ransomware attack, a type of malware [20][21] that holds the user's device hostage until a "ransom" fee is paid. Ransomware infects systems using attachments from emails, malicious links or by fooling employees whose credentials are compromised. Recently, a new ransomware called CoronaVirus was spread through a fake Wise Cleaner website. Victims who download the fake setup file (malware) will cause their sensitive data such as passwords and information from the system from getting stolen. A text file named CoronaVirus.txt with payment instructions inside is created in each affected directory in the device. CoronaVirus also encrypts files that are in the device. Upon encryption completion, the computer will restart automatically.

Literature Review
COVID-19 has changed the world in many different ways and has raised problems that we have to adapt to and strategize on solving them. The main problem that we will be focusing on is the cyberattacks that have been happening more often due to this pandemic. John C. [22] has performed research and reported that there was an increase in the phishing attack on websites that spiked by 250% because of the pandemic and a spike was observed in phishing sites by Google (Fig. 3). The increase in the percentage of the population has hit over 500 thousand people in total in March 2020. Hackers have made a profit out of selling fake drugs and medical tools that were said to cure the disease. There was an increase in the numbers of trafficking the products through these fraud websites that have lured individuals to buy items at a high price, such as hygiene items like facial masks, wet wipes, hand sanitizers and other products. Police even reported that there are cases that revolve around the health industry where attackers will impersonate them to gain funding saying it was to fund the health institutions. The risk has been drastically increasing as people started to adapt to the new norm of being indoor and staying safe, they should also be wary of the safety while being indoors since the only way of being part of the outside world now is through the source of the internet. Among all of the cybersecurity threats that have been occurring through the pandemic, phishing attacks have been the subcategories for which all the main threats have been identified and studied in [18]. These attacks have taken a huge toll on individuals ever since the outbreak began and the cases started to drastically increase as the days go on as announced on 31st January 2020. The spread of the disease has completely forced the people of the world to stay indoors for it will help decrease the rate of spreading from happening. But to stabilize or even maintain the economic status of business from being closed down or being damaged. It was important for them to stay in touch with the company and coworkers whereas the use of communicational applications such as Microsoft Teams or Zoom has experienced an increase of 300 million meeting participants daily in April 2020 announced by Eric S. Yuan. But as the numbers increase, the risk of falling victim to cyber-attacks will also rise if they were to not be careful with their platform's security measures. As the research studied by Navid Ali Khan, there are cases regarding the Zoom application where they have experienced a fall out whereas their default settings are no longer safe to the point of them being banned by some of the organizations and even some countries as well.
More individuals or rather organizations have been fallen victim to attacks such as smishing attacks which is a type of performing phishing attacks but with the method of sending SMS text messages, that was researched by Dr. Ben Collier, Dr. Shane Horgan, Dr. Richard Jones, and Dr. Lynsay Shepherd [23]. Their studies show that attackers are taking advantage of this pandemic to be able to gain profit out of it as there is a case where numerous SMS scams targeting individuals were sent a message that they were fined and charged for leaving the house. Apparently, there are more than once per day these cases have been reported to the authorities. This research has also brought up another case that has been occurring a lot during this pandemic, which is fraudulent of mobile applications. These are one of the categories of phishing as well where a text message is generated that has the link that will bring the victims to a website that will request for their confidential data. This was reported by Guardian based on this research where there is an increase in frauds and attackers impersonating them as legitimate applications providing government services.
We will also touch on the platforms that people in a worldwide scale use the most which are social media such as Facebook, Twitter, YouTube, Instagram and TikTok. [24] In the research conducted by Marites V. Fontanilla, there is an uproar on the rumors of the health emergency being spread throughout these internet platforms which is creating more confusion among the people. This information is spreading through the spam emails ( Fig. 4) that many individuals are receiving. The news will give a sense of emergency through it along with an attachment of a COVIDrelated URL that will bring the user to a website or a file that contains malware in them that will spread throughout their system. These malicious acts have been happening recently with the numbers of users accessing them coming to 900 thousand people falling for these fraudulent attachments. These cybercriminals were disguising themselves as those healthcare institutions such as the World Health Organization (WHO) to find their opportunity to steal as much private information or data from whoever had fallen victim to it. These cybercriminals have or are being provided by companies. Teleworkers are increasing day by day, which in turn exposing themselves to more vulnerabilities and they will take advantage of the unsecured network devices or weak configuration of it. [25] There has been annual damage of $445 billion in a global scale because of the cybercrimes that have been happening, according to the research from Arnold and Edem, and it is said to become more economically damaging if teleworkers were to increase or stay longer since the pandemic requires all people to stay indoors to prevent the spread of the coronavirus. The occurrences of the increase in the cybercrimes are bound to happen, hence there should be an enhancement in the security for the safety of all these teleworkers whilst working.
One of the methods that are being discussed in the research of Arnold and Edem is that they will be using a strategy called Social Engineering, which involves the psychological side of manipulation employed by hackers. This study proves that cybercriminals have been coming up with new ways of how they can gather confidential information or compromise the security of the organizations or themselves as well.

Implementation Scenarios
One of the organizations that had experienced a cyber-attack incident is the Zoom application. The case of where explicit videos are played to the children has occurred and they have issued a lawsuit for being shown these graphical images during a class session [26]. How they have dealt with this problem is that they followed the procedure where they identified what type of problem it was and found the culprit behind this attack. They have also updated their security measures which will heighten their data security which in turn ensures that the users of Zoom application will have a more secure option when it comes to being communicating with others while maintaining social distancing during the pandemic. With the spike in their popularity, they have also made an effort to have a constant practice on the security policies that are updated and established such as free accounts are required to use a password whenever they want to enter a meeting at all times [27]. They also put a halt in adding new features on the UI and focused on the safety issues. Pulling this move is the best to increase the security status of their application where they are adding more of them such as the clarification of the encryption practices, giving users the guidelines to avoid being a victim of the cyber-attacks as well [28]. They are also adapting to the current issues that are happening and strategize and plan for their future to avoid any of the same attacks such as these from happening.
World Health Organization (WHO) is also one of the organizations that are experiencing events such as attackers impersonating them to gain sensitive data or money from people who have been falling victim to the spam emails.
[29] The way they have countered this is that they announced policies for the people so that they will know what is and is not genuine emails that are from them and not an attacker that is disguised as them. WHO was prepared to keep the people safe from this event from happening since the pandemic is something that the attackers will take advantage of. They also provided procedures of when the receivers got an email that was from them. So, targeted victims do not need to be confused when they do receive one before responding to them. The attackers are taking advantage of the COVID-19 pressure and WHO has been aware of this situation from happening. So, it was important for them to show the safety measures before responding to one of those emails. This is the main problem that they are facing and it will be increasingly damaging if they do not establish any policies or procedures for people to follow for them to protect themselves from these attackers.

Issues and Challenges
As technology advances every day, cybercriminals are also improving their techniques to reach their goals. Our research shows that most cyberattacks are due to human factors. Humans transmit information online, exchange information with people and organizations, making most of their time to have the highest efficiency. And to get the efficiency, the easiest way to go online, from documentation, messaging to shopping.
One of the factors people are vulnerable in cybersecurity is because we are lacking common practice and training on security [30]. Normal users like company employees who are not professionals in technology will not know how easily cyberattacks can take place. A small mistake can cost the individual or the company a tremendous financial loss or data loss. The lack of practice and training causes employees to not be aware of social engineering attacks such as phishing and email malware. These attacks involve deceiving people into breaching standard security practices. For company employees, they often fall into attacks when they receive emails from cybercriminals who are faking their identities as superior or colleague. With a click in the email, cybercriminals can easily obtain the information that is stored in the employee's device.
Next is due to humans relying on technology too much. Nowadays, users store their files on cloud services. However, cyberattacks on cloud services have doubled in 2019, making cloud services the third most targeted platform by cybercriminals currently. Users not only store files on cloud services, but also passwords on their browsers for convenience. This eases users during logins by auto-filling the credentials after user's authentication. For example, Google Chrome allows users to save their passwords in his/her Google account. Upon successful login, all the passwords can be read. Hence, if the user's Google account is accessed by an unauthorized user, the unauthorized user will have access to all his/her other accounts. Having a weak password and using the same password across platforms and applications are also very dangerous. Weak passwords can be easily hacked in minutes. This is also why websites have made it compulsory for users to have a strong password which includes alphanumeric, special characters and capitalization.
Other than that, oversharing is also one of the issues and challenges in cybersecurity. Users normally tend to overshare information about themselves or people around them on the Internet, especially users who are into social media such as Instagram and Facebook. They share their daily activities, their list of friends, contact number or even check-in at their location in real-time. Users also share sensitive information such as bank account details or house addresses in messages while chatting. If the messaging platform does not have encryption available, user chats can easily be obtained. All these data can be used as information for cyber criminals when they are planning the attack.
Besides, another issue and challenge in cybersecurity is people risk management, authorization, and access control [31]. This issue points to companies or organizations. The reason why employees are always the factors of cyberattacks occurring is that there is a probability of malicious insiders existing among the employees in a company. A malicious insider threat to a company can be a current employee, a former employee or even a business partner who has authorized access to the company's system and information. This malicious insider intentionally misuses access and does something that negatively affects the company. Organizations must make sure that former employees no longer have access to the organization's data and authorized access to the organization's server. The organization's access control should be enforced, and the access should be granted based on the employee's role in the organization. Employees can also make mistakes due to lack of training as mentioned above or their careless mistakes losing devices such as laptops and company mobile phones that consist of important company information.
Lastly, is the negative attitude to handling information and devices. Users do research and download files and media from the browser without checking properly at the sources. This is extremely dangerous, especially for emails. As mentioned above, the cybercriminal can steal another person's identity and acts as the sender. Checking whether the email address of the sender or checking whether the URL link that you are browsing is correct and secure is very important. The same goes for devices, users always avoid updating their software to save time as updates take time.

Based on Literature Study
There are many cases that are regarding phishing attacks or relevant attacks to them. One of which is the use of luring the users with text messages and emails that are being sent and the attackers disguising as those from the health industry to gain sensitive data. This is a way that they have been using to trick those targeted victims as discussed previously. These individuals should be informed or rather educated on the practices that are being carried out in order for them to understand the consequences of being attacked by them. This solution is regarding the safety measures that the people should take to keep themselves safe from encountering fraudulent messages being transmitted to them. When they have a basic understanding of the dangers while receiving something such as an email that is too good to be true. The awareness of cybercrimes will be increased, and people will take extra precautions when they are putting themselves into the world of the internet. This is also a progression that can be made where they start installing Firewalls into their computer systems or having a Virtual Private Network (VPN) in their networks and so many more.

Fig. 5
Virtual Private Network functionality [32] Not only individuals are being affected but something as big as organizations too where damages on them financially. So, the administration of the organizations should secure the network with website security protocols or tools that can block any suspicious entities through the internet. Protocols that should be applied are using websites that have HTTPS to provide security when they are visiting any websites. This will be a guide for employees in the organizations, which in these times, they have transitioned into becoming teleworkers as discussed in previous sections. Organizations should also prepare and update on their plan for their responses when they have experienced any incidents. It would show that they would be able to quicken the process of responding and recovering themselves in their future challenges. Keeping things such as the security policies, software or hardware updated is also a procedure that should be taken to account for a secure network or visiting sites. So, teleworkers would have been able to avoid the means to communicate with any of the disguised attackers when they have practiced and have basic training when it comes to communicating with them.

Based on Scenarios
Zoom encountered a security breach that involved a Bible study class where a hacker hijacked and posted graphic images of child abuse during the users' meeting [26]. This unprecedented attack led to the company being filed a lawsuit by the victims which in turn brought the company under intense scrutiny by the masses regarding their security and privacy measures. Zoom took measures such as updating their security policies, heightening security, halting future feature production as well as adaptation. Firstly to allow more prompt actions to be taken especially by users, the company decided to centralize the security features of the application for accessing features such as locking a meeting, enabling virtual wait rooms that are set on default, removing participants, and restricting screen sharing rights to name a few [33]. Taking a step further, the company obtained Keybase, a protected messaging and file-sharing service, to enhance their recently added end-to-end encryption that supports content encryption until AES-256 [34].
On the other hand, the World Health Organization (WHO) has faced cyberattacks of criminals sending fraudulent emails and messages that expose user's sensitive information. However, WHO tackled this challenge by providing step-by-step guidelines for those who are contacted by hackers impersonating the organization. WHO clearly stated actions that would never be done by the organizations itself such as asking for the users' password and being charged money. The organization also provided advice on how people can prevent phishing attacks. By doing this, WHO not only showed how well prepared they are in stopping cyberattacks but also increased the awareness of cybersecurity and the threats that come with it within the population. Overall, WHO is an example of a company that takes necessary steps to ensure security threats are avoided and mitigated accordingly [29].

Based on Issues Found
For the issues that were mentioned previously, in this segment we are going to discuss what solutions can be applied to resolve the aforementioned. The first issue, the lack of common practice and training on security. This can be solved by companies themselves taking the initiative to provide in-depth training to employees to ensure the awareness of various cyberattacks. These arrangements can improve the overall security performance of the company as sufficient training will allow the employees to build their own awareness of the importance of understanding why and how to avoid these threats. Hence, reducing the number of cybersecurity attacks occurring within an organization.
Next, the issue of clients and users being too reliant on technology as well as the concern of oversharing and poor data management. This problem can be dealt with by companies providing basic guidelines on how users can be more aware and understand the security risks that lie on their fingertips. Another approach the companies can go for is the use of digital and physical marketing as visualizing the guidelines will definitely catch users' attention and that the steps can be easily digested.
Moving on, people risk management, authorization and access control is another core issue that can be seen in the workforce. This issue can be solved by the companies having a complete and well-defined process and proper communication plan. This approach can lessen miscommunication and coordination troubles as having proper deadlines, clear hand in requirements, as well as established communication channels, contribute to a more efficient workflow. Strict access policy for sensitive data should also be considered. Other than that, training and the welfare of the employees are an important aspect to apply so that the possibility of a malicious insider can be reduced.
Lastly, the issue of negative attitudes in handling information and devices. However, this can be resolved if the companies ensure that the software is up to date, especially antivirus software. This is because cybercriminals are trying to stay one step ahead of antivirus software manufacturers. By updating the antivirus software, it can help prevent malicious attacks. at the same time making sure the software is working with the latest updates from the user's operating system.
Another issue is insecure usage of modern digital devices, such as internet of things. They must be implemented after integration of security component and sufficient security check in the designing and development phase. Several solutions have been proposed for securing communication which occurs through these devices, such as in [35][36][37] as there has been a steep increase in their deployment. These solutions need to be applied in practical applications of such devices. Table 1: Guidelines and implementation strategy and process in an organization are shown in Table 1 [38]:

A. Assessment B. Planning
A measure that can be applied is awareness training. As we know even if all the prevention methods and security systems are applied, attacks can still occur due to human blunders. Therefore, awareness training is a crucial measure to avoid such errors from persisting. By providing defense training that covers aspects such as current threats, attack red flags, steps on tackling attacks and threat response plans, the organization can give a foundation for employees where they can counteract and be more assertive when issues arise [39]. Also, hand-on training such as organizations having monthly mock training by deploying mock cyberattacks to the employees. This will equip them with the necessary knowledge and experience to prepare for any unexpected situations. Next, organizations should arrange a strategy in regards to data recovery and clearly state the strategy so the clash of responsibilities is avoided. By implementing this measure, the data that would have been lost or damaged by the attacks can be retrieved from the alternate storage [40]. Early detection and planning is another way that can help increase awareness of cybersecurity.
Having the ability to quickly identify risks can help organizations to contain the damage and reduce loss from the attack [40]. With all these practices and more, the importance of protecting data with cybersecurity will surely be clear to the persons involved. By taking all these measures into account, it will instill a sense of responsibility amongst the personnel and ultimately embed a culture of cybersecurity enforcement and awareness. As Head of IT for PT IBS, Faisal Yahya said "The impact of cyberattacks can only be mitigated by promoting initiatives within companies and implementing the best mitigation strategies for customers" [41].

Conclusion
Through the research carried out in this paper, it is observed that cybersecurity is a field of study that should not be disregarded as we are moving towards an age of technology that is ever evolving and changing especially during these unexpected times where cybersecurity is more essential than ever. Cybersecurity efforts must be maintained and enhanced as cybercriminals are becoming more frequent and sophisticated. These cybercriminals are attacking and instilling fear into the population, becoming more assertive and fearless as cybersecurity is not enforced enough. These issues and challenges can be overcome by the public and related stakeholders if serious initiative is taken and approach to more robust and secure networks is steered appropriately. Concluding our views, we do trust that with combined efforts, a more protected and well adaptive system can be achieved in cybersecurity. From the analysis carried out in this paper, it is found that many issues are still surfacing in the cyber world and that it is only expanding due to organizations' lack of resolution and the people's insensitivity towards these current concerns which are becoming more apparent. Furthermore, the advancement in terms of hacking and attacking capabilities of attackers is proving to be a growing threat against the security and privacy of systems and people who are connected with this these systems. However, it is also observed that increase in developing cybersecurity solutions is becoming an important factor as well and will continue to be a fundamental discipline of interest for research in upcoming years due to the huge involvement of digital technology in our life at individual and organizational level.