cyber crime case study 2021

The Top 10 Biggest Cyber Attacks Of 2021

A throwback on some of the most high profile cyberattacks of 2021, how they were remediated, and what could have been done to prevent them..

2021 was a year that carried forward a lot of the chaos from 2020. This couldn’t be truer for cybersecurity, as we saw seemingly almost every kind of attack increase exponentially in number and grow in sophistication.

In fact, according to a recent report by SonicWall, 2021 saw ransomware attacks increase by 105% from the previous year and encrypted threats rise by 167%. While ransomware might have been front and center in the report, there were also significant concerns over phishing and business email compromise (BEC) attacks, which also saw significant rises.

As business-aimed attacks have continued to increase in severity, cost, and sheer prevalence throughout 2022, we’ve rounded up some of the most high-profile cases that hit headlines last year—and how they could potentially have been prevented. The suggestions made, however, aren’t standalone and work best when working in tandem with each other.

While we pride ourselves on accuracy, we like to note that this isn’t an exhaustive list and barely scratches the surface of the sheer scale of cyberattacks that occurred throughout all of 2021 but includes a portion of the ones everyone was talking about last year.

Without further ado are (some of) the highest profile cyberattacks of 2021:

Microsoft Exchange Attack, January – March

When governments and businesses were still reeling from the SolarWinds attack of December 2020, opportunistic attackers from a Chinese hacking group took advantage of the residual chaos to instigate their own attack against Microsoft’s Exchange Server. The group, called Hafnium, are usually associated with espionage, and historically have frequently leveled attacks at US organizations.

Rather than instigating a single attack, the perpetrators conducted waves of attacks after their four successful zero-day exploits granted attackers access to user emails and passwords, admin privileges, and access to connected devices within the network on affected servers. Hackers were able to access the accounts of at least 30,000 organizations in the USA alone, with 250,000 globally reported as being affected .

By the end of March, Microsoft had announced that nearly all servers affected by the attack had been patched and mitigated. It was still costly and time consuming to rectify, however, and caused significant damage to companies who had suffered subsequent breaches and attacks as a result.

These waves of attacks were borne out of multiple vulnerabilities within the network that attackers took advantage of. Companies can sidestep this issue by ensuring that their network perimeter stays secure by employing a strong, automated patch management solution that finds vulnerabilities and patches them before they result in a breach.

For more on patch management and how it actually works and why you might need it, read on in our blog:

What Is Patch Management?

Accellion Supply Chain Attack, January

As we saw with Microsoft, even trusted tech providers aren’t safe from experiencing devastating attacks and breaches. And security software specialist Accellion (now Kiteworks) is no exception.

In late January, the company reported a successful supply chain attack that affected many of its high-profile clients. Supply chain attacks involve an attacker infiltrating a company network through an affiliated partner, suppliers or any other party that would have access to the network.

In this instance, Accellion was the “secondary” target, as attacking through it gave threat actors access to numerous Accellion customers and partners. The attack was achieved via a zero-day attack that targeted Accellion’s File Transfer Appliance (FTA) software. Hackers were able to find a P0 vulnerability in the software to exploit and launch a widespread attack with four zero-day attacks.

Of Accellion’s 300 clients, roughly 100 were affected by this breach . Big names like Kroger, Reserve Bank of New Zealand, and the University of Colorado were affected. Remediation of the vulnerabilities and breach for both Accellion and their affected customers took weeks to achieve.

The zero-day attack was successful in that it also took advantage of vulnerabilities within Accellion’s network perimeter, much like what we saw with the Microsoft Server attack. A robust patch management software solution that automatically searches for and patches vulnerabilities is a must for most organizations:

The Top 10 Patch Management Software For Business

Florida Water Supply, February

In an attack that erred more on the side of horrifying and harmful than actually financially damaging, a hacker managed to—albeit briefly— take control of a Floridian city Oldsmar’s water supply and change the amount of lye in the supply to dangerous levels . Lye is used in water supplies to treat the water, but in high enough levels can cause serious harm if touched or ingested.

In the early stages of the attack, a plant operations employee noticed that their cursor was moving on its own and setting the amount of lye to dangerous levels. After quickly reverting the levels back down to where they should be, the employee raised the breach with their superiors.

The remote-access system, TeamViewer—used by employees and what was used by the hacker to access the operating systems—was disabled in response. The FBI released a statement that they suspected poor password hygiene and out-of-date software were the cause of the issue. It was also further reported that credentials tied to the plant had been leaked prior .

While poisoning the water supply with lye sounds like something Arthur Conan Doyle would write about, the method to instigate this potentially harmful attack was less Victorian in nature. It was later suspected by security firm Dragos that the origin of the attack could have also stemmed from a watering hole attack—an attack that compromises a particular site visited by the actual target rather than directly attacking the target itself.

Dragos reported that it had found damaging code inserted into a WordPress-run website affiliated with a Floridian water infrastructure construction company that liaises with the Oldsmar water plant. With the code inserted, attackers were able to harvest information, including operating systems, browsers, touchpoints, input methods, what hardware was in use such as cameras and microphones, and much more. Dragos’ best guess was that threat actors harvested this information to help improve the botnet malware’s ability to mimic legitimate web browser activity.

Making sure credentials don’t become compromised is a critical part of overall strong password hygiene. You can do this by making them hard to guess and having them regularly rotated and changed whenever there’s a detected breach, as well as through the deployment of a password manager .

Australia Channel 9 News Ransomware Attack, March

In March, threat actors were successfully able to disrupt Australia’s Channel 9 News live broadcast, preventing the channel from airing several other shows and affecting 9 News’ print production . The confirmed ransomware attack, in addition to successfully taking shows off the air, also locked staff out of their emails, blocked their internet access, and halted print production systems. At the time, it was the largest cyber-attack on an Australian media company.

After isolating the incident, admins were able to bring production back online but only after several hours of disruption to operations. While it was never made public or discovered what the root cause was, 9 News admins suspected it was probably either due to vulnerabilities that hadn’t been patched or from a phishing email, yet the possibility of a state-sponsored attack hadn’t been ruled out either and at the time they closely consulted with the Australian Signals Directorate and the Australian Cyber Security Centre .

No ransom was reported as being requested and nor was one paid, with 9 News working on remediation of the issue.

Having strong anti-phishing solutions in place can prevent your employees from inadvertently downloading malicious code that acts as a gateway for a ransomware attack. Most phishing attacks occur via email, so enhancing email security is an excellent preventative step against ransomware attacks.

CNA Financial Ransomware Attack, March

Ransomware attacks are particularly devastating, as companies can experience severe financial losses from disruption in activities. And, more often than not, companies can’t afford the downtime, which results in them paying the ransom to get servers back up and running.

The ransomware attack leveled at CNA Financial, a finance company based in Chicago, had this unfortunate end result, with CNA paying a hefty $40 million ransom in exchange for the key to un-encrypt its files and data. In its report, it noted that the breach had affected a staggering 75,349 individuals .

So, how did it happen?

Phoenix, the attacker group responsible for the hack, used a type of malware called Phoenix Locker, which was derived from Hades—a popular form of ransomware created by REvil. The ransomware works by masquerading as a browser update which entices employees into downloading it before moving laterally across the network until it can gain enough privilege to identify important and sensitive data. It then continues by sending copies outside of the network and encrypts data at rest in the network and instigating the ransom attack.

A couple of tools appropriately deployed and configured could’ve prevented and mitigated the attack here. Data loss prevention solutions , when properly configured, can prevent sensitive data from leaving the network if the solution notices that certain information or data is leaving the network without proper authorization.

The second important measure that could have helped in this instance is security awareness training (SAT). The entire attack was instigated by employees clicking and downloading on a bogus browser update, which worked as an attack vector for Phoenix. Having staff appropriately trained to spot these tactics and respond accordingly could have prevented the breach.

Not sure what SAT is? Check out our guide:

Ultimate Guide To Security Awareness Training

Quanta Ransomware Attack, April

Quanta is an original design manufacture (ODM) supplier to Apple, Dell, Lenovo, Cisco, Microsoft, and others, who were hit with a financially crippling ransomware attack in April last year by Russian ransomware-as-a-service group, with perhaps the most appropriate, Resident Evil-esque name ever, REvil. While not quite Umbrella Corporation level, they’re still able to do a lot of damage and requested a cool $50 million by way of ransom.

Initially, the attack began with REvil demanding the ransom from Quanta in exchange for all data they had encrypted in the attack, but after accessing the server and acquiring unreleased designs for future products, REvil quickly changed tactics and demanded the sum from Apple in exchange for not leaking more designs for future products.

While the exact specifications of the attack are unclear, it was reported by Quanta that only a small part of the network had actually been affected by the breach and that they were working closely with local authorities to contain and remediate the attack.

REvil did make good on their promises to release designs until the ransom was paid, insisting that the ransom needed to be paid by May 1 of that year. However, as luck may have it, the situation de-escalated just as quickly as it had begun, with all Apple-related content disappearing from the attackers’ website. At the time, it left us in the dark about what actually happened and why the ransomware attack seemingly ran out of steam, but as it happens Quanta hadn’t been its only target and plenty of other countries and organizations had personal beef with the ransomware group. REvil had targeted Acer with another $50 million ransom attack earlier that year, amongst plenty of others in the past. In a joint operation between several governments, REvil was targeted and hacked last year and their operations disbanded .

While Quanta and Apple might have had a happy ending in this particular instance, it was still a high-profile case in that a ransomware attack was able to significantly affect and target a huge–and ironically–, tech company, showing that no one is truly safe.

Ransomware attacks are particularly devastating as in addition to the ransomware fee, they can also run costs accrued via lost business and downtime needed to get operations up and running again, so safeguarding against these types of attacks is critical:

How To Stop Ransomware Attacks

Brenntag Ransomware Attack, April

In April, hackers successfully deployed a high-profile ransomware attack against German chemical distribution company Brenntag. Brenntag is a large corporation and a world leader in their field, with thousands of employees across the world at over 670 locations.

The perpetrators in this scenario were hacker group DarkSide, who netted an eye-watering $4.4 million ransom paid for in Bitcoin by Brenntag in a bid to prevent stolen data from being released and for the key to decrepit their files to be handed over.

The attack, which focused on the North American side of the business, managed to encrypt the company network and steal 150GB of data, including highly sensitive personal information pertaining to the company’s employees .

The ransom had originally been much higher but was reduced to $4.4 million after negotiations. Part of these negotiations included DarkSide telling Brenntag how they managed to pull off the attack. When it came down to it, the “gateway” to this attack turned out to be stolen credentials, or so DarkSide claims .

This article has already stressed the importance of proper management of credentials and strong password hygiene, but it’s also worth pointing out that alongside this, having sensitive data and information stored elsewhere is also a beneficial step in mitigating risk and data losses from ransomware attacks. Cloud storage solutions can store data away from the main network, making it more difficult for attackers to access.

Colonial Pipeline Ransomware Attack, May

And who could forget the Colonial Pipeline ransomware attack of May 2021?

For those not in the know, the Colonial Pipeline is an oil pipeline that delivers gasoline and jet fuel to a large number of states in the southeastern part of the USA. The pipeline saw the halting of production while the company worked to contain and respond to the threat. The pause in production resulted in the cancellation of flights and fuel shortages, the latter of which was exacerbated by panic buying.

After some deliberation, and in a move that was overseen by the FBI, the company paid the $4.4 million ransom within a few hours of receiving the ransomware notification in exchange for the decryptor needed to bring the network back up. However, the processing time for this was incredibly long which resulted in the company having to use planning tools and time and effort in getting everything up and running again anyway.

But how did this all happen? Well, the attack vector into the Colonial Pipeline’s network turned out to be a set of compromised credentials . Strongly suspected that the credentials in question were acquired from the dark web, the account in question reportedly was no longer in use and was regarded as a dead account—except for the fact that it still could provide access to the Pipeline’s network.

It’s unsurprising, seeing as stolen credentials account for 61% of all breaches . It was further reported that the account that led to the breach and subsequent ransomware attack didn’t have multi-factor authentication in place either.

Having a robust identity and access management (IAM) solution in place perhaps would’ve circumvented the issue. IAM solutions combine the processes of identifying, managing, and authorizing accounts within a system. This usually entails having a database that contains all user identities and access privileges, tools to help manage these privileges including monitoring them, and a system that enables the auditing of login and access history.

Regularly cleaning up accounts and removing any dead and unused accounts would have proven beneficial in preventing the breach. Any unused or dead accounts are often left unmanaged and forgotten about, which is a huge risk. Every single set of credentials—used or not—are entry points into a network and therefore potential attack vectors, and need to be managed accordingly.

The Top 10 Identity And Access Management Solutions

JBS Foods Ransomware Attack, May

JBS Foods is a Brazilian company that is one of the largest meat processing companies in the world and supplies one-fifth of the world’s meat. It was also hit with a particularly devastating ransomware attack in spring, 2021 .

The ransomware attack was highly successful in halting production in the US, Canada, and Australia, before JBS paid the ransom of $11 million in bitcoin to resume production—one of the largest ransom payments to date. Prior to the ransom, JBS had apparently consulted with cybersecurity experts and made the decision to prevent any more data exfiltration and pay the ransom.

While no one took credit for this attack, it is still strongly suspected that Russian hacking group REvil was to blame, though the incident was being investigated by the FBI to find the culprits. Since the attack, it hasn’t come to light who was behind the attack or indeed the specifics of how the attack actually functioned.

However, data exfiltration took place in the two months preceding June 1 when the attack hit and JBS staff found their network encrypted. Data exfiltration was directed towards the file-sharing site Mega, along with some other locations. Prior to this, Security Scorecard found in their research that leaked credentials belonging to JBS Australia employees had been found on the dark web, adding to suspicions that a breach had occurred in February of that year.

While the situation remains unclear as to how the attack actually happened, it’s clear that data loss prevention tools, IAM solutions, and patch management could have potentially mitigated risk.

Kaseya VSA Ransomware Attack, July

The Kaseya VSA ransomware attack was also perpetrated by Russian (or at the least, Russian speaking) hacking group, REvil. Kaseya is a software company specializing in IT products that are particularly suited for MSPs.

The whole issue actually began in April, when Kaseya was made aware of seven, easy-to-spot vulnerabilities in their software by the Dutch Institute for Vulnerability Disclosure . While there was considerable effort to patch these vulnerabilities, Kaseya was not able to patch all of them in time, leading to REvil’s attack in early July.

The root cause of the attack stemmed from Kaseya’ Virtual System Administrator, which is a remote monitoring and management software tool that became compromised. Attackers spread the ransomware through hosts managed by the software and increase the overall attack surface. The company, in response, shut down the VSA’s cloud and SaaS servers.

By mid-to-late July, Kaseya had announced that they had received the key to unlock all remaining encrypted files from a “trusted third party” and that they were working closely with still affected businesses within their network. While they had not paid the ransomware to REvil and had worked hard to contain the issue, significant financial losses were still accrued from heavy downtime and anywhere from 800 to 1500 business had been affected .

Like with the Microsoft Exchange attack listed above, Kaseya’s ransomware attack stemmed from vulnerabilities within their network which hadn’t been patched yet. Having a strong patch management solution in place can mitigate the brunt of attacks if properly configured and automated, as mentioned above.

Cybercriminals Stole $6.9 Billion In 2021, Using Social Engineering To Break Into Remote Workplaces

Share to Facebook
Share to Twitter
Share to Linkedin

The number of cybercrime complaints to the Federal Bureau of Investigation rose 7% in 2021 to 847,376 and total money lost to cybercrime increased 64% to $6.9 billion, the FBI said Tuesday in its annual Internet Crime Report , which highlighted how remote communication and virtual meetings can leave businesses and individuals vulnerable to social engineering attacks by fraudsters.

Money lost to online scams hit a new high in 2021, the FBI reported.

Cybercriminals stole $2.4 billion by compromising business email accounts, which are often used to initiate fraudulent wire transfers; $1.46 billion through investment scams, which often involved bogus cryptocurrency investment opportunities; and $956 million through confidence fraud and romance scams, in which a scammer may pose as a potential romantic partner before demanding money to remedy a supposed emergency.

The rise of remote work and virtual meetings led to an increase in online scams:one new technique involved scammers inviting company employees to a virtual meeting and then using “deepfake” simulated audio of an executive’s voice to instruct employees to transfer money to a fraudulent account, according to the report.

Scammers are increasingly turning to difficult-to-trace cryptocurrency transactions enabled by crypto-compatible ATMs, which the FBI describes as poorly regulated and offering instantaneous and irreversible transactions.

Senior citizens, whom the FBI says are more vulnerable to scammers because they are often relatively trusting and financially well-off, lost significantly more to cybercrime than younger people—people age 60 and over filed 92,371 complaints in 2021 and reported $1.68 billion lost, while people age 20-29 filed 69,390 complaints but reported only $431 million lost.

California—historically the most cybercrime-prone state, and the site of high-profile incidents including celebrity account breaches and multi-million-dollar “SIM swapping” scams—was hardest hit in 2021, with 67,095 victims reporting $1.23 billion in losses, followed by Texas, with 41,148 victims reporting $606 million in losses, and New York, with 29,065 victims reporting $560 million in losses.

Almost all cybercrime metrics have increased dramatically since 2017—money lost increased by 393% and the overall number of complaints increased by 191%, while reports of phishing—in which a scammer sends an email pretending to represent a reputable company in order to trick the victim into revealing passwords or other information—were up by a whopping 1,178%.

Key Background

As fraud countermeasures advanced, scammers moved from simple email spoofing to sophisticated social-engineering schemes, posing as customer service representatives, law enforcement officials and even victims’ own family members to gain access to victims’ accounts or to prompt money transfers to fraudulent accounts. The FBI Internet Crime Complaint Center’s Recovery Asset Team (RAT), established in 2018, acts as a liaison between law enforcement and banks, investigating emerging cybercrime strategies and attempting to rapidly freeze funds fraudulently sent to U.S.-based accounts. Since its inception, the RAT has succeeded in freezing $328 million, or about 74%, of a total $443 million transferred in 1,726 fraud incidents, the FBI reported. Reported personal data breaches affected 51,829 people in 2021, up 14% from the previous year, though personal data leaks were not always instigated by scammers—an investigation by cybersecurity news site CyberNews found that numerous Android users had their personal and financial information leaked due to unintentional security flaws in popular apps.

466,501. That’s how many cybercrime victims filed reports with the FBI in the U.S., compared to 303,949 victims in the U.K. and 25,002 victims in all other countries combined.

Maine reported just $7.26 million in losses, the least of any state, followed by West Virginia with $9.45 million in losses and Vermont with $9.83 million in losses. North Dakota was home to just 670 cybercrime victims, followed by Vermont with 715 victims and Wyoming with 735 victims. However, American Samoa—a territory with a population of about 46,366 —reported the lowest numbers of any U.S. state or territory, with $177,533 in losses to 25 victims.

Not all forms of cybercrime have increased since 2020. In 2021, the FBI received 49% fewer reports of online extortion and 24% fewer reports of online non-payment/non-delivery scams.

Join The Conversation

One Community. Many Voices. Create a free account to share your thoughts.

Forbes Community Guidelines

Our community is about connecting people through open and thoughtful conversations. We want our readers to share their views and exchange ideas and facts in a safe space.

In order to do so, please follow the posting rules in our site's Terms of Service. We've summarized some of those key rules below. Simply put, keep it civil.

Your post will be rejected if we notice that it seems to contain:

False or intentionally out-of-context or misleading information
Insults, profanity, incoherent, obscene or inflammatory language or threats of any kind
Attacks on the identity of other commenters or the article's author
Content that otherwise violates our site's terms.

User accounts will be blocked if we notice or believe that users are engaged in:

Continuous attempts to re-post comments that have been previously moderated/rejected
Racist, sexist, homophobic or other discriminatory comments
Attempts or tactics that put the site security at risk
Actions that otherwise violate our site's terms.

So, how can you be a power user?

Stay on topic and share your insights
Feel free to be clear and thoughtful to get your point across
‘Like’ or ‘Dislike’ to show your point of view.
Protect your community.
Use the report tool to alert us when someone breaks the rules.

Thanks for reading our community guidelines. Please read the full list of posting rules found in our site's Terms of Service.

Artificial Intelligence
Generative AI
Business Operations
IT Leadership
Application Security
Business Continuity
Cloud Security
Critical Infrastructure
Identity and Access Management
Network Security
Physical Security
Risk Management
Security Infrastructure
Vulnerabilities
Software Development
Enterprise Buyer’s Guides
United States
United Kingdom
Newsletters
Foundry Careers
Terms of Service
Privacy Policy
Cookie Policy
Member Preferences
About AdChoices
E-commerce Links
Your California Privacy Rights

Our Network

Computerworld
Network World

Top cybersecurity statistics, trends, and facts

Survey data from the past year paints a picture for what your threat landscape will potentially look like in the coming months..

examining / analyzing / selecting / business data / statistics / analytics

2021 has been a banner year for cybercriminals, they have taken advantage of the COVID-19 pandemic and the increase in remote work, attacking both technical and social vulnerabilities. This historic increase in cybercrime resulted in everything from financial fraud involving CARES Act stimulus funds and Paycheck Protection Program (PPP) loans to a spike in phishing schemes and bot traffic. Piled on top of that is a growing wave of ransomware and software supply chain attacks.

The most vital and current cybersecurity stats below show how threats have grown in scale and complexity over the past year-plus. While most of the research cited here was released within the past year, it does not necessarily reflect today’s risk environment. The data collectively suggest trends that are likely to continue into the near future.

Top cybersecurity threats and trends

A total of 5,258 confirmed data breaches occurred in 16 different industries and four world regions, according to the Verizon 2021 Data Breach Investigations Report (DBIR) , which analyzed data from 29,307 incidents. Of those breaches, 86% were financially motivated. That’s a sharp rise from the 3,950 confirmed breaches (out of 32,002 incidents) from the 2020 DBIR.

Nearly half (49%) of IT executives said their top security priority is the protection of sensitive data, according to the 2020 IDG Security Priorities Study , which surveyed 522 IT and security executives.

In 2020, the Internet Crime Complaint Center (IC3) received over 28,500 complaints related to COVID-19, according to the 2020 FBI Internet Crime Report .

IC3 saw a 69% increase in complaints from 2019 , receiving 791,790 complaints total, with losses exceeding $4.1 billion. According to IC3, the costliest attacks are business email compromise (BEC) schemes , with 19,369 total complaints and a loss of $1.8 billion.

By September 2020, the average ransom payment peaked at $233,817 , according to the 2021 Webroot Brightcloud Threat Report . The report also found that 86% of malware is unique to a single PC , and phishing spiked by 510% from January to February 2020 alone.

Phishing statistics and trends

Phishing and other forms of social engineering, with criminals targeting human rather than technical vulnerabilities, remains a tried-and-true attack method. According to the FBI’s IC3, as of 2020 phishing is by far the most common attack performed by cybercriminals. In 2020, the key drivers for phishing and fraud were COVID-19, remote work, and technology, said the 2021 State of Phishing & Online Fraud Report .

In 2020, 6.95 million new phishing and scam pages were created , with the highest number of new phishing and scam sites in one month of 206,310.

Key themes used for scams include COVID, gift cards, and gaming hacks.
The top three industries targeted in phishing attacks were technology, retail and finance.
The top three countries where scams were hosted were US, Russia and British Virgin Isles.
The top email service used for phishing kits was Gmail.

Not surprisingly with the increase in phishing attacks, email security was ranked as the top IT security project of 2021 , according to the Greathorn 2021 Email Security Benchmark Report .

Botnet statistics and trends

Cybercriminal groups use botnets —automated collections of compromised, internet-connected devices—to disrupt targets via distributed denial of service (DDoS) attacks or enhance the effectiveness of other activities. That includes sending large volumes of spam, stealing credentials at scale, or spying on people and organizations.

Botnets have been a problem for years and it’s getting worse. Many internet of things (IoT) devices have few or no security features, and organizations often fail to follow best practices to mitigate the risks of device compromise.

According to the 2021 Imperva Bad Bot Report , bad bot traffic amounted to 25.6% of all website traffic in 2020 , up 6.2% from the previous year. What’s worse, advanced persistent bots (APBs) accounted for 57.1% of bad bot traffic in 2020. That indicates cybercriminals are becoming more sophisticated in their use of botnets.

How criminals use botnets varies by industry. Below is a breakdown of the most common malicious botnet activity in the top five industries with the most bad-bot traffic:

Telecom and ISPs (45.7%): account takeover, competitive price scraping
Computing and IT (41.1%): account takeover, scraping
Sports (33.7%): data scraping of scores, betting odds
News (33%): custom content scraping, ad fraud, comment spam
Business services (29.7%): attacks on the API layer, data scraping, account takeover

Over 28% of bots are self-reporting as mobile user agents , an increase of 12.9% from the previous year. This coincides with a drop of over 11% (79.4% to 68%) of bots self-reporting as either Chrome, Firefox, Safari, or Internet Explorer for the same period.

Cloud security statistics and trends

With so many employees now working remote, either full time or in a hybrid environment, more business is also being done on cloud platforms, increasing the need for security policies and controls around cloud infrastructure.

This is evident in the Unit 42 Cloud Threat Report , which found that in the early days of the pandemic employees working remotely grew from 20% to 71%. After the World Health Organization (WHO) declared COVID-19 a pandemic in March 2020, not only did remote work increase but organizations accelerated their cloud migration plans overall. Using data pulled from a global array of sensors, cloud threat researchers found a correlation between the increased cloud spend due to COVID-19 and security incidents. Enterprises quickly scaled their cloud spend in the third quarter of 2020 with an increase of 28% from the same quarter in 2019. In the second quarter of 2020, cloud security incidents:

Increased by 188% overall
Grew by 402% in retail
Grew by 230% in manufacturing
Grew by 205% in government

Open-source and third-party risks

As businesses accelerate their digital transformations, the popularity of code reuse, which includes open-source libraries and frameworks, has expanded with today’s typical application containing dozens to hundreds of libraries for core functionality. The efficiencies of using libraries like this have in turn created another potential attack vector for cyber criminals. Today the average Java application has 50 open-source vulnerabilities , said the Contrast Labs Open Source Security Report .

The average application has 118 libraries, but only 38% of those libraries are active .
The average library uses a version that is 6 years old and has 50 open-course vulnerabilities .
Java libraries in apps have a 16% chance of having a critical or major vulnerability
The odds of an app having a vulnerability in a Java library increase from 7% to 44% when the library ages from one to four years .
69% of Java apps have a library with a high-risk license
99% of organizations have at least one high-risk Java license .

Cyber fraud statistics and trends

The huge increase in traffic and volume across digital channels has led to an historic increase in cyber fraud, with criminals often using the volume to hide their activities. Experts estimate more than $1 trillion was lost globally to cybercrime in 2020. According to the Sift Q1 2021 Trust & Safety Index , in 2020 the pandemic increased online giving by 20.7%. This increase in traffic provided cover to fraudsters that hid behind transaction surges:

Ransomware attacks grew by over 40%.
Email malware attacks were up by 600% compared to 2019.
Loyalty merchants saw fraud rates jump by 275% compared to 2019.

The top three targets by vertical in 2020 were:

Transportation (8.4% attempted fraud rate)
Crypto exchanges (4.6%)
Gaming/gambling (3.7%)

DDoS attack statistics and trends

DDoS attacks are getting bolder and bigger. Akamai, the content delivery network (CDN) and cloud services company, reported mitigating some of the largest attacks ever seen, according to Akamai’s 2020 DDoS retrospective . In 2021 it had already seen more attacks over 50 Gbps than in all of 2019. Akamai also reports the number of customers targeted were up 57% year over year, with numbers increasing to record volume and diversity across regions and geographies.

In March 2021, three of the six biggest volumetric DDoS attacks Akamai ever recorded occurred, including the two largest known DDoS extortion attacks to date.

Ransomware statistics and trends

Ransomware is one of the top threats in cybersecurity. With 878 cyberattacks in 2020 , 18% of which were ransomware , according to the Identity Theft Resource Center . Organizations around the world are being held hostage by ransomware, with many paying up solely to avoid the cost and downtime of not paying the criminals. In short, cybercriminals are making and demanding more money than ever.

The average ransom paid increased 171% from 2019 to 2020 ($115,123 to $312,493), said the 2021 Unit 42 Ransomware Threat Report .
The highest ransom paid doubled from 2019 to 2020 from $5 million to $10 million .

Defensive preparation and response statistics and trends

The unpredictability of planning for security and budgeting has become even more challenging with the advent of the pandemic. As threat actors have ramped up their efforts in the wake of the pandemic, 31% of respondents believe their risk response efforts are under-funded , According to the 2020 CSO Security Priorities Study.

38% said they will spend more on response planning.
30% will update and modernize business continuity plans.
28% were piloting zero-trust.
40% say it’s on their radar or they are evaluating options.

Cybersecurity hiring/staffing statistics and trends

With the increase in remote working and a reliance on technology tools and infrastructure, COVID-19 has shifted demand for certain roles, with an increased need for developers , as well as help desk and cybersecurity professionals , according to a study by Robert Half Technology . This is critical since according to 74% of workers they want to work remotely more frequently following the pandemic, regardless of their business’s hybrid work plans.

IT managers (44%) said they have shortened the hiring process as a direct result of COVID-19 trying to get in demand skilled tech workers in the door before they get poached by other firms. For companies that cannot bring in qualified people from the outside, 42% of companies plan to launch upskilling initiatives , said a Korn Ferry study .

The top three hiring changes Korn Ferry found US companies making due to COVID-19 were:

Conducted remote interviews and onboarding (54%)
Shortened the hiring process (42%)
Advertised fully remote jobs (42%)

There is considerable debate on the internet about whether cybersecurity truly faces a shortage of qualified workers, or whether corporate hiring practices and preferences are creating that perception . Nevertheless, one widely cited stat is ISC2’s finding that more than half (57%) of organizations surveyed face increased risks due to staffing challenges.

More from this author

The microsoft exchange server hack: a timeline, most popular authors.

Show me more

Orca bolsters cloud security offering with source code support.

Cloud security faces pressure from AI growth, multicloud use

Continuous red-teaming is your only AI risk defense

CSO Executive Sessions India with Hilal Lone, CISO, Razorpay

CSO Executive Sessions: The new realities of the CISO role - whistleblowing and legal liabilities

CSO Executive Sessions India with Pradipta Kumar Patro, Global CISO and Head IT Platform, KEC International

CSO Executive Session India with Hilal Lone, CISO, Razorpay

Unpacking Cyber Crime: In-depth Analysis and Case Studies

By Donald Korinchak, MBA, PMP, CISSP, CASP, ITILv3

In an era characterized by unprecedented digital connectivity, our reliance on the Internet and other digital technologies has grown exponentially. However, this dependence has also opened gates to a nefarious world of crimes committed in cyberspace, known as cyber crimes. Ranging from the theft of an individual’s personal data to crippling nations’ infrastructures, these digital felonies have evolved to become one of the most sophisticated challenges to law enforcement agencies and national security. This in-depth exploration of cybercrime provides an illumination into its diverse forms, historical progression, notorious instances, societal impact, and viable prevention strategies. This discourse aims to furnish the reader with a lucid understanding of the complex web interweaved by cybercriminals, the extensive damage they perpetrate, and, most importantly, how to arm and protect ourselves in this ongoing battle in the digital world.

Types of Cyber Crime

Unmasking the multifaceted threat of cybercrime in our digital society.

As the digital era takes firm root, transcending almost all facets of our daily lives, it unveils an ever-evolving landscape of vulnerability to various types of cyber crimes. Understanding the nuanced complexities of these threats is indispensable in guiding our collective response to safeguard the inviolability of our virtual dwellings.

Imperative for discussion is the specter of identity theft, which involves the unlawful acquisition and utilization of another individual’s personal information for illegitimate financial gains. Cybercriminals exploit various avenues, such as phishing schemes and data breaches, to execute this violation, leading to disastrous personal and financial consequences for the victim.

Malware , a portmanteau of malicious software, lingers as another notable threat. Ruthlessly subtle, this category of cybercrime extends to ransomware , which locks users out of their systems or data, holding it hostage until a ransom is paid. Spyware follows closely, covertly monitoring and transmitting the user’s activities to a third party. Both breed a pervasive sense of violation and create vast economic downstream effects.

Cyberstalking and cyberbullying, while demarcated less by economic impacts, remain potent narcotics in the cocktail of cybersecurity threats. These crimes are characterized by intentional intimidation, harassment, or threat to another individual, utilizing digital mediums. The psychological trauma imparted by these infringements reflects the wider societal repercussions that transcend the digital sphere.

Notably, the list would be incomplete without recognizing cyber-terrorism and cyber-warfare. These acts, striking at the intersection of technology and geopolitical maneuvering, involve the use of Internet-based attacks in terrorist activities and warfare, often targeting critical infrastructures and national security or causing a state of panic and fear.

The rapidly evolving universe of financial technology is not untouched by cybercrime. Crypto-jacking emerges as a salient threat where hackers hijack a computer’s resources to mine for cryptocurrency without the owner’s knowledge or consent— a subtle and yet potent symbol of how technology’s greatest strengths can morph into its most haunting vulnerabilities.

Lastly, the advent of Deepfakes and AI-generated content birthed a new realm of cybercrime. These acts involve the use of artificial intelligence to create or alter video, audio, or image content to depict scenes or convey messages that were never captured or intended, potentially causing severe personal, political, and societal unrest.

In navigating through the labyrinth of cybercrime, it becomes clear that our informational infrastructure functions as a double-edged sword. Heightened awareness and understanding of the multiple types of cyber crimes, corrective measures, and prevention strategies are critical to ensure the security of our accelerated journey into the digital age. As we teeter on the brink of this new epoch, let it be fortified by knowledge, caution, and, above all, a shared responsibility toward a safe and secure online world.

Illustration depicting various forms of cybercrime, including hacking, identity theft, and cyber terrorism

Historical Perspective of Cyber Crime

The evolutionary trajectories of cybercriminal strategies: a deeper dive.

While initial aspects of cybercrime, including identity theft, malware, cyberstalking, and cyber-terrorism, remain relevant, the ingenious adaptability of cybercriminals continues to morph these original paradigms into more complex constructs. Deepfakes and AI-generated content, crypto-jacking, and even cyber warfare itself continue to evolve. More recently, however, these forms of cybercrime are being joined, and in some cases superseded, by other more sophisticated threats.

Spear phishing, a targeted version of phishing, has emerged as one of the most insidious cybercrimes. Cybercriminals no longer toss out a wide net in the hopes of ensnaring an unsuspecting fish but have now shifted to crafting precise, personalized lures to hook specific individuals or organizations. This modality, premised on thorough research and social engineering , typifies today’s cunning adversary, who forgoes brute force for psychological manipulation.

Next in this progression of cybercrime sophistication is the advent of Advanced Persistent Threat s (APTs). Unlike the blitzkrieg assault-style adopted by most traditional cyberattack s, APTs are slow and methodical infiltrations designed to remain undetected for prolonged periods. By leveraging backdoor techniques and a patient, stealthy approach, these threat actors compromise systems to exfiltrate data or create systemic disruption in a silent, protracted manner.

Further underscoring the evolutionary trends, cybercriminals now employ Botnets, networks of compromised devices commanded by a central operator. The damages that can be inflicted range from devastating Distributed Denial-of-Service attacks to enormous volumes of spam mail. Cybercriminals disregard the sanctity of individual autonomy and readily surrender to the collective might of these enslaved devices.

Reflecting a leap from dexterity to craftiness, supply chain attack s represent another ingenious cybercriminal innovation. These comprise a systemic, strategic violation entailing the compromise of trusted software or hardware suppliers. By infiltrating these sources, cybercriminals can lurk undetected, poised to pounce on end-users who implicitly trust their providers and, by extension, become unsuspecting victims.

Lastly, while already touched upon in the subject of deepfakes, weaponized AI and Machine Learning take the potential for harm to unprecedented heights. As these technologies advance, they become double-edged swords, providing enormous potential benefits but also harboring potential hazards. They can be manipulated to carry out highly sophisticated attacks that adapt, learn, and emulate human behaviors, making them harder to detect and counter.

In conclusion, the cybercriminal landscape remains perpetually fluid. It continues to evolve, harboring devastating potential and emphasizing the critical need for robust countermeasures and vigilance. As much as we are captivated by technology’s spell, we must also remain equally committed to fathoming its dark possibilities and approach this evolving challenge with the same unyielding determination.

Image illustrating the evolution of cybercriminal strategies

Depicting Major Cyber Crime Case Studies

When regarding the multifaceted arena of cybercrimes, a few notorious examples have made all the difference in shaping both legislative processes and public perception. These archetypical scenarios paint a stark picture of the danger posed by cybercriminals and the significant, often devastating, consequences for victims.

The infamous Yahoo data breach, which revealed itself from 2013 to 2014, can never be forgotten. It compromised approximately three billion user accounts, rendering it the most prodigious data compromise in history. Personal data, including names, email addresses, and passwords, fell into malevolent hands, leading to a leap in fraudulent activities globally. The ensuing turbulence resulted in the resignation of Yahoo’s CEO, loss of consumer trust, and a $50 million settlement.

Adobe Systems witnessed a devastating blow in October 2013—a data violation exposing approximately 38 million active user accounts. The compromised data included encrypted debit and credit card data paired with user login credentials, creating a substantial identity theft concern. Adobe had to face huge economic losses and significant reputation damage, which took years to recover from.

The Heartland Payment Systems breach in 2008 was another significant incident that stirred the digital world. Dating back to when companies scarcely understood the imminent threat of cybercrime, this attack led to a loss of over 130 million credit and debit card details. Heartland witnessed a significant financial loss of around $140 million in remediation.

In terms of affecting global infrastructure, the WannaCry ransomware attack in May 2017 was a stark example. The ransomware targeted computers running Microsoft Windows, encrypting data and demanding ransom in Bitcoin. Over 200,000 systems across 150 countries, including significant healthcare organizations, were taken hostage. The immense global disruption prompted a surge in infrastructure investment to improve cyber defense capabilities.

While most attacks impact a specific corporation or sector, the Mirai botnet attack of 2016 introduced a broader systemic threat. The malware transformed networked devices such as IP cameras, printers, and routers into a botnet to conduct distributed denial-of-service attacks. With millions of IoT devices compromised, the Mirai botnet was capable of unparalleled distributed destruction, showcasing how vulnerable global digital infrastructure can be.

Cyber espionage provides another multifaceted concern. An example was Operation Aurora in 2009, aiming to steal sensitive information from top companies, including Google and Adobe. This incident underscored the threat toward intellectual property and corporate competitive advantage, galvanizing a reevaluation of digital security measures in businesses across the world.

On the more sinister end of the spectrum, the Stuxnet worm attack showcased how cybercrime could transform into cyber warfare. In 2010, the Stuxnet worm damaged approximately one-fifth of Iran’s nuclear centrifuges, epitomizing how cyber-attacks can transgress the digital realm and enact substantial real-world damage.

Through these examples and more, it becomes perceptibly clear how multifarious the landscape of cybercrimes truly is. It underscores the imperative need for stringent cybersecurity measures, vigorous legislative action, and individual awareness of the perils that lurk in the depths of the digital world. As we further immerse ourselves in an overwhelmingly interconnected society, it is incumbent upon us to study and learn from these sobering lessons of history.

A visual representation of the dangerous landscape of cybercrimes, depicting various hacking symbols and locked padlocks.

Impact of Cyber Crime on Individuals and Society

Beyond the directly visible forms of cybercrime, such as identity theft, malware, cyberbullying, deepfakes, cyberterrorism, and crypto-jacking, there lies a plethora of repercussions affecting individual victims and wider societal structures. These implications come as a direct result of cybercrime, which infiltrates various sectors, from personal privacy to economic stability, manifesting differently across each strata of society.

When confronted with the repercussions of cybercrime, it is essential to explore the psychological impact on victims. According to research conducted by the American Psychological Association, individuals who have been victims of cyber crimes often suffer from feelings of violation, loss of trust, and feelings of powerlessness. These outcomes equip cybercriminals with a powerful psychological tool – fear, which they can deploy to extort more information or inflict further harm on their victims.

The financial implications of cybercrime are also critical. On an individual level, victims may incur substantial costs to recover from identity theft or ransomware attacks. On a larger scale, businesses are also impacted—with losses in the billions annually due to cyber theft of intellectual property and sensitive corporate information.

Cyber crimes also pose a severe threat to critical infrastructure. A targeted attack, like the Stuxnet worm or the Mirai botnet attack, can disrupt entire networks or systems. This endangerment of critical infrastructures exposes vulnerabilities in sectors such as energy, telecommunications, transportation, and healthcare, upon which our societies heavily rely.

Furthermore, cybercrime disrupts social order by exploiting our increasing reliance on digital platforms. The damage caused by malicious activities in cyberspace can instigate societal tension or even panic. For instance, the spread of false information through deepfakes or AI-generated content can destabilize communities, alter public opinion, and incite fear or chaos within the public domain.

Moreover, the infiltration of educational institutions and exploitation of data breaches, such as those experienced by Adobe Systems and Yahoo, incite concern for the security of personal and academic data, impacting trust in these institutions.

Finally, the global aspect of cyber crime complicates the enforcement of laws and the attribution of criminals. Differing legislation across jurisdictions, coupled with the abstract nature of cyberspace, often leads to perpetrators evading justice, which again amplifies public fear and mistrust.

The increasing sophistication of cyber criminal activities demands a comprehensive, multi-faceted approach to cybersecurity involving not only technological solutions but also legislative measures, international cooperation, and public awareness initiatives. Vigilance remains paramount – for both the individual and the broader social structures at risk.

In conclusion, while the repercussions of cybercrime are manifold and persistently evolving, the driving force behind combating this modern plague remains undeterred – a relentless commitment to understanding, outwitting, and ultimately neutralizing this digital threat. The continuous enhancement of cybersecurity measures, active legislative action on cybercrimes, and individual awareness of cybercrime risks are just several in the legion of dedicated efforts aimed to equip society with the tools necessary to tackle this complex issue.

An image depicting the consequences of cyber crime, showing a lock being broken, symbolizing the violation of security and privacy.

Prevention and Mitigation Strategies

Effectively addressing the potential risks and outcomes of cybercrimes necessitates a multi-pronged approach that leans heavily on collaboration, education, and the implementation of cutting-edge cybersecurity strategies. this measure rings especially pertinent against the backdrop of a progressively interconnected world, teetering on the precipice of the much-heralded fourth industrial revolution..

Collaborating across sectors and agencies is a vital strategy for tackling cybercrimes. Internationally, creating a shared understanding of cyber threats and fostering cooperation to deal with them can significantly bolster collective security measures. This includes forming partnerships with international police forces, such as INTERPOL and Europol, to expedite the identification, tracking, and prosecution of cybercriminals regardless of their geographical location.

An educated populace is arguably the first line of defense against cybercrime. The general public must be armed with the knowledge necessary to safeguard sensitive information and thwart the attempts of cybercriminals. Robust security awareness programs must be incorporated into our educational institutions, corporations, and public services, acquainting people with the modus operandi of cybercriminals and how best to respond. This includes increased awareness of the intricacies of social engineering attacks to mitigate risks like whaling and pretexting that have not been previously covered in this article.

Implementing progressive cybersecurity protocols plays a pivotal role in curbing cybercrimes. Organizations should strive for a dynamic, proactive approach as opposed to a static, reactive one. Frequent system audits, vulnerability assessments, and penetration testing can unveil potential security loopholes before cybercriminals can exploit them. A zero-trust architecture that presumes no user or process is intrinsically trustworthy, coupled with behavioral-based threat detection, could significantly bolster an organization’s defense.

Moreover, using encrypted communication channels and urging employees to regularly update their passwords and employ two-factor authentication systems can mitigate unauthorized access risks. Leveraging advanced technologies, like quantum cryptography, can offer foolproof data security, rendering any eavesdropping attempts futile.

Lastly, while strengthening legislative measures against cybercrimes, nations must also create an environment conducive to the reporting of such incidents. Victims often shy away from reporting due to fear of reputational damage or lack of faith in the justice system. Ensuring confidentiality and demonstrating stringent punishment against perpetrators could effectively deter the commission of these crimes.

As we tiptoe into an era dominated by Big Data, 5G, and Artificial Intelligence, our strategies against cybercrime must evolve at a concordant, if not more rapid, pace. A synergized effort spanning individuals, organizations, and countries, buttressed by relentless vigilance, is our best hope in the grand scheme of cybersecurity. Striking that balance between advancing technologically and maintaining cyber hygiene will be the perpetual litmus test for our digitized world.

Illustration of a person protecting a digital lock with a shield, symbolizing the defense against cybercrime risks and outcomes.

As we continue to tread through this digital age, understanding the insidious nature of cyber crimes not only informs but empowers us as individuals, organizations, and as a society. We have explored in detail the varied forms of these crimes, their evolution through the years, their devastating impacts exemplified through notable case studies, and the undeniably lasting mark they leave on individuals and societies alike. Furthermore, we have offered a glimpse into the strategies that can be employed to fortify our defenses against these invisible aggressors. The key lies in continual awareness, constant vigilance, and strategic preparedness so that we may navigate this intricate digital universe safely. As we move forward, remember the fight against cybercrime isn’t just for those in the corridors of power but for every Internet user who plays a vital role in this digital ecosystem.

Donald Korinchak, MBA, PMP, CISSP, CASP, ITILv3

Programs submenu

Regions submenu, topics submenu, biotech innovation and bayh-dole: a fireside chat with gillian m. fenton, the impossible state live podcast: a threat like no other - the russia-north korea alliance, the state of russia's defense industry after two years of war and sanctions, report launch: the role of trust in advancing equity in innovation.

Abshire-Inamori Leadership Academy
Aerospace Security Project
Africa Program
Americas Program
Arleigh A. Burke Chair in Strategy
Asia Maritime Transparency Initiative
Asia Program
Australia Chair
Brzezinski Chair in Global Security and Geostrategy
Brzezinski Institute on Geostrategy
Chair in U.S.-India Policy Studies
China Power Project
Chinese Business and Economics
Defending Democratic Institutions
Defense-Industrial Initiatives Group
Defense 360
Defense Budget Analysis
Diversity and Leadership in International Affairs Project
Economics Program
Emeritus Chair in Strategy
Energy Security and Climate Change Program
Europe, Russia, and Eurasia Program
Freeman Chair in China Studies
Futures Lab
Geoeconomic Council of Advisers
Global Food and Water Security Program
Global Health Policy Center
Hess Center for New Frontiers
Human Rights Initiative
Humanitarian Agenda
Intelligence, National Security, and Technology Program
International Security Program
Japan Chair
Kissinger Chair
Korea Chair
Langone Chair in American Leadership
Middle East Program
Missile Defense Project
Project on Critical Minerals Security
Project on Fragility and Mobility
Project on Nuclear Issues
Project on Prosperity and Development
Project on Trade and Technology
Renewing American Innovation Project
Scholl Chair in International Business
Smart Women, Smart Power
Southeast Asia Program
Stephenson Ocean Security Project
Strategic Technologies Program
Wadhwani Center for AI and Advanced Technologies
Warfare, Irregular Threats, and Terrorism Program
All Regions
Australia, New Zealand & Pacific
Middle East
Russia and Eurasia
American Innovation
Civic Education
Climate Change
Cybersecurity
Defense Budget and Acquisition
Defense and Security
Energy and Sustainability
Food Security
Gender and International Security
Geopolitics
Global Health
Human Rights
Humanitarian Assistance
Intelligence
International Development
Maritime Issues and Oceans
Missile Defense
Nuclear Issues
Transnational Threats
Water Security
Significant Cyber Incidents

This timeline records significant cyber incidents since 2006, focusing on cyber attacks on government agencies, defense and high tech companies, or economic crimes with losses of more than a million dollars.

Cloud Policy Agenda
Staff and Affiliates

This timeline records significant cyber incidents since 2006. We focus on cyber attacks on government agencies, defense and high tech companies, or economic crimes with losses of more than a million dollars. If you think we’ve missed something, please send an email to [email protected] .

Available Downloads

Significant Cyber Events List 812kb

May 2024: A new report from Canada’s Communications Security Establishment detected Chinese espionage activity against eight members of Parliament and one senator starting in 2021. The spies likely attempted to obtain information from the targets’ personal and work devices but were unsuccessful, according to the report. The Parliamentarians were members of Canada’s Inter-Parliamentary Alliance on China, which focuses on how democracies should approach PRC-related issues. The report also mentioned this activity was similar to activity against 19 European countries dating back to 2020.

May 2024: Recent media reports stated Pakistani cyber spies deployed malware against India’s government, aerospace, and defense sectors. The group sent phishing emails masquerading as Indian defense officials to infect their targets' devices and access sensitive information. The attack’s extent is unknown.

May 2024: Chinese hackers hit Britain’s Ministry of Defense with a cyberattack that exposed sensitive information on every troop apart from the UK’s special forces. The attackers targeted a third-party contractor to access names and bank details of current and former members of the armed forces. The UK Minister of Defence stopped short of publicly naming China as the culprit.

May 2024: Poland and the Czech Republic accused Russian cyber spies of targeting government and infrastructure networks. Both countries claim the attacks occurred around the same time Russian hackers attacked the German government. Hackers gained access by exploited a Microsoft Outlook vulnerability, and the extent of the compromised data is currently unknown.

May 2024: Germany accused Russian hackers of breaking into the emails of Germany’s Social Democrats, the leading party in its governing coalition, and recalled its ambassador from the country. The campaign started in March 2022 when hackers exploited vulnerabilities in Microsoft Outlook to target the party’s executive committee, as well as German defense and aerospace companies.

April 2024: Ukraine’s military intelligence agency launch a cyberattack against Russia’s ruling United Russia party the same day Russia hosted its Victory Dictation. Attackers launched a barrage of DDoS attacks against United Russia’s servers, websites, and domains to make them inaccessible. United Russia publicly admitted to suffering from a “massive” DDoS attack.

April 2024: Belarusian pro-democracy hackers, known as the Belarusian Cyber-Partisans, crippled the website of Belarus’ main security service agency for over two months. The hackers also published a list of website administrators, its database, and server logs on its Telegram channel. This is the latest in a series of attacks against the Belarusian government by the group.

April 2024: Police in the United Kingdom are investigating a series of “honey trap” attacks against British MPs. Attackers sent explicit messages allegedly of themselves over WhatsApp to their target for the apparent purpose of acquiring compromising images of the target. The perpetrators of these attacks are currently unknown.

April 2024: Germany plans to create a cyber military branch as part of its military restructuring. Germany's defense minister, Boris Pistorius, stated the new Cyber and Information Domain Service (CIR) would help deter increasing cyber aggression from Russia against Germany and its NATO allies.

April 2024: Hackers attacked El Salvador’s national cryptocurrency wallet Chivo and exposed over 144 GB of sensitive personal information of millions of Salvadorians. The hackers also released Chivo’s source code publicly. The Salvadorian government has not released an official public statement on the attack.

March 2024: A “massive” cyberattack disrupted the African Union’s systems for over a week and infected over 200 user devices, according to the deputy chair of the AU Commission. The cause of the cyberattack is unknown.

March 2024: Iranian hackers compromised an IT network connected to an Israeli nuclear facility. Hackers leaked sensitive facility documents but did not compromise its operational technology network.

March 2024: Russian hackers launched phishing attacks against German political parties. Hackers concealed ransomware in a fake dinner invitation from Germany’s Christian Democratic Union to install a backdoor in their victim’s computer.

March 2024: India’s government and energy sectors was breached in a cyber espionage campaign. Hackers sent a malicious file disguised as a letter from India’s Royal Air Force to offices responsible for India’s electronic communications, IT governance, and national defense. Researchers have not yet determined who conducted the attack.

March 2024: A U.S. Department of Justice indictment revealed Chinese hackers targeted several EU members of the Inter-Parliamentary Alliance on China and Italian MPs. The attack was designed to detect IP addresses and the targets’ locations.

March 2024: Canada pulled its financial intelligence system FINTRAC offline after a “cyber incident” by a currently unidentified attacker. FINTRAC claims the attack does not involve its intelligence or classified systems but declined to disclose further details of the incident.

March 2024: Russian hackers leaked an intercepted conversation between German military officials about the country’s support for Ukraine. In the call, the head of Germany's Air Force discussed the possibility of supplying Taurus missiles to Ukraine and commented on German Chancellor Olaf Scholz's hesitance to send the missiles. Germany announced it would investigate the incident and believes the leak was intended to inflame divisions in Germany.

March 2024: Switzerland’s National Cyber Security Centre (NCSC) confirmed that leaded data from a May 2023 breach included 65,000 documents from the Federal Administration. The documents contained sensitive personal data, classified information, and passwords, and were from Switzerland’s federal police, judiciary, and migration offices. Swiss officials had originally assessed that breach only impacted non-government documents.

March 2024: Microsoft claims Russian hackers stole its source code and are continuing to gain unauthorized access to its internal systems as part of their November 2023 campaign to spy on senior Microsoft executives. Microsoft also said attackers increased the volume of their “password spray” attacks by nearly tenfold between January and February 2024. The company did not disclose further details on the source code access or breached internal systems.

February 2024: Russian hackers launched an espionage campaign against the embassies of Georgia, Poland, Ukraine, and Iran beginning in 2023. Hackers exploited a bug in a webmail server to inject malware into servers at the embassies and collect information on European and Iranian political and military activities.

February 2024: Roughly 190 megabytes of data from a Chinese cybersecurity company were exposed online, revealing the company’s espionage efforts on the governments of the United Kingdom, India, Indonesia, and Taiwan. The leak’s source is unknown.

February 2024: The Royal Canadian Mounted Police suffered a cyberattack against its networks. The RCMP stated it is investigating this “alarming” incident and does not believe it had an impact on its operations or the safety and security of Canadians. It is so far unclear who is behind the attack and if it was a data breach or security incident.

February 2024: U.S. officials hacked an Iranian military spy ship that was sharing intelligence with Houthi rebels who have been firing on ships in the Red Sea. According to U.S. officials, the attack was part of the Biden administration’s response to an Iranian drone stroke that killed three U.S. soldiers in Jordan.

February 2024: A data breach of French health insurance companies in January 2024 affected 33 million French citizens, or nearly half the country’s population. The attack compromised sensitive birth date, social security, and marital status information, but not medical history. The French data protection agency opened an investigation to determine if the companies complied with cybersecurity guidelines under the EU’s General Data Protection Regulations.

February 2024: Chinese spies places malware in a Dutch military network in 2023. The network was not connected to the defense ministry’s main network, which reduced damage. This is the first time the Netherlands has publicly accused China of cyber espionage.

January 2024: Hackers breached Global Affairs Canada’s secure VPN in December 2023, allowing hackers to access sensitive personal information of users and employees. It affected staff emails, calendars, and contacts. It’s unclear if classified information was compromised or lost. The hacker's identity is currently unknown.

January 2024: Russian hackers launched a ransomware attack against Sweden’s only digital service provider for government services. The attack affected operations for 120 government offices and came as Sweden prepared to join NATO. Sweden expects disruptions to continue for several weeks.

January 2024: Microsoft announced that Russian hackers broke into its corporate systems. Hackers used a “password spray attack” to steal emails and documents from accounts of Microsoft’s senior leadership, cybersecurity, and legal teams back in November 2023.

January 2024: Russian hackers attacked 65 Australian government departments and agencies and stole 2.5 million documents in Australia’s largest government cyberattack. Hackers infiltrated an Australian law firm that worked with the government to gain access to government files.

January 2024: The Australian government identified and sanctioned Aleksandr Ermakov as the Russian hacker who breached Medibank, the country’s largest private health insurance provider, in 2022. He stole information from 9.7 million current and former Medibank customers. This is the first time Australia has issued cyber sanctions against an individual since the framework was established in 2021. The U.S. and UK also sanctioned Ermakov.

January 2024: Russian agents hacked residential webcams in Kyiv to gather information on the city’s air defense systems before launching a missile attack on Kyiv. Hackers changed the cameras’ angles to gather information on nearby critical infrastructure facilities and stream the footage on YouTube. Ukraine has since ordered webcam operators in the country to stop live broadcasts.

December 2023: Israeli-linked hackers disrupted approximately 70% of gas stations in Iran. Hackers claimed the attack was in retaliation for aggressive actions by Iran and its proxies in the region. Pumps restored operation the next day, but payment issues continued for several days.

December 2023: Ukrainian state hackers crippled Russia’s largest water utility plant by encrypting over 6,000 computers and deleting over 50 TB of data. Hackers claimed their attack was in retaliation for the Russian Kyivstar cyberattack.

December 2023: Russian hackers hit Ukraine’s largest mobile phone provider, Kyivstar, disabling access to its 24 million customers in Ukraine. Hackers claim to have destroyed more than 10,000 computers and 4,000 servers, including cloud storage and backup systems. The attack began hours before President Zelenskyy met with President Biden in Washington D.C.

December 2023: Ukraine’s military intelligence service (the GRU) claims to have disabled Russia’s tax service in a cyberattack. According to the GRU, the attack destroyed the system’s configuration files, databases, and their backups, paralyzing Russia’s tax service.

November 2023: Suspected Chinese hackers launched an espionage campaign against Uzbekistan and the Republic of Korea. Hackers use phishing campaigns to gain access to their target’s systems and decrypt their information.

November 2023: Chinese-linked hackers attacked Japan’s space agency during summer 2023 and compromised the organization’s directory. The agency shut down parts of its network to investigate the breach’s scope, but claims it did not compromise critical rocket and satellite operations information.

November 2023: Chinese hackers compromised Philippine government networks. Beginning in August 2023, hackers used phishing emails to imbed malicious code into their target’s systems to establish command-and-control and spy on their target’s activities.

November 2023: Trinidad and Tobago’s Prime Minister Dr. Keith Rowley declared the latest ransomware attack against the country’s telecommunications service to be a “national security threat.” Hackers stole an estimated six gigabytes of data, including email addresses, national ID numbers, and phone numbers.

November 2023: Denmark suffered its largest cyberattack on record when Russian hackers hit twenty-two Danish power companies. The attack began in May 2023 and appeared to be aimed at gaining comprehensive access to Denmark’s decentralized power grid. Hackers exploited a critical command injection flaw and continued to exploit unpatched systems to maintain access.

November 2023: Chinese cybercriminals targeted at least 24 Cambodian government networks, including the National Defense, Election Oversight, Human Rights, National Treasury, Finance, Commerce, Politics, Natural Resources and Telecommunications agencies. Hackers disguised themselves as cloud storage services to mask their data exfiltration. Initial research indicates the attack is part of a broader Chinese espionage campaign.

October 2023: Hacktivists stole 3,000 documents from NATO, the second time in three months that hacktivists have breached NATO’s cybersecurity defenses. Hackers described themselves as “gay furry hackers” and announced their attack was retaliation against NATO countries’ human rights abuses. NATO alleges the attack did not impact NATO missions, operations, or military deployments.

October 2023: Researchers discovered what appears to be a state-sponsored software tool designed for espionage purposes and used against ASEAN governments and organizations.

October 2023: Pro-Hamas and pro-Israeli hacktivists have launched multiple cyberattacks against Israeli government sites and Hamas web pages in the aftermath of Hamas’ attacks on Israel on October 7th. Russian and Iranian hacktivists also targeted Israeli government sites, and Indian hacktivists have attacked Hamas websites in support of Israel.

October 2023: Vietnamese hackers attempted to install spyware on the phones of journalists, United Nations officials and the chairs of the House Foreign Affairs Committee and Senate Homeland Security and Governmental Affairs. The spyware was designed to siphon calls and texts from infected phones, and the unsuccessful deployment comes while Vietnamese and American diplomats were negotiating an agreement to counter China’s growing influence in the region.

October 2023: New reporting reveals Chinese hackers have been targeting Guyana government agencies with phishing emails to exfiltrate sensitive information since February 2023.

October 2023: North Korean hackers sent malware phishing emails to employees of South Korea’s shipbuilding sector. South Korea’s National Intelligence Service suggested that the attacks were intended to gather key naval intelligence that could help North Korea build larger ships.

September 2023: Indian hacktivists targeted Canada’s military and Parliament websites with DDoS attacks that slowed system operations for several hours. Hacktivists referenced Canadian Prime Minister Justin Trudeau’s public accusation against India of killing Sikh independence activist Hardeep Singh Nijjar as motivation for the hack.

September 2023: Iranian hackers launched a cyberattack against Israel’s railroad network. The hackers used a phishing campaign to target the network’s electrical infrastructure. Brazilian and UAE companies were also reportedly targeted in the same attack.

September 2023: U.S. and Japanese officials warn that Chinese state-sponsored hackers placed modifying software inside routers to target government industries and companies located in both countries. The hackers use firmware implants to stay hidden and move around in their target’s networks. China has denied the allegations.

September 2023: A massive cyberattack hit Bermuda’s Department of Planning and other government services. The country’s hospitals, transportation, and education centers remained functional, but other services were down for several weeks. Bermuda announced that it is investigating the attack and declined to state if any sensitive data was compromised.

September 2023: Cybercriminals targeted Kuwait’s Ministry of Finance with a phishing ransomware attack. Kuwait isolated the Ministry and other government systems to protect them from potential further attacks.

September 2023: Russian is stepping up cyberattacks against Ukrainian law enforcement agencies, specifically units collecting and analyzing evidence of Russian war crimes, according to Ukrainian officials. Russian cyberattacks have primarily targeted Ukrainian infrastructure for most of the war.

September 2023: Russian forces in occupied Crimea reported a cyberattack on Crimean Internet providers. The attack happened around the same time that a Ukrainian missile strike aimed at Russian naval headquarters in the area. Ukrainian officials have yet to comment.

September 2023: Russian cybercriminals breached the International Criminal Court’s IT systems amid an ongoing probe into Russian war crimes committed in Ukraine.

September 2023: A new Microsoft report indicates an increase of Chinese cyber operations in the South China Sea, as well as increased attacks against the U.S. defense industrial base and U.S. critical infrastructure. The increase comes amid rising tensions between China and the U.S.

September 2023: A Russian ransomware group leaked Australian federal police officers’ details on the dark web. The leak is the latest phase of a Russian attack which started in April 2023 against an Australian law firm that services several Australian government agencies.

September 2023: The iPhone of a Russian journalist for the independent newspaper Meduza was infected with Pegasus spyware in Germany this year. The incident is the first known instance of the spyware being used against a prominent Russian target. The country behind the spyware placement is unknown, but Latvia, Estonia, Azerbaijan, Kazakhstan, and Uzbekistan are all suspects given past use of Pegasus spyware or their allegiance to Russia.

September 2023: Suspected Chinese hackers attacked the national power grid of an unspecified Asian country earlier this year using Chinese malware. The group corrupted a Windows application that allowed them to move laterally within their target’s systems.

September 2023: A ransomware attack wiped four months of Sri Lankan government data. The country’s cloud services system didn’t have backup services available for the data from May 17 to August 26, according to reporting. Malicious actors targeted Sri Lanka’s government cloud system starting in August 2023 by sending infected links to government workers.

September 2023: An Indian cybersecurity firm uncovered plans from Pakistani and Indonesian hacking groups to disrupt the G20 summit in India. The hacktivists are expected to use DDoS attacks and mass defacement in their attacks, which are presumed to be the latest development in the hacktivist battle between these nations according to the firm’s research.

September 2023: Russian hackers stole thousands of documents from the British Ministry of Defense and uploaded them to the dark web. The documents contained accessibility details for a nuclear base in Scotland, high-security prisons, and other national security details. Hackers acquired the documents by breaking into a British fencing developer and gaining backdoor access to Ministry files.

September 2023: Russian cyber criminals accessed sensitive information from South Africa’s Department of Defense, including military contracts and personnel information. The Department reversed its previous statement denying the data leak.

August 2023: Russian hacktivists launched DDoS attacks against Czech banks and the Czech stock exchange. The hackers cut online banking access to the banks’ clients and demanded that the institutions stop supporting Ukraine. Bank representatives claim the hacks did not threaten their clients’ finances.

August 2023: Unnamed hackers took X, formerly known as Twitter, offline in several countries and demanded that owner Elon Musk open Starlink in Sudan. Attackers flooded the server with traffic to disable access for over 20,000 individuals in the U.S., UK, and other countries.

August 2023: Cybercriminals are allegedly selling a stolen dataset from China’s Ministry of State Security. The full data set purportedly includes personal identification information for roughly half a billion Chinese citizens and “classified document[s],” according to the criminals’ post about the sale.

August 2023: Russian hacktivists launched several DDoS attacks that knocked the Polish government’s website offline, as well as the Warsaw Stock exchange and several Polish national banks.

August 2023: Russian hacktivists disabled Poland’s rail systems by gaining access to the system’s railway frequencies and transmitted a malicious signal that halted train operations. Attackers blasted Russia’s national anthem and a speech from Putin on Russia’s military operation in Ukraine during the attack.

August 2023: Chinese hackers targeted a U.S. military procurement system for reconnaissance, along with several Taiwan-based organizations. Attackers targeted high-bandwidth routers to exfiltrate data and establish covert proxy networks within target systems.

August 2023: Ukrainian hackers claim to have broken into the email of a senior Russian politician and leaked medical and financial documents, as well as messages that allegedly connect him to money laundering and sanctions evasion plots.

August 2023: Ecuador’s national election agency claimed that cyberattacks from India, Bangladesh, Pakistan, Russia, Ukraine, Indonesia and China caused difficulties for absentee voters attempting to vote online in the latest election. The agency didn’t elaborate on the nature of the attacks.

August 2023: Suspected North Korean hackers attempted to compromise a joint U.S.-South Korean military exercise on countering nuclear threats from North Korea. Hackers launched several spear phishing email attacks at the exercise’s war simulation center.

August 2023: Bangladesh shut down access to their central bank and election commission websites amid warnings of a planned cyberattack by an Indian hacking group. The shutdown was intended to prevent a cyberattack similar to a 2016 incident in Bangladesh where hackers stole nearly $1 billion, according to the central bank’s statement.

August 2023: Belarusian hackers targeted foreign embassies in the country for nearly a decade, according to new reporting. Hackers disguised malware as Windows updates to get diplomats to download it onto their devices.

August 2023: Chinese hackers obtained personal and political emails of a U.S. Congressman from Nebraska. The hackers exploited the same Microsoft vulnerability that gave them access to emails from the State Department and Department of Commerce.

August 2023: Iranian cyber spies are targeting dissidents in Germany, according to Germany’s domestic intelligence unit. The spies are using false digital personas tailored to victims to build a rapport with their targets before sending a malicious link to a credential harvesting page.

August 2023: Ukraine’s State Security Service (SBU) claims that Russia’s GRU is attempting to deploy custom malware against Starlink satellites to collect data on Ukrainian troop movements. SBU members discovered malware on Ukrainian tablets that were captured by the Russians before being recovered by Ukrainian forces.

August 2023: Russian hackers launched a ransomware attack against a Canadian government service provider, compromising the data of 1.4 million people in Alberta. The organization paid the ransom and claimed that very little data was lost.

August 2023 : A Canadian politician was targeted by a Chinese disinformation campaign on WeChat. The attack included false accusations about the politician’s race and political views. The Canadian government believes the attacks are retaliation against the politician's criticism of China's human rights policies.

August 2023: The Canadian government accused a “highly sophisticated Chinese state-sponsored actor” of hacking a prominent Canadian federal scientific research agency.

August 2023: Russia’s military intelligence service attempted to hack Ukrainian Armed Forces’ combat information systems. Hackers targeted Android tablets that Ukrainian forces use for planning and orchestrating combat missions.

August 2023: The United Kingdom’s Electoral Commission revealed that Russian hackers breached the commission’s network beginning in August 2021. They obtained information on tens of thousands of British citizens by accessing the commission’s email and file-sharing system.

August 2023: According to a new report, North Korean hackers breached computer systems at a Russian missile developer for five months in 2022. Analysts could not determine what information may have been taken or viewed.

July 2023: China claims that an earthquake monitoring system in Wuhan was hacked by “U.S. cybercriminals.” Chinese state media asserts that a backdoor program with the capacity to steal seismic data was inserted into the program.

July 2023: Kenya’s eCitizen service was disrupted by pro-Russian cybercriminals for several days. Kenya’s Ministry of Information, Communications, and the Digital Economy claimed that no data was accessed or lost.

July 2023: Russian-linked cyber hackers have targeted Ukrainian state services such as the app “Diia” using malware and phishing attacks. The primary targets are Ukrainian defense and security services.

July 2023: The Ministry of Justice in Trinidad and Tobago was hit with a DDoS attack that disrupted court operations across the country. The ministry reported outages beginning in late June, which are believed to be linked to this same attack.

July 2023: New Zealand’s parliament was hit by a cyberattack from a Russian hacking group. The group said their attack was retaliation against New Zealand’s support for Ukraine, such as its assistance with training Ukrainian troops and sanctions against Russia. Heckers temporarily shut down the New Zealand Parliament, Parliamentary Counsel Office (PCO) and Legislation websites in a DDoS attack.

July 2023: Russian hackers targeted twelve government ministries in Norway to gain access to sensitive information. The hackers exploited a vulnerability in a software platform used by the ministries.

July 2023: A South Korean government-affiliated institution fell victim to a phishing scandal that resulted in a loss of 175 million wons, reportedly the first phishing incident against a South Korean government public organization.

July 2023: Chinese-linked hackers infected a Pakistani government app with malware. A state bank and telecoms provider were also targeted in the attack.

July 2023: Chinese hackers breached the emails of several prominent U.S. government employees in the State Department and Department of Commerce through a vulnerability in Microsoft’s email systems.

July 2023: Russian hackers targeted numerous attendees of the latest NATO Summit in Vilnius. The assailants used a malicious replica of the Ukraine World Congress website to target attendees.

July 2023: A Polish diplomat’s advertisement to purchase a used BMW was corrupted by Russian hackers and used to target Ukrainian diplomats. The hackers copied the flyer, imbedded it with malicious software and distributed it to foreign diplomats in Kyiv.

June 2023: A group allegedly tied to the private military corporation Wagner hacked a Russian satellite telecommunications provider that services the Federal Security Service (FSB) and Russian military units. The attack comes after Wagner’s attempted rebellion against President Vladimir Putin over the war in Ukraine.

June 2023: A Pakistani-based hacker group infiltrated the Indian army and education sector in the group’s latest wave of attacks against Indian government institutions.The hack is the latest in a series of targeted attacks from this group that have intensified over the past year.

June 2023: Pro-Russian hacktivists attacked several European banking institutions, including the European Investment Bank, in retaliation against Europe’s continued support of Ukraine. The hacktivists used a DDoS attack to disrupt EIB.

June 2023: Several U.S. federal government agencies, including Department of Energy entities, were breached in a global cyberattack by Russian-linked hackers. Cybercriminalstargeted a vulnerability in software that is widely used by the agencies, according to a US cybersecurity agent.

June 2023: An Illinois hospital became the first health care facility to publicly list a ransomware attack as a primary reason for closing. The attack, which occurred in 2021,permanently crippled the facility’s finances.

June 2023: Pro-Russian hackers targeted several Swiss government websites, including those for Parliament, the federal administration, andthe Geneva airport. The DDoS attacks coincide in conjunction with preparations for Ukrainian President Volodimir Zelensky’s virtual address before the Swiss parliament.

June 2023: According to new reporting,North Korean hackers have been impersonating tech workers or employers to steal more than $3 billion since 2018. The money has reportedly beenused to fundthe country’s ballistic missiles program, according to U.S. officials.

June 2023: Ukrainian hackers claimed responsibility for an attack on a Russian telecom firm that provides critical infrastructure to the Russian banking system. The attack occurred in conjunction with Ukraine’s counteroffensive.

June 2023: Russia’s Federal Security Services (FSB) alleged that Apple worked closely with US intelligence agencies to hack thousands of iPhones belonging to Russian users and foreign diplomats. Apple denied theclaims, and the NSA declined to comment.

May 2023: Belgium’s cyber security agency has linked China-sponsored hackers to a spearfishing attack on a prominent politician. The attack comes as European governments are increasingly willing to challenge China over cyber offences.

May 2023: Chinese hackers breached communications networks at a U.S. outpost in Guam. The hackers used legitimate credentials, making it harder to detect them.

May 2023: Chinese hackers targeted Kenyan government ministries and state institutions, including the presidential office. The hacks appeared to be aimed at gaining information on debt owed to Beijing.

May 2023: A likely Russia state group has targeted government organizations in Central Asia. The group is using previously unknown malware, and the attacks focused on document exfiltration.

May 2023: An unidentified group hacked targets in both Russia and Ukraine. The motive for the attacks was surveillance and data gathering,

May 2023: Russian-linked hackivist conducted an unsuccessful cyberattack against Ukraine’s system for managing border crossings by commercial trucks through a phishing campaign

April 2023: Sudan-linked hackers conducted a DDoS attack on Israel’s Independence Day, taking the Israeli Supreme Court’s website offline for several hours. Israeli cyber authorities reported no lasting damage to network infrastructure. Hackers claimed to have also attacked several other Israeli government and media sites, but those attacks could not be confirmed. The group has been active since at least January 2023, attacking critical infrastructure in Northern Europe and is considered religiously motivated.

April 2023: NSA cyber authorities reported evidence of Russian ransomware and supply chain attacks against Ukraine and other European countries who have provided Ukraine with humanitarian aid during the war in Ukraine. There were no indications of these attacks against U.S. networks.

April 2023: Iranian state-linked hackers targeted critical infrastructure in the U.S. and other countries in a series of attacks using a previously unseen customized dropper malware. The hacking group has been active since at least 2014, conducting social engineering and espionage operations that support the Iranian government’s interests.

April 2023: Recorded Future released a report revealing data exfiltration attacks against South Korean research and academic institutions in January 2023. The report identified Chinese-language hackers. Researchers believe that this is a hacktivist group motivated by patriotism for China.

April 2023: Researchers at Mandiant attributed a software supply chain attack on 3CX Desktop App software to North Korea-linked hackers. During its investigation, Mandiant found that this attack used a vulnerability previously injected into 3CX software. This is Mandiant’s first discovery of a software supply chain attack leveraging vulnerabilities from a previous software supply chain attack.

April 2023: Chinese hackers targeted telecommunication services providers in Africa in an espionage campaign since at least November 2022. Researchers believe the group has targeted pro-domestic human rights and pro-democracy advocates, including nation-states, since at least 2014. Using the access from the telecom providers, the group gathers information including keystrokes, browser data, records audio, and captures data from individual targets on the network.

April 2023: A Russia-linked threat group launched a DDoS attack against Canadian prime Minister Justin Trudeau, blocking access to his website for several hours. The operation’s timing coincided with the Canadian government’s meeting with Ukrainian Prime Minister Denys Shmyhal, suggesting that the operation was retaliation.

April 2023: North Korea-linked hackers are operating an ongoing espionage campaign targeting defense industry firms in Eastern Europe and Africa. Researchers at Kaspersky believe the hacking group shifted its focus in 2020 from financially motivated coin-mining attacks to espionage.

April 2023: Researchers discovered Israeli spyware on the iPhones of over 5 journalists, political opposition figures, and an NGO worker. Hackers initially compromised targets using malicious calendar invitations. The hackers’ origin and motivations are unclear.

April 2023: Ukraine-linked hacktivists targeted the email of Russian GRU Unit26165’s leader, Lieutenant Colonel Sergey Alexandrovich, leaking his correspondence to a volunteer intelligence analysis group. The exfiltrated data contained Alexandrovich’s personal information, unit personnel files, and information on Russian cyberattack tools.

April 2023: North Korean-linked hackers targeted people with expertise on North Korea policy issues in a phishing campaign. Hackers posed as journalists requesting interviews from targets, inviting them to use embedded links for scheduling and stealing their login credentials. The amount of information stolen and number of targets are unclear.

March 2023. Russian hackers brought down the French National Assembly’s website for several hours using a DDoS attack. In a Telegram post, hackers cited the French government’s support for Ukraine as the reason for the attack.

March 2023. CISA and FBI reported that a U.S. federal agency was targeted by multiple attackers, including a Vietnamese espionage group, in a cyberespionage campaign between November 2022 and January 2023. Hackers used a vulnerability in the agency’s Microsoft Internet Information Services (IIS) server to install malware.

March 2023. A Chinese cyberespionage group targeted an East Asian data protection company who serves military and government entities that lasted approximately a year.

March 2023: (3/24) A South Asian hacking group targeted firms in China’s nuclear energy industry in an espionage campaign. Researchers believe the group commonly targets the energy and government sectors of Pakistan, China, Bangladesh, and Saudi Arabia.

March 2023. Estonian officials claim that hackers unsuccessfully targeted the country’s internet voting system during its recent parliamentary elections. Officials did not release details about the attacks or provide attribution.

March 2023. North Korean hackers targeted U.S.-based cybersecurity research firms in a phishing campaign. The campaign was meant to deliver malware for cyberespionage.

March 2023. A Chinese cyber espionage group targeted government entities in Vietnam, Thailand, and Indonesia, using newly developed malware optimized to evade detection.

March 2023. Russian hackers launched social engineering campaigns targeting U.S. and European politicians, businesspeople, and celebrities who have publicly denounced Vladimir Putin’s invasion of Ukraine. Hackers persuaded victims to participate in phone or video calls, giving misleading prompts to obtain pro-Putin or pro-Russian soundbites. They published these to discredit victims’ previous anti-Putin statements.

March 2023. Slovakian cybersecurity researchers discovered a new exploit from a Chinese espionage group targeting political organizations in Taiwan and Ukraine.

March 2023. Poland blamed Russia hackers for a DDoS attack on its official tax service website. Hackers blocked users’ access to the site for approximately an hour, but no data was leaked in the attack. A pro-Russian hacking group had earlier published a statement on Telegram about its intention to attack the Polish tax service.

February 2023. Russian hackers deployed malware to steal information from Ukrainian organizations in a phishing campaign. The malware is capable of extracting account information and files, as well as taking screenshots. Researchers believe the group is a key player in Russia’s cyber campaigns against Ukraine.

February 2023. A pro-Russian hacking group claimed responsibility for DDoS attacks against NATO networks used to transmit sensitive data. The attack disrupted communications between NATO and airplanes providing earthquake aid to a Turkish airbase. The attack also took NATO’s sites offline temporarily.

February 2023. Polish officials reported a disinformation campaign targeting the Polish public. Targets received anti-Ukrainian refugee disinformation via email. Officials claimed these activities may be related to Russia-linked hackers.

February 2023. A North Korean hacking group conducted an espionage campaign between August and November 2022. Hackers targeted medical research, healthcare, defense, energy, chemical engineering and a research university, exfiltrating over 100MB of data from each victim while remaining undetected. The group is linked to the North Korean government.

February 2023. Latvian officials claimed that Russian hackers launched a phishing campaign against its Ministry of Defense. The Latvian Ministry of Defense stated this operation was unsuccessful.

February 2023. Iranian hacktivists disrupted the state-run television broadcast of a speech by Iranian president Ebrahim Raisi during Revolution Day ceremonies. Hackers aired the slogan “Death to Khamenei” and encouraged citizens to join antigovernment protests.

February 2023. An Iranian hacking group launched an espionage campaign against organizations in the Middle East. Hackers used a backdoor malware to compromise target email accounts. Researchers claim the hacking group is linked to Iranian intelligence services.

February 2023. Iranian hacktivists claimed responsibility for taking down websites for the Bahrain international airport and state news agency.

February 2023. Hackers launched a ransomware attack against Technion University, Israel’s top technology education program. Hackers demanded 80 bitcoin ($1.7 million USD) to decrypt the university’s files. Israeli cybersecurity officials blamed Iranian state-sponsored hackers for the attack.

February 2023. Hackers disabled Italy’s Revenue Agency (Agenzia delle Entrane) website. While the website was disabled, users received phishing emails directing them to a false login page that mirrored the official agency site.

February 2023. Chinese cyberespionage hackers performed a spear-phishing campaign against government and public sector organizations in Asia and Europe. The emails used a draft EU Commission letter as its initial attack vector. These campaigns have occurred since at least 2019.

January 2023. Latvian officials claimed that Russia-linked hackers launched a cyber espionage phishing campaign against its Ministry of Defense. The Latvian Ministry of Defense stated this operation was unsuccessful.

January 2023. CISA, the NSA, and the Multi-State Information Sharing and Analysis Center released a joint advisory warning of an increase in hacks on the federal civilian executive branch utilizing remote access software. This follows an October 2022 report on a financially motivated phishing campaign against multiple U.S. federal civilian executive branch agencies.

January 2023. Russia-linked hackers deployed a ransomware attack against the UK postal service, the Royal Mail. The attack disrupted the systems used to track international mail.

January 2023. Iran-linked hackers executed ransomware attacks and exfiltrated data from U.S. public infrastructure and private Australian organizations. Australian authorities claim that the data exfiltrated was for use in extortion campaigns.

January 2023. Hackers used ransomware to encrypt 12 servers at Costa Rica’s Ministry of Public Works, knocking all its servers offline.

January 2023. Albanian officials reported that its government servers were still near-daily targets of cyber-attacks following a major attack by Iran-linked hackers in 2022.

January 2023. Hackers launched a series of cyber-attacks against Malaysian national defense networks. Malaysian officials stated that the hacking activities were detected early enough to prevent any network compromise.

January 2023. Hackers targeted government, military, and civilian networks across the Asia Pacific leveraging malware to obtain confidential information. The malware targeted both the data on victim machines as well as audio captured by infected machines’ microphones.

January 2023 . Hackers sent over a thousand emails containing malicious links to Moldovan government accounts.

December 2022. China-linked hackers launched phishing attacks against government, education, and research sector victims across the Asia Pacific. These attacks contained malware designed for espionage.

December 2022. Hackers launched email phishing attacks against Ukranian government agencies and state railway systems. The emails included information on kamikaze drone identification and deployed malware designed for espionage onto victim machines.

December 2022. Hackers obtained contact information for more than 80,000 members of FBI threat information sharing program, InfraGard. They then posted this information for sale on a cybercrime forum.

December 2022. Microsoft reported that it observed a pattern of attacks targeting Ukranian critical infrastructure from Russian hacking group, Sandworm. These attacks were accompanied by pro-Russian propaganda.

December 2022. The Human Rights Watch reported an ongoing, well-resourced cyber espionage, social engineering, and phishing campaign against human rights activists, journalists, diplomats, and politicians located across the Middle East. The organization attributed these operations to Iran-linked hackers.

December 2022. Hackers made Italy’s Ministry of Agriculture website unavailable through a DDoS attack. Italian officials described the attacks as “demonstrative” and claim that no data was breached and that they expect no lasting damage.

December 2022. Russia-linked hackers leveraged the networks of healthcare organizations, businesses, and critical infrastructures across the U.S., UK, France, and other countries to attack targets in Ukraine. Hackers’ primary motivations appear to be information stealing and disruption.

December 2022. Iran-linked hackers obtained and leaked data from government ministries in Saudi Arabia.

December 2022. Russia-linked hackers launched a DDoS attack against Vatican City servers, knocking its official website offline. The attack came three days after Russian government officials criticized Pope Francis for his comments about the war in Ukraine.

December 2022. Hackers launched a DDoS attack against the Danish defense ministry that disrupted access to its websites.

December 2022. Russia’s foreign minister claimed to be the target of coordinated cyber aggression by external intelligence agencies, IT companies, and hacktivists. According to Russian officials, such attacks have “doubled or tripled” over the past year.

December 2022 . Chinese government-linked hackers stole at least $20 million in COVID-19 relief funds from the U.S. government, including Small Business Administration loans and unemployment insurance money. The U.S. Secret Service announced they retrieved half of the stolen funds thus far.

December 2022. Chinese-linked hackers targeted Amnesty International of Canada in an apparent espionage operation.

December 2022. A U.S. lawmaker predicted spyware hacks of U.S. government employees could be in the hundreds, including diplomats in multiple countries. This follows a probe into how many devices spyware are affected in the U.S. government.

November 2022. Hackers disrupted operations at an Indian hospital by cutting off access to its online networks and patient records. It took hospital officials and federal authorities nearly two weeks to regain access to hospital servers and recover lost data.

November 2022. Microsoft and ESET attributed cyberattacks aimed at the energy sector and logistics industries in Ukraine and Poland to a Russian GRU hacking group. The campaign began in late September 2022.

November 2022. Hackers targeted Bahraini government websites with DDoS attacks prior the country’s parliamentary and local elections.

November 2022. Iranian government-sponsored hackers compromised the U.S. Merit Systems Protection Board, exploiting the log4shell vulnerability as early as February 2022. After breaching the network, hackers installed cryptocurrency-mining software and deployed malware to obtain sensitive data.

November 2022. Hackers damaged Danish State Railways’ network after targeting an IT subcontractor's software testing environment. The attack shut down train operations for several hours.

November 2022. An Indian-based hacking group targeted Pakistani politicians, generals and diplomats, deploying malware that enables the attacker access to computer cameras and microphones.

November 2022. State-sponsored hackers with possible ties to the Chinese government targeted multiple Asian countries in an espionage operation since March 2022, compromising a digital certificate authority in one country.

November 2022. Hackers disabled digital services of the Vanuatu government in a cyberattack. The attack affected all government services, disabling emails, websites, and government systems, with only partial access restored a month later. Australian sources stated the hack was a ransomware attack.

November 2022. Hackers targeted the Guadeloupe government, forcing the shutdown of all government computers to “protect data” during incident response and detect the scope of the attack.

November 2022. Indian hackers targeted Pakistani government entities, including the military, and companies since April 2020. The attacks enabled hackers to infiltrate systems and access computer controls.

November 2022. Suspected Chinese-linked hackers carried out an espionage campaign on public and private organizations in the Philippines, Europe, and the United States since 2021. The attacks used infected USB drives to deliver malware to the organizations.

November 2022. Chinese state-affiliated actors increased attacks on smaller nations in Southeast Asia for cyberespionage purposes.

October 2022. Hackers targeted a communications platform in Australia, which handles Department of Defence data, in a ransomware attack. The government believes hackers breached sensitive government data in this attack.

October 2022 . A Ukrainian newspaper published hacked data claiming to be sensitive information from Russian defense contractors. The hackers responsible are part of an anti-Putin group in Russia.

October 2022. Hackers targeted Bulgarian websites belonging to the presidential administration, the Defense Ministry, the Interior Ministry, the Justice Ministry, and the Constitutional Court in a DDoS attack. A pro-Russian hacking group claimed responsibility for the attack, stating it was punishment “for betrayal to Russia and the supply of weapons to Ukraine.”

October 2022 . Hackers targeted several major U.S. airports with a DDoS attack, impacting their websites. A pro-Russian hacking group promoted the attack prior to its execution.

October 2022 . Pro-Russian hackers claimed responsibility for an attack that knocked U.S. state government websites offline, including Colorado’s, Kentucky’s and Mississippi’s.

October 2022 . CISA, the FBI, and NSA announced state-sponsored hacking groups had long-term access to a defense company since January 2021 and compromised sensitive company data.

September 2022. Iranian hackers targeted Albanian computer systems, forcing Albanian officials to temporarily shut down the Total Information Management System, a service used to track individuals entering and exiting Albania. This attack closely followed Albania’s decision to sever diplomatic ties with Iran as well as the American sanctions and NATO’s condemnation of an Iranian cyberattack against Albania in July. In the July attack, Iranian actors deployed ransomware on Albanian Government networks that destroyed data and disrupted government services.

September 2022. A newly discovered hacking group targeted telecommunications, internet service providers, and universities in the Middle East and Africa. The group deploys malware platforms directly into systems’ memory, bypassing native security solutions.

September 2022. Hackers targeted Montenegro’s government networks, rendering Montenegro’s main state websites and government information platforms inaccessible. Montenegrin officials blamed Russia for the attack.

September 2022. Hackers targeted the state-level parliamentary website of Bosnia and Herzegovina, rendering the sites and servers inaccessible for multiple weeks.

September 2022. China accused the U.S. National Security Agency (NSA) of numerous cyberattacks against China’s Northwestern Polytechnical University. Authorities claim the NSA stole user data and infiltrated digital communications networks.

September 2022. The group Anonymous took responsibility for a series of cyberattacks against the Iranian government that took down two main Iranian government websites and the websites of several state media organizations.

September 2022. Hackers targeted the Mexican Defense Ministry and accessed six terabytes of data, including internal communications, criminal data, and data that revealed Mexico’s monitoring of Ken Salazar, the U.S. Ambassador to Mexico. Mexican President Andres Manuel Lopez Obrador confirmed the authenticity of the data, including personal health data released to the public.

September 2022. A Russian-based hacking group targeted the website of the United Kingdom’s intelligence agency MI5 with a DDoS attack that temporarily took the site offline.

August 2022. Hackers breached Italy’s energy agency, Gestore dei Servizi Energetici (GSE), compromising servers, blocking access to systems, and suspending access to the GSE website for a week.

August 2022. Hackers used a DDoS attack to temporarily take down the website of Taiwan’s presidential office. The Taiwanese government attributed the attack to foreign hackers and stated normal operations of the website resumed after 20 minutes. Taiwan’s Foreign Ministry also noted hackers targeted their website and the main portal website for Taiwan’s government.

August 2022. Hackers targeted the Finnish Parliament with a DDoS attack that rendered the Parliamentary website inaccessible. A Russian group claimed responsibility for the attack on Telegram.

August 2022. Hackers targeted the website of Ukraine’s state energy agency responsible for the oversight of Ukraine’s nuclear power plants. The agency stated Russian hackers carried out the attack.

August 2022. Hackers targeted the website of the Latvian Parliament with a DDoS attack that temporarily paralyzed the website’s server. A Russian hacking group claimed responsibility for the attack on Telegram.

August 2022. Hackers targeted Greece’s largest natural gas distributor DESFA causing a system outage and data exposure.

August 2022. A Russian group claimed responsibility for breaching a privately owned UK water supply company South Staffordshire Water and leaking files in an extortion attempt.

August 2022. Hackers targeted Montenegro’s government institutions, breaching the computer systems of several state bodies. Montenegro’s Defense Minister stated there was sufficient evidence to suspect Russia was behind the attack.

August 2022. A DDoS campaign targeted the websites of both government and private Estonian institutions. Estonia stated that the attack was largely repelled, and the impact was limited.

August 2022. Hackers used phishing emails to deploy malware in government institutions and defense firms throughout Eastern Europe in January 2022. A report by Russian-based company Kaspersky linked the campaign to a Chinese hacking group.

July 2022. Hackers targeted the Pakistan Air Force (PAF) in a spearfishing campaign to deploy malware and obtain sensitive files. Pakistani and Chinese organizations claimed the attack came from Indian-linked hackers.

July 2022. Hackers targeted Iran’s Islamic Culture and Communication Organization (ICCO). The attack took down at least 6 websites, placed images of Iranian resistance leaders on fifteen additional sites, wiped databases and computers, and allowed hackers to obtain access to sensitive ICCO data.

July 2022. A hacker claimed to acquire records on 1 billion Chinese from a Shanghai police database and posted the data for sale online.

July 2022. Belgium’s Foreign Ministry accused China of a cyberespionage campaign against Belgian targets, including Belgium’s Ministries of Interior and Defense. A spokesperson for the Chinese Embassy in Belgium denied the accusations.

July 2022. Hackers targeted social media accounts owned by the British Royal Army. The attack included the takeover of the British Army’s Twitter and YouTube accounts.

July 2022. Hackers targeted Lithuania’s state-owned energy provider in a DDoS attack. Killnet, which Lithuanian officials link to Russia, claimed responsibility for the attack.

July 2022. Hackers temporarily took down websites belonging to the Albanian Prime Minister's Office and the Parliament, and the e-Albania portal used to access public services.

July 2022. Hackers breached a Ukrainian media company to broadcast on multiple radio stations that Ukrainian President Volodymyr Zelenskyy was in critical condition. Zelenskyy refuted the claims and blamed Russia for the attack.

July 2022. China stated the United States stole 97 billion pieces of global internet data and 124 billion pieces of telephone data in June, specifically blaming the National Security Agency (NSA)'s Office of Tailored Access Operations (TAO).

June 2022. Hackers targeted Lithuania’s state railway, airports, media companies, and government ministries with DDoS attacks. A Russian-backed hacking group claimed responsibility for the attack.

June 2022. The FBI, National Security Agency (NSA) and CISA announced that Chinese state-sponsored hackers targeted and breached major telecommunications companies and network service providers since at least 2020.

June 2022. Hackers targeted former Israeli officials, military personnel, and a former U.S. Ambassador to Israel. An Israeli cybersecurity firm stated Iranian-linked actors used a phishing campaign to gain access to the targets’ inboxes, personally identifiable information, and identity documents.

June 2022. Hackers targeted three Iranian steel companies, forcing the country’s state-owned plant to halt production.

June 2022. Hackers leaked files and photos known as “The Xinjiang Police Files” displaying human rights abuses committed by the Chinese government against the Uyghur population.

June 2022. An attack targeted users of Australia’s largest Chinese-language platform, Media Today. The hackers made over 20 million attempts to reset user passwords in the platform’s registration system.

June 2022. Hackers targeted municipal public address systems in Jerusalem and Eliat, triggering the air raid sirens systems throughout both cities. An Israeli industrial cybersecurity firm attributed the attack to Iran.

June 2022. A Chinese-linked disinformation campaign targeted an Australian mining company. The campaign included spreading disinformation on social media platforms and websites regarding the company’s alleged environmental record.

June 2022. A phishing campaign targeted U.S. organizations in military, software, supply chain, healthcare, and pharmaceutical sectors to compromise Microsoft Office 365 and Outlook accounts.

June 2022. Hackers compromised accounts belonging to officials in Germany’s Greens party, including ones used previously by Annalena Baerbock and Robert Habeck, who now serve as Minister for Foreign Affairs and Minister for Economic Affairs and Climate Action.

June 2022. Hackers targeted Norwegian public institutions with DDoS attacks, disrupting government websites. The Norwegian NSM security authority attributed the attack to pro-Russian hackers.

May 2022. A DDoS attack targeted the Port of London Authority, forcing its website to go offline. A group linked to Iran took responsibility for the hack.

May 2022. A phishing campaign targeted the Jordan Ministry of Foreign Affairs. Researchers attributed the attack to an Iranian cyber espionage actor.

May 2022. The Ethiopian Information Network Security Agency (INSA) stated hackers targeted the Grand Ethiopian Renaissance Dam (GERD). Ethiopia’s communications security agency thwarted the attacks before hackers could gain access to the networks.

May 2022 . Hackers targeted Greenland’s healthcare system, causing networks to crash throughout the island. While an initial diagnosis determined the attack did not damage or expose citizens’ data, it made health services severely limited.

May 2022 . A Chinese hacking group stole intellectual property assets from U.S and European companies since 2019 and went largely undetected. Researchers believe the group is backed by the Chinese government.

May 2022. State-sponsored hackers took down RuTube, the Russian version of YouTube, according to the company.

May 2022 . Russian hackers hit Italian websites with a DDoS attack, including the Senate, the Ministry of Defence, and the National Health Institute. The group states its goal was to target NATO countries and Ukraine.

April 2022. The Romanian National Directorate of Cyber Security said that multiple public and private sector websites were hit with DDoS attacks. The victims included the ministry of defense, border police, national railway company, and the OTP Bank. A group claiming credit for the attack said on Telegram that it hacked the websites because Romania supported Ukraine since the Russian invasion of the country.

April 2022. Cybersecurity researchers identified a new campaign by Russian-linked hackers that started in January and targets diplomats and embassy officials from France, Poland, Portugal, and other countries. The hacks started with a phishing email to deliver a malware-laden file to the target.

April 2022. Iranian state television claimed that the government foiled cyber intrusions that targeted more than 100 public sector agencies. They provided no further information on the incident.

April 2022 . Russian hackers targeted the Costa Rican Ministry of Finance in a cyberattack, crippling tax collection and export systems. The newly elected President of Costa Rica declared a national emergency as a result of the attack and the group asked for $20 million in ransom or it plans to leak the stolen data.

April 2022. Hackers targeted members of the European Commission with spyware developed by NSO Group. An Apple notification from November to thousands of iPhone users stating they were targeted by state-sponsored actor alerted the Commission of this spyware use.

April 2022. A North Korea-linked hacking campaign using phishing emails sent from fake job recruiters targeted chemical companies in South Korea.

April 2022. A Citizen Lab study discovered actors used NSO Group spyware to target at least 65 Catalonian activists and political figures.

April 2022. The U.S. Treasury Department’s Office of Foreign Assets Control attributed the March 29 hack of Ronin Network to a North Korean hacking group and announced sanctions against the hackers. The group stole over $540 million in Ethereum and USDC.

April 2022. Hackers launched DDoS attacks against websites belonging to the Finnish Ministries of Defence and Foreign Affairs. The attack’s botnet used over 350 IP addresses from around the world and the denial of service was sustained for four hours.

April 2022. Hackers targeted the Telegram accounts of Ukrainian government officials with a phishing attack in an attempt to gain access to the accounts. 

April 2022. Cybersecurity researchers observed hackers penetrating the networks of at least 7 Indian State Load Dispatch Centres (SLDCs) which oversee operations for electrical grid control. The SLDCs manage SCADA systems and researchers suggested that PLA-linked hackers may be involved.

April 2022. A social media platform disrupted two Iranian-linked cyber espionage campaigns that targeted activists, academics, and private companies. The campaign targeted businesses in the energy, semiconductor, and telecom sectors in countries including the U.S., Israel, Russia, and Canada by using phishing and other social engineering techniques.

April 2022. A group targeted several Ukrainian media organizations in an attempt to gain long-term access to their networks and collect sensitive information, according to researchers. The group has connections to the Russian GRU.

April 2022 . The United States removed Russian malware from computer networks around the world, a move made public by Attorney General Merrick B. Garland. While it is unclear what the malware’s intention was, authorities noted it could be used from anything from surveillance to destructive attacks. The malware created a botnet controlled by the Russian GRU.

April 2022 . Hackers targeted a Ukrainian energy facility, but CERT-UA and private sector assistance largely thwarted attempts to shutdown electrical substations in Ukraine. Researchers believe the attack came from the same group with ties to the Russian GRU that targeted Ukraine’s power grid in 2016, using an updated form of the same malware.

April 2022: Hackers targeted Ukraine’s National Post Office with a DDoS attack, days after releasing a new stamp honoring a Ukrainian border guard. Th attack affected the agency’s ability to run their online store. 

Norton Support
LifeLock Support
Norton Sign In
LifeLock Sign In
2021 Norton Cyber Safety Insights Report

With the effects of the COVID-19 pandemic in the past year, learn how consumers were impacted by cybercrime and identity theft in the 2021 Norton™ Cyber Safety Insights Report, a yearly report surveying over 10,000 adults in 10 countries.

In this year’s report, discover:

The number of consumers impacted by cybercrime and identity theft in the past year
How the pandemic has influenced consumers online habits and safety
What consumers were doing to proactively protect their digital lives

2021 Norton Cyber Safety Insights Report Cybercrime Incidence and Impact

Paige Hanson

Chief of Cyber Safety Education, NortonLifeLock

Press Release
Cybercrime Incidence and Impact
Identity Theft Incidence and Impact
Consumers Are Taking Steps to Hide Their Online Footprint
Consumers Feel More Vulnerable to Cybercrime
How We Define Cybercrime
Methodology

Media Contacts

Contact the NortonLifeLock Public Relations Team

© 2019–2023 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries.

Other names may be trademarks of their respective owners.

My Favorites

You have successfully logged in but...

... your login credentials do not authorize you to access this content in the selected format. Access to this content in this format requires a current subscription or a prior purchase. Please select the WEB or READ option instead (if available). Or consider purchasing the publication.

Development Co-operation Report: Development Co-operation Report 2021: Shaping a Just Digital Transformation

Disclaimers

Key messages

Internet shutdowns and free speech, disinformation and hate speech, digital identification and exclusion, cybercrime and surveillance, 10. case study: combatting cyber threats, disinformation, and internet shutdowns.

The same digital technologies that can improve people’s lives also can be used to restrict freedoms and, deliberately or inadvertently, widen inequalities and exclusion. The potential for harms and abuses include cyber-attacks, disinformation and hate speech on social media, digital identification systems that fail to protect personal data and exclude marginalised populations, and so-called smart cities where digital tools enable the surveillance of citizens. As the pace of digitalisation accelerates, human rights-based policies and frameworks are urgently needed to manage both the negative and positive outcomes.

Through Internet shutdowns, disinformation and mismanaged digital ID programmes, many governments restrict human rights and fundamental freedoms. Nascent smart cities programmes are putting safety, privacy and public budgets at risk.

Developing countries lag in cybersecurity capacity and enforcement, lacking the resources, technological know-how and ecosystems to effectively mitigate risks and respond to cybercrimes.

Development co-operation actors should engage with civil society to evaluate the impact of digital technologies and tools and better assess community needs and mitigate risks.

Digital transformation provides a range of innovative and powerful tools that governments can deploy to improve public services and the lives of their citizens and, alternatively, to curtail free speech and conduct mass surveillance. Internet shutdowns have been on the rise for a decade, occurring even amid the COVID-19 pandemic when so much of the world’s economic and social life was forced on line. By the same token, the same social media platforms that enable communication and community also host hate speech and disinformation. Digital identification (ID) programmes that promise more efficient public service delivery can also expose personal data to misuse and exclude populations without proper safeguards in place. Access Now monitors the uses of digital technology and calls out abuses and potential risks to governments, companies and civil society.

Governments sometimes impose Internet shutdowns during critical moments, violating rights with a devastating impact on people’s lives (Google, 2021[1]) . In 2020, there were at least 155 documented Internet shutdown incidents in 29 countries even as billions of people turned to the Internet for school, work and communication during the COVID-19 crisis (Taye, 2021[2]) . In the first five months of 2021, at least 50 Internet shutdowns were recorded in 21 countries. The longest on record started in November 2020 in Ethiopia’s Tigray region, where war has raged for the past year, and has hampered humanitarian aid, disrupted businesses, and prevented journalists and human rights groups from uncovering abuses (Access Now, 2021[3]) .

Governments and non-state actors also have used social media to spread disinformation, propaganda or hate, interfere with elections, and abuse private data (Access Now, 2021[4]) and to enforce discriminatory laws. In these cases, though tech tools became an enabler of harm, companies often failed to anticipate, mitigate or respond to the risks. Internal Facebook documents about the company’s operations “paint a grim picture” (Garfield, 2021[5]) . For instance, the Facebook Papers reveal that employees repeatedly criticised the company’s failure to limit posts inciting violence in Ethiopia (Access Now, 2021[6]) and warned managers about “problematic actors” spreading inflammatory content (Mackintosh, 2021[7]) . Despite huge deployment in the Middle East and Africa, for instance, most tech companies fail to engage civil society in the region or hire content reviewers and employees who understand local languages, context and nuances (Gani, 2021[8]) .

Governments and non-state actors also have used social media to spread disinformation, propaganda or hate, interfere with elections, and abuse private data.

In recent years, governments and development actors have focused on developing ID systems. The World Bank Group, through its Identification for Development, or ID4D, initiative 1 has mobilised more than USD 1 billion to support civil registration and related projects in over 45 countries (World Bank, 2019[9]) . But in many countries, digital ID systems have been developed without first considering the impacts on equality, privacy and security (Aggarwal and Chima, 2021[10]) . This raises two questions: First, whether access to public services should depend on having government ID; and second, whether identification systems should be only digital.

In countries with digital ID systems, citizens may have to register for online identification to claim benefits or access essential services such as health, education and voting. These requirements do not always result in better service. In some cases, digital ID programmes simply move poor-quality services on line. They also can exclude individuals and entire communities. In India, for example, the digital Aadhaar card is often required to access vaccines and health centres have turned people away even when they have other official forms of identification (Chakravarti, 2021[11]) . Such systems do not account for the digital divide in access to electricity and Internet access (Chandran, 2021[12]) . Nor do they consider differences in access to electronic devices, digital literacy, or structural discrimination and inequality (Renaldi, 2021[13]) .

In addition, while governments collect a trove of personal data, safeguards to protect these data from fraud or theft are sometimes missing and data breaches have occurred. Kenya enacted comprehensive data protection legislation in 2019 (Access Now, 2021[14]) , and Ethiopia, India and Uganda are considering proposed data protection measures alongside the introduction of digital ID programmes. Done right, these safeguards protect people’s rights beyond securing their information. But the legislation in these countries is either stalled or difficult to enforce. Other countries rushed the adoption of data protection as a box-ticking exercise when the need is for human rights-centred approaches aligned to principles of transparency, good governance and public consultation.

The #WhyID coalition, 2 led by Access Now, provides governments with a set of questions about the objectives, needs and benefits of digital ID programmes to be considered before they are implemented. Access Now also publishes a do’s and don’ts guide for lawmakers to assist them in developing data protection laws that will protect and empower people. 3

Positive outcomes from digitalisation require online security; safety and privacy; and a trusted, resilient cyberspace. The International Telecommunication Union has warned of a growing cyber capacity gap, with least developed countries especially lacking the resources, technological know-how and cybersecurity ecosystem to effectively mitigate the growing cyber risks and prepare for “opportunistic actors that [take] advantage of our desire for information” (ITU, 2020[15]) . Box 10.1 outlines the knowledge and infrastructure gaps in Africa and initiatives to help governments build cyber capacity.

Provided by Africa team, Global Forum on Cyber Expertise

While African countries have made progress in their commitments to respond to cybersecurity threats, challenges remain to building a secure and resilient cyberspace. The International Telecommunication Union’s latest Global Cybersecurity Index suggests that many African countries need to reach more robust cybersecurity levels and notes that the COVID-19 crisis demonstrates that collective action problems such as health security and cybersecurity require a multidisciplinary and comprehensive approach (ITU, 2020[15]) . The African Union’s 2020-30 Digital Transformation Strategy for Africa also highlights the need for a greater capacity to detect and mitigate cyberattacks (African Union, 2020[16]) .

Governments and international bodies should collaborate to promote cybersecurity in Africa. Development co-operation actors are stepping up support for cybersecurity with a focus on capacity building:

The World Bank Global Cybersecurity Multi-Donor Trust Fund provides cybersecurity assessment and comprehensive cybersecurity capacity development (World Bank, 2021[17]) . In collaboration with INTERPOL, the United Kingdom is investing GBP 22 million to establish new cyber operation hubs in Ghana, Kenya, Nigeria and Rwanda to facilitate joint cybercrime operations (UK Government, 2021[18]) .

The African Development Bank has contributed USD 2 million to establish the African Cybersecurity Resource Center to deliver cybersecurity services and information exchange across Africa (African Development Bank, 2021[19]) . The Africa Cyber Capacity Building Coordination Committee aims to provide oversight on specific projects and develop new projects for the region (African Union Development Agency, 2021[20]) .

A programme of the Global Forum on Cyber Expertise and the African Union will build a community of cyber experts from the different African countries, identify national cyber capacity gaps, prioritise and communicate cyber capacity needs, and co-ordinate existing and emerging cyber capacity-building efforts in Africa (Global Forum on Cyber Expertise, 2021[21]) .

Currently, cybersecurity legislation, policies and standards have yet to be developed in Africa. Only two countries have computer emergency response teams and computer security incident response teams that are fully equipped and operational. Only 11 institutions on the continent offer cybersecurity training (Keystone Masterstudy, 2021[22]) . Where cybersecurity laws exist, they have sometimes produced negative outcomes. Legislation and regulations affecting digital service users in Burundi, the Democratic Republic of the Congo, the United Republic of Tanzania, Uganda and Zambia have undermined producer and consumer trust and restricted human rights (CIPSEA, 2019[23]) .

Tightening cybersecurity must not damage Internet openness or user trust. Protocols or standards on cybersecurity also should be developed in consultation with different stakeholders and international agreements on related areas such as electronic payments and data protection should take cybersecurity into account. The 2014 African Union Convention on Cyber Security and Personal Data Protection (Malabo Convention) incorporates such a cross-cutting approach. The Convention is yet to enter into force.

The privacy and human rights impact of the spread and commercialisation of digital technologies are also a challenge. For instance, digital technologies meant to make cities safer can erode freedoms. In smart cities, people interact with sensors, cameras, biometric tech and other tools that can lead to increased surveillance. Governments largely do not address the privacy and human rights impact of these technologies. Many of the smart cities in Africa that were billed as the solution to poverty and urban crime are considered failures (Baraka, 2021[24]) . In some countries, social and welfare spending suffered as resources went to pursue investment for these projects. Moreover, the tech systems meant to fix societal issues have proved ineffective. In Nairobi, crime fell by 46% in the first year after a Huawei-built surveillance system was installed in 2014, rose by 13% and then by an additional 50% in 2016 and 2017 (Baraka, 2021[24]) .

[14] Access Now (2021), Data Protection in Kenya: How is This Right Protected? , Access Now, Brooklyn, NY, https://www.accessnow.org/cms/assets/uploads/2021/10/Data-Protection-in-Kenya.pdf (accessed on 8 November 2021).

[4] Access Now (2021), “LGBTQI communities: Proud and secure online”, web page, https://www.accessnow.org/lgbtqi-communities-proud-and-secure-online (accessed on 8 November 2021).

[6] Access Now (2021), Open letter to Facebook on violence-inciting speech: act now to protect Ethiopians , https://www.accessnow.org/open-letter-to-facebook-protect-ethiopians/ (accessed on 8 November 2021).

[3] Access Now (2021), “What’s happening in Tigray? Internet shutdowns avert accountability”, web page, https://www.accessnow.org/tigray-internet-shutdowns (accessed on 8 November 2021).

[19] African Development Bank (2021), “The African Development Bank extends a grant of $2 million to strengthen cybersecurity and boost financial inclusion in Africa”, press release, African Development Bank, https://www.afdb.org/en/news-and-events/press-releases/african-development-bank-extends-grant-2-million-strengthen-cybersecurity-and-boost-financial-inclusion-africa-42526 (accessed on 10 November 2021).

[16] African Union (2020), The Digital Transformation Strategy for Africa (2020-2030) , African Union, https://au.int/sites/default/files/documents/38507-doc-dts-english.pdf .

[20] African Union Development Agency (2021), “Africa Cyber Capacity Building”, African Union Development Agency, https://www.nepad.org/news/africa-cyber-capacity-building (accessed on 10 November 2021).

[10] Aggarwal, N. and R. Chima (2021), “Privacy for sale: India is pushing for more data exploitation, not personal data protection” , Access Now Blog , https://www.accessnow.org/india-personal-data-protection (accessed on 8 November 2021).

[24] Baraka, C. (2021), “The failed promise of Kenya’s smart city”, Rest of World, New York, NY, https://restofworld.org/2021/the-failed-promise-of-kenyas-smart-city (accessed on 8 November 2021).

[11] Chakravarti, A. (2021), “For Covid-19 vaccine Aadhaar is mandatory even if registration on CoWin done with other ID. Sort of.”, India Today, https://www.indiatoday.in/technology/news/story/for-covid-19-vaccine-aadhaar-is-mandatory-even-if-registration-on-cowin-done-with-other-id-sort-of-1805290-2021-05-21 (accessed on 8 November 2021).

[12] Chandran, R. (2021), “India’s digital IDs for land could exclude poor, indigenous communities”, Reuters, https://www.reuters.com/article/india-landrights-digital-idUSL8N2LT0E6 (accessed on 8 November 2021).

[23] CIPSEA (2019), Digital Rights in Africa: Challenges and Policy Options , Collaboration on International ICT Policy for East and Southern Africa, Kampala, https://cipesa.org/?wpfb_dl=287 (accessed on 12 November 2021).

[8] Gani, A. (2021), “Facebook’s policing of vitriol is even more lackluster outside the US, critics say”, The Guardian, https://www.theguardian.com/technology/2021/oct/17/facebook-policing-vitriol-outside-us (accessed on 8 November 2021).

[5] Garfield, L. (26 October 2021), “What you need to know about the Facebook Papers” , Access Now Blog , https://www.accessnow.org/facebook-papers-what-you-need-to-know (accessed on 8 November 2021).

[21] Global Forum on Cyber Expertise (2021), “AUC-GFCE Collaboration: “Enabling African countries to identify and address their cyber capacity needs””, Global Forum on Cyber Expertise, https://thegfce.org/auc-gfce-collaboration-enabling-african-countries-to-identify-and-address-their-cyber-capacity-needs (accessed on 10 November 2021).

[1] Google (2021), “The Current: The Internet shutdowns issue”, Jigsaw 4, https://jigsaw.google.com/the-current/shutdown (accessed on 8 November 2021).

[15] ITU (2020), Global Cybersecurity Index 2020 , International Telecommunication Union, Geneva, https://www.itu.int/dms_pub/itu-d/opb/str/D-STR-GCI.01-2021-PDF-E.pdf .

[22] Keystone Masterstudy (2021), “Masters programs in cybersecurity in Africa 2022”, web page, https://www.masterstudies.com/Masters-Degree/Cyber-Security/Africa .

[7] Mackintosh, E. (2021), “Facebook knew it was being used to incite violence in Ethiopia. It did little to stop the spread, documents show”, CNN Business, https://edition.cnn.com/2021/10/25/business/ethiopia-violence-facebook-papers-cmd-intl/index.html (accessed on 8 November 2021).

[13] Renaldi, A. (2021), “Indonesia’s invisible people face discrimination, and sometimes death, by database”, Rest of World, https://restofworld.org/2021/indonesias-invisible-people-face-discrimination-and-sometimes-death-by-database (accessed on 8 November 2021).

[2] Taye, B. (2021), Shattered Dreams and Lost Opportunities: A Year in the Fight to #KeepItOn , Access Now, Brooklyn, NY, https://www.accessnow.org/cms/assets/uploads/2021/03/KeepItOn-report-on-the-2020-data_Mar-2021_3.pdf .

[18] UK Government (2021), “UK pledges £22 million to support cyber capacity building in vulnerable countries”, press release, UK Government, London, https://www.gov.uk/government/news/uk-pledges-22m-to-support-cyber-capacity-building-in-vulnerable-countries (accessed on 10 November 2021).

[17] World Bank (2021), “Cybersecurity Multi-Donor Trust Fund”, web page, https://www.worldbank.org/en/programs/cybersecurity-trust-fund .

[9] World Bank (2019), “Inclusive and trusted digital ID can unlock opportunities for the world’s most vulnerable”, World Bank, Washington, DC, https://www.worldbank.org/en/news/immersive-story/2019/08/14/inclusive-and-trusted-digital-id-can-unlock-opportunities-for-the-worlds-most-vulnerable (accessed on 8 November 2021).

← 1. For more information on the initiative, see: https://id4d.worldbank.org .

← 2. For more information on the coalition, see: https://www.accessnow.org/whyid .

← 3. For more information, see: https://www.accessnow.org/cms/assets/uploads/2019/11/Data-Protection-Guide-for-Lawmakers-Access-Now.pdf .

This document, as well as any data and map included herein, are without prejudice to the status of or sovereignty over any territory, to the delimitation of international frontiers and boundaries and to the name of any territory, city or area. Extracts from publications may be subject to additional disclaimers, which are set out in the complete version of the publication, available at the link provided.

https://doi.org/10.1787/ce08832f-en

The use of this work, whether digital or print, is governed by the Terms and Conditions to be found at http://www.oecd.org/termsandconditions .

Hackers and cybercrime prevention

zephyr_p - stock.adobe.com

$50m ransomware demand on Acer is highest ever

Record-breaking double-extortion cyber attack saw revil gang exfiltrate financial data from taiwan-based pc manufacturer.

Alex Scroxton, Security Editor

A $50m ransomware demand made against PC manufacturer Acer by the REvil/Sodinokibi cyber crime syndicate appears to be the highest ever made.

Details of the record-breaking double-extortion cyber attack first emerged on 18 March, with financial data exfiltrated from the Taiwan-based firm by the REvil gang published to its dark web leak site after initial negotiations broke down.

Subsequent investigations by Computer Weekly’s sister sites LeMagIT and SearchSecurity are credited with uncovering the ransomware demand for the equivalent of $50m, to be paid in the monero cryptocurrency.

According to LeMagIT, the gang had offered a 20% discount on their original demand provided the money was handed over by 17 March. Acer’s negotiators had apparently offered $10m. At the time of writing, the gang has given Acer until 28 March to pay, at which point the ransom demand will double.

“Acer routinely monitors its IT systems, and most cyber attacks are well defenced,” said Acer in a statement.

“Companies like us are constantly under attack, and we have reported recent abnormal situations observed to the relevant law enforcement and data protection authorities in multiple countries.

“We have been continuously enhancing our cyber security infrastructure to protect business continuity and our information integrity. We urge all companies and organisations to adhere to cyber security disciplines and best practices, and be vigilant to any network activity abnormalities.”

Separately, BleepingComputer’s investigation into the attack suggests that the REvil gang may have successfully weaponised the Microsoft Exchange ProxyLogon vulnerabilities in order to gain access to Acer’s network.

Although limited infections of a new strain of ransomware – DearCry – have been observed taking place via ProxyLogon, this would be the first public disclosure of a major ransomware operation exploiting the vulnerabilities, which leave on-premise Microsoft Exchange Servers open to takeover.

Top 13 ransomware targets in 2024 and beyond

Sony alleged victim of new extortion gang

20 companies affected by major ransomware attacks in 2021

Businesses of the future will rely on workers with IT skills even more than they do today. Find out which jobs might be most in ...

Get guidance on how relevant cloud compliance standards are developed and tips on evaluating third-party providers' cloud ...

The Biden administration's regulatory efforts have defined the U.S. approach to climate over the last four years. That could ...

Evolve Bank & Trust confirmed that it was affected by a cybersecurity-related incident, but has not yet said whether the LockBit ...

Progress Software's MoveIt Transfer is under attack again, just one year after a Clop ransomware actor exploited a different ...

From help desk support personnel to network admin, learn about the multiple paths that can lead to becoming an effective and ...

This introduction explores eight network devices that are commonly used within enterprise network infrastructures, including ...

Organizations should create comprehensive work-from-home reimbursement plans that drive better network and internet connectivity ...

Experts at the Cisco Live 2024 conference discussed the future of AI in networks and how its use can help simplify network and ...

With many organizations developing or evaluating generative AI initiatives, HPE increased its commitment to the space through a ...

Cool air is expensive, and wasting it is inefficient. Maintaining hot and cool air separation maximizes cooling effectiveness, ...

A data center's UPS might not be overloaded. Check loads on the circuits and balance all three phases as closely as possible to ...

The data platform vendor's latest update targets GenAI development by enabling easier access to unstructured data, making ...

The tech giant updated its database with new features aimed at simplifying model and application development cost-effectively, ...

KPIs and metrics are necessary to measure the quality of data. Organizations can use the dimensions of data quality to establish ...

An official website of the United States government

The .gov means it’s official. Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

The site is secure. The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Publications
Account settings

Preview improvements coming to the PMC website in October 2024. Learn More or Try it out now .

Advanced Search
Journal List
Elsevier - PMC COVID-19 Collection

A deeper look into cybersecurity issues in the wake of Covid-19: A survey

Moatsum alawida.

a Department of Computer Sciences, Abu Dhabi University, Abu Dhabi 59911, United Arab Emirates

Abiodun Esther Omolara

b Department of Computer Science, University of Abuja, Gwagwalada, Nigeria

Oludare Isaac Abiodun

Murad al-rajab.

This study analyzed the Coronavirus (COVID-19) crisis from the angle of cyber-crime, highlighting the wide spectrum of cyberattacks that occurred around the world. The modus operandi of cyberattack campaigns was revealed by analyzing and considering cyberattacks in the context of major world events. Following what appeared to be substantial gaps between the initial breakout of the virus and the first COVID-19-related cyber-attack, the investigation indicates how attacks became significantly more frequent over time, to the point where three or four different cyber-attacks were reported on certain days. This study contributes in the direction of fifteen types of cyber-attacks which were identified as the most common pattern and its ensuing devastating events during the global COVID-19 crisis. The paper is unique because it covered the main types of cyber-attacks that most organizations are currently facing and how to address them. An intense look into the recent advances that cybercriminals leverage, the dynamism, calculated measures to tackle it, and never-explored perspectives are some of the integral parts which make this review different from other present reviewed papers on the COVID-19 pandemic. A qualitative methodology was used to provide a robust response to the objective used for the study. Using a multi-criteria decision-making problem-solving technique, many facets of cybersecurity that have been affected during the pandemic were then quantitatively ranked in ascending order of severity. The data was generated between March 2020 and December 2021, from a global survey through online contact and responses, especially from different organizations and business executives. The result show differences in cyber-attack techniques; as hacking attacks was the most frequent with a record of 330 out of 895 attacks, accounting for 37%. Next was Spam emails attack with 13%; emails with 13%; followed by malicious domains with 9%. Mobile apps followed with 8%, Phishing was 7%, Malware 7%, Browsing apps with 6%, DDoS has 6%, Website apps with 6%, and MSMM with 6%. BEC frequency was 4%, Ransomware with 2%, Botnet scored 2% and APT recorded 1%. The study recommends that it will continue to be necessary for governments and organizations to be resilient and innovative in cybersecurity decisions to overcome the current and future effects of the pandemic or similar crisis, which could be long-lasting. Hence, this study's findings will guide the creation, development, and implementation of more secure systems to safeguard people from cyber-attacks.

1. Introduction

In times of crisis, an upsurge in cyber-attacks is usual. Take for instance, the global economic crisis in 2008 resulted in cyber-attacks as corporation capital declined and citizens became an easy target ( Ng and Kwok, 2017 , Thakur et al., 2016 , Das, 2015 , Watters et al., 2012 ). Cybercriminals take advantage of social flaws, and thus, the coronavirus pandemic, also known as COVID-19, is no exception. The picture of cybersecurity threats in 2020 has mirrored that of the previous economic downturn. With these eye-opening 2020 cybersecurity figures, one can observe the impact of COVID-19 on individuals, businesses, and the entire world, even in its early phases. The COVID-19 outbreak began to make international headlines in January 2020. COVID-19 was declared a worldwide pandemic by the World Health Organization (WHO) on March 11, 2020. That week, everything changed in the world. Bustling streets were deserted, hospital beds were overflowing, and shops were shuttered. COVID-19 has already been dubbed the world's biggest cybersecurity threat. The healthcare and banking industries were the most vulnerable to cyber-attacks. As a result of the COVID-19, email phishing threats were the most common source of data breaches while working from home because of the national lockdown.

Many types of cyber-attack took place day and night during the peak period of the global COVID-19 crisis. Hackers were busy launching and trying their hands on different variants of cyber-attacks such as phishing, malware, distributed-denial-of-service (DDoS), denial-of-service (DoS), advanced persistent threat (APT), malicious social media messaging (MSMM), business email compromise (BEC), botnet, ransomware amongst many others. In the case of the phishing attack, hackers used harmful links hidden in carefully designed emails to target company employees. Unfortunately, when employees click on such links, they ignorantly download keylogging software onto their computers or devices, giving hostile actors access to their credentials. Hackers can then gain unrestricted access to critical business assets and data of the victim’s organization by impersonating a genuine employee.

In the year 2020, there was about 1001 frequency of data breaches in the United States. As a result, over 155.8 million people were affected by data breaches in the same year. According to the Identity Theft Resource Center's (ITRC) data breach study, there were 1,291 data breaches between September 2020 and September 2021. Compared to the 1,108 data breaches reported in 2019, this statistic represents an 8 percent rise. The trend of compromise between 2016 and 2021 is highlighted in Table 1 .

The trend of compromise between 2016 and 2021.

S/n	Year	Compromises
1	2021	1,862
2	2020	1,872
3	2019	1,108
4	2018	1,175
5	2017	1,506
6	2016	1,088

In the year 2020, in the wake of the COVID-19 crisis, there were about 1,872 breaches, compared to 1,108 in 2019. However, in the first quarter of 2022, data compromises caused by physical attacks such as document or device theft and skimming devices fell to single digits (3), totaling 404. In the aftermath of the COVID-19 pandemic, cyber security concerns have arisen from various quarters. In the past two years, the COVID-19 pandemic has been making headlines worldwide. The medical community, as well as governments and citizens around the world, are pooling their resources to stop the spread of the disease. Unfortunately, as healthcare organizations beef up their resources to battle the COVID-19 outbreak, they have become targets of cyber-attacks (McKinsey and Company, 2020, TCS Worldwide, 2020; Orange Cyber Defense, 2020).

In this context, on April 8, 2020, the US Department of Homeland Security (DHS), the UK's National Cyber Security Centre (NCSC), and the Cybersecurity & Infrastructure Security Agency (CISA) issued a joint advisory describing how the COVID-19 pandemic was being exploited by cybercriminals and APT organizations (Deloitte, 2020). Concerns about phishing, malware and other attacks on communication networks were addressed in this advisory from organizations, such as Microsoft Teams and Zoom. As the world focuses on the health and economic concerns posed by COVID-19, cybercriminals around the world are undoubtedly taking advantage of the situation (Abiodun et al., 2022). Recent studies have shown that a plethora of businesses owned by mega organizations, small and medium scale enterprises were victims of cyber-attack with the rise of COVID-19, which also constituted to their collapse ( Lallie et al., 2021 ).

(a) Motivation

In the wake of COVID-19, cyber-attackers aimed at disrupting and rendering company operations useless for malicious and remunerative purposes. There has been a significant increase in DDoS and DoS activities. Adversaries have been spotted attempting to disrupt business networks and propagate disinformation to weaken pandemic responses involving vaccine research, healthcare distribution, and treatment delivery. Hackers seeking financial gain, as evidenced by the rise in Bitcoin-to-United States Dollar (USD) pricing, are likely the cause of the return to or re-prioritize ransom denial of service (RDoS) and DDoS extortion operations in huge numbers. Threat actor groups with sophisticated tools meant to disrupt or take down enterprise networks are frequently the source of this.

Nowadays, people use Internet platforms to purchase transportation tickets for air, bus, train, and taxi booking. Likewise, the Internet serves as a space for making food orders, recharging mobile phones, paying utility bills with credit/debit cards, and many e-commerce activities. Unfortunately, cybercriminals are attacking these sites to collect personal information for financial rewards. Therefore, the international research community, national research community and stakeholders in ICT must come together to tackle cyber-attack issues to curtail the losses emanating as the end product of the attacks, ranging from financial losses and damages to devices and network infrastructure collapse.

(b) Search keyword

In this study, search keywords, including bibliographic databases, are explored. Overall, 300 papers were used in our study. The number of articles processed is summarized in Table 2 .

Data collection and systematization.


Research strings	String 1: “Cybersecurity and Coronavírus” or “COVID-19 pandemic” or “corona crisis” “corona” disease” “network security” “disease management” or “Internet security” “family* firm” or “business crisis” String 2: “Coronavírus” or “COVID-19” and “DDoS” or “Phishing” or “ransomware” or “APT” or “eavesdropping” or “ Botnet” or “Malware” or “Scamming” or “Scam” or “Scan*” String 3: “COVID-19” or “coronavirus” and “Intrusion” or “Cyber-attack” or “Cybercriminals” or “Loss” or “Losses” String 4: “Coronavírus” or “COVID-19” and “business disruption” or “network disruption” or “financial impact” or “financial crisis” or “economic crisis” or “economic impact” or “socio-economic crisis” or “socio-economic impact”.
Online databases	→IEEE (Institute of Electrical and Electronics Engineers) Xplore, →Emerald insight, →Science Direct, →Directory of Open Access Journals (DOAJ), →ACM Digital Library, →PubMed, →Scopus, →Compendex →Elsevier, →Education Resources Information Center (ERIC), →Springer, →Taylor and Francis, →World of Science (WoS), →EBSCO Host, →Journal Storage (JSTOR), →Google Scholar, →Willey, →Others include a resources list from COVID-19 research: journals, websites, and bibliographies
Period	March 2020 to December 2021
Area of research	Cyber-attacks and COVID-19 crisis
Language	English
Documents	Article and Review and Editorial
Date of search	December 2021

This paper discusses the existing open problems and challenges in cybersecurity during the global COVID-19 crisis. It is divided into several sections: Section 1, covers the introduction, motivation, and search keyword. Section 2, covers contributions and related work - combining previous and current studies, each with its subsections. The methodology is discussed in Section 3, which introduces the main analysis used for the data. It also provides details of how the survey was carried out systematically using a flow chart description. Section 4 showcases the result from the survey, analysis, and interpretation of results, each with their corresponding subsections. Section 5 is the discussion of the result with a presentation of a summary of implications, future research issues, and implications. Section 6 focused on solutions to the current cybersecurity challenges, recommendations and research findings. It also identified research gaps, current trends, future perspectives, directions, and suggestions. Finally, Section 7 concludes this survey and provides highlights of future work.

(d) Contributions

This study explores variants of cybersecurity problems, issues, and challenges encountered at the wake of the COVID-19 pandemic. However, certain types of cybersecurity problems were identified, which were predominant during the COVID-19 pandemic. Fifteen (15) types of cyber-attacks were identified as the most common. Some of the cyber-attack types are; malware, phishing, ransomware, distributed denial-of-service (DDoS), browsing apps, malicious domains, denial-of-service (DoS), mobile apps, and malicious websites. Others are spam emails, malicious social media messaging, business email compromise, APT, botnet attacks and hacking. Then policy conclusions were generated based on data from a comprehensive worldwide study conducted from March 2020 to December 2021. The main contributions of this research, as well as the distinctiveness of its methodology, are summarized in Fig. 1 .

An external file that holds a picture, illustration, etc.
Object name is gr1_lrg.jpg

Main Cyber Security Threats in the wake of COVID-19.

The frequency of cyber-attacks has risen dramatically in recent years and has progressively become more dangerous in the wake of COVID-19 as almost every-one has become a target to cybercriminals. Many people have suffered as a result of a lack of personal safety procedures when using the Internet. Cyber attackers now have simple access to some people's data due to the lockdown as a result of the COVID-19 epidemic. During this time, many banking sectors, governmental and non-governmental organizations have been targeted by attackers. Hence, this paper focuses on several security measures that can be taken to protect personal and organizational information from cybercriminals. Thus, Fig. 1 highlights the different angles depicting the main contributions of this paper, which uniquely covered the many incidences of cyber-attack cases in the wake of the COVID-19 pandemic. These main contributions are further discussed as follows;

1.1. Hacking

Malicious scammers went on a rampage to hack people connected to digital networks such as computers, laptops, tablets, and phones. Thereby stealing sensitive data such as passwords, usernames, bank information, and other personal details. Some hackers used the stolen data to withdraw money from people’s accounts. Likewise, bank loan scams spread rapidly at the peak of the COVID-19 crisis, as many of the scams focused on defrauding people of their money and personal information through online shopping. As a result of the pandemic, fraud cases was 42 percent greater than the previous year, 2019, as cybercrooks took advantage of the fact that many physical stores had to close. Some bank clients reported receiving SMS messages instructing them to go online and reschedule a package delivery. At the same time, others filled out their banking information which subsequently led to their accounts being hacked. In other news, two Indonesian hackers were apprehended for a $60 million scam, according to CBS News, on the 16th of April 2021. Following a tip from US authorities, the two suspects were apprehended in Surabaya, Indonesia's second-largest city ( cbsnews, 2021 ).

The scam had been going on for an unknown amount of time, according to the Indonesian police. “Around 30,000 Americans have been duped, and the government has lost up to $60 million,” claimed East Java police head Nico Afinta ( cbsnews, 2021 ). In the United States, thousands of targeted victims have provided personal data to the fraudulent website. These personal details include social security numbers, with the expectation of receiving $2,000 as part of an unemployment relief program to scam the government. Hence, an urgent need for more research on how to counter hackers, especially during a crisis.

1.2. Phishing

Phishing is a method of social engineering exploits frequently used to obtain sensitive information from users, such as online banking login credentials, company login credentials, credit card details, login credentials, or username/passwords. Thus, cybercriminals steal confidential information by sending fraudulent messages to their target. The aim is to get people to expose their financial details, system credentials, and other sensitive data.

Phishing is still the easiest method for hackers to infect a device with malware. Phishing schemes entice victims to open emails or click on links that look to come from a credible company or respectable source. The link may take one to a bogus website that asks people for personal information or to a website that directly infects user computers with malware. Therefore, if one is unsure about a link, do not click the link. During the nationwide lockdown caused by the widespread Coronavirus, hackers took advantage of the situation by sending phishing emails to many people.

Phishing emails contain phony web pages that can acquire a user’s personal information. Since most people now rely on online channels to cope with the pandemic, they have become exposed to phishing attempts. In March 2020, out of 4,67,825 phishing emails, 9,116 were related to COVID-19, accounting for less than 2 % of all phishing emails ( Naidoo, 2020 ). Nevertheless, the reported amount of suspected email attacks provides insight into the United Kingdom (UK) cyber-crime incidence problem faced during the epidemic, where a sizeable number of phishing and smishing attacks occurred.

Smishing is a type of scam that involves sending text messages that appear to be from legitimate and trusted organizations to trick people into divulging personal information like credit card numbers, usernames and passwords. More than 160,000 suspicious emails attacks had been reported to the National Cyber Security Centre (NCSC) by the beginning of May, precisely 7th 2020 ( NCSC, 2020 , Lallie et al., 2021 ), and by the end of May, precisely on the 29th, 2020, about £4.6 million had been lost to COVID-19-related scams, with around 11,206 victims of phishing and/or smishing campaigns (Sky News, 2020 ). In response, the NCSC and Her Majesty's Revenue and Customs (HMRC) brought down 471 fraudulent online shops ( Tidy, 2020 ) and 292 counterfeit websites ( Hill, 2020 ). Vishing and Smishing are two types of cyber-fraud that criminals deploy to deceive people into giving up money or personal information. In the case of vishing, it is by voice, while, in the case of smishing, it is by SMS deception.

1.3. Ransomware

Ransomware is a sort of malicious software that criminals design to prevent users from accessing their computers unless they pay money. Ransomware attacks skyrocketed as the number of people working remotely rose during the pandemic (Chigada and Madzinga, 2021). Ransomware is becoming increasingly sophisticated. Other technologies are now being added to ransomware's armoury, in addition to encryption. The financial sector, in particular, is a common target for ransomware attacks. The ransomware has also grown in scope and intensity, causing damage to corporations, organizations, healthcare providers, and government departments while many countries struggle to respond to the COVID-19 crisis. As ransomware continues to be one of the most severe worldwide cyber threats to healthcare, security staff must be cautious and informed of the methods, techniques, and procedures that criminals will employ to earn a profit. According to cybersecurity experts, in October 2020, ransomware gangs are starting to use DDoS attacks on victims' networks or websites as a supplemental tool to pressure them to pay a ransom. RagnarLocker and SunCrypt were the two operations adopting this novel method at the time. Ransomware gangs now have new attack surfaces to try to exploit and apply debilitating strategies to force enterprises to pay ransom demands as the threat landscape has changed.

Healthcare providers are usually targeted by cybercriminals looking to make the most money in the shortest amount of time. The Avaddon ransomware gang has recently joined the practice of utilizing DDoS assaults to extort money from victims. After launching spam campaigns that targeted people all around the world, the Avaddon ransomware commenced operations in June 2020. The ransomware gang tried their hand at double extortion when they sent an unidentified victim organization a menacing ransom note with a deadline of 240 h to cooperate. Failure to do so would expose the company's database, which includes customer and employee personal details, as well as financial paperwork. According to the ransom message, the victim's website was under a non-stop DDoS attack until Avaddon was contacted. Therefore, there is an urgent need for more research on how to counter ransomware attacks, especially during a crisis.

1.4. Botnet attack

Botnet or a bot is a device like a computer, server, or phone infected with malware such as malicious programs, software, virus, and worms that perform destructive actions without the user's knowledge. Botnets are infected device networks that work collectively under an attacker's command. Botnets are utilized to carry out phishing scams, spam campaigns, and distributed denial of service (DDoS) attacks. Most botnets use distributed denial-of-service to send as many requests as possible to a single Internet computer or resource, overloading it and subsequently preventing it from serving genuine requests. Cybercriminals are swiftly enlisting Internet of Things (IoT) devices ( Abiodun et al., 2021a , Abiodun et al., 2021b ) into their botnet forces, according to the current threat intelligence discoveries from A10 Networks' cybersecurity researchers, boosted by Mozi malware spreading throughout the world. Attackers are increasingly focusing on low-volume, high-frequency attacks that can have a big impact and, in between, avoid being traced, detected or defended by measures put in place by targets.

Thus, in the wake of COVID-19, there are cases of botnet threats like emotet attacks. Emotet is a type of computer malware originally designed as a banking Trojan. Many botnets, such as emotet, are polymorphic in nature. Emotet polymorphism means that the malware's code changes every time it is activated. Usually, most antivirus programs search the computer for existing malware codes. However, a code change may make it more difficult to detect the infection, thus, allowing it to go undetected. Emotet grew in size over time and was responsible for millions of costly cyberattacks worldwide. Emotet's capacity to acquire access to one’s computer got increasingly sneaky, allowing new viruses to infiltrate the target system. Malspam, or spam emails with malware, is the most common way for it to disseminate, hence, the term. Summarily, emotet is a Trojan horse that is disseminated mostly through spam emails, that is, malspam . Malicious scripts, macro-enabled data, files, documents, and malicious links are all possible ways for the infection to spread. To persuade users, its messages frequently contain familiar branding to look like a legitimate email, imitating the email structure of well-known, trusted and popular companies such as DHL or PayPal to convince users.

Emotet was a cybercrime service that was both professional and long-lasting. Emotet, once labelled “the world's most destructive malware,” has resurfaced and is being deployed on Windows systems infected with TrickBot malware during the peak of COVID-19. The emotet Malware infected over 1.6 million computers worldwide, causing damages worth hundreds of millions of dollars. In January 28, 2021, the United States of America Justice Department declared its participation in a worldwide operation encompassing the US, France, Canada, the Netherlands, Germany, and the United Kingdom to disrupt and shut down the infrastructure of the emotet malware and botnet. Officials from Ukraine, Sweden, and Lithuania also participated in this huge cyber operation on emotet. “Regrettably, the emotet malware and botnet infected hundreds of thousands of computers across the United States, such as key infrastructure, and caused millions of dollars in damage to victims around the world”. Emotet can transmit further malware to targeted computers, such as ransomware or spyware that steals financial credentials, once it has infected them. Hence, there is an urgent need for more research on how to counter botnets, especially during a crisis.

Cyber attackers and APT groups took advantage of vulnerable persons and systems during the national lockdown amidst the COVID-19 outbreak. An attack or state-sponsored group known as an APT happens when an unauthorized user uses advanced and sophisticated ways to obtain access to a system or network. APT usually deploy techniques such as ransomware, phishing, malware, and data breaches to launch attacks on their targets ( Mohamed et al., 2018 ). The group focuses typically on telecommunications, military and travel sectors, suggesting that it intends to conduct surveillance, tracking, or monitoring activities on specific individuals. Intention to gather proprietary or customer data for commercial or operational purposes in support of national priorities or to build additional entry points and vectors to aid future campaigns. Targeting government entities reveals a secondary goal of gathering geopolitical data to aid nation-state decision-making. In an incidence case of an APT threat, three members of North Korea's Reconnaissance General Bureau were charged for WannaCry, the Sony Pictures hack, and many other cybercrimes in February 19, 2021. Template injection, Malicious macros, RTF exploits and Malicious LNK files are part of the methods utilized by APT cyber-attackers at the peak of the COVID-19 pandemic. Data exfiltration attacks continue to soar ( Taofeek et al., 2022 ), and organizations are forced to pay huge amounts of money as ransom. Thus, researchers need to focus further research on how to counter APT attacks.

1.6. Malware

Malware is software or code meant to harm computers by encrypting files, damaging, disabling, stealing data, or gaining unauthorized access to a computer. Likewise, malware can replicate itself onto a system like a computer or computer network to cause harm or destroy data. It is one of the common cyber-threats that organizations and businesses face in recent times. The phrase refers to a variety of harmful software, including trojans, worms, and ransomware. COVID-19 peak crisis was Malware's data-gathering season. That is, it has become a period in which cybercriminals have increased their use of data harvesting software such as Remote Access Trojan, info stealers, spyware, and banking Trojans. Threat actors enter systems using COVID-19-related material as a lure to breach networks, steal data, fraudulently transfer money digitally, and construct botnets. During this Coronavirus crisis, cybercriminals are infecting users' gadgets with malware. Malware can open a backdoor in a user's gadgets, allowing cyber attackers to access all of the user's private details, such as username and password. This malware is being propagated using a few internet Corona tracing maps.

More disruptive Malware, such as DDoS and Ransomware were launched during the COVID-19 crisis. Cybercriminals are mercilessly increasingly utilizing disruptive malware against vital infrastructure and healthcare organizations because of the potential for financial gain. For example, multiple threat organizations that had been relatively idle for a few months launched a wave of ransomware attacks in the first two weeks of April 2020. According to law enforcement investigations, most attackers predicted the maximum amount of ransom they might demand from targeted firms pretty accurately. As a result, consumer victims reported total cybercrime-related losses of $4.2 billion in 2020, which was up to 69 percent from 2019, according to the FBI Internet Crime Complaint Center. Malware attacks contributed to some of these losses. Therefore, there is an urgent need for more research on addressing malware attacks even during this crisis period.

1.7. Malicious social media messaging

During the climax of the COVID-19 attack and the lockdown period, there was a lot of malicious social media messaging and misinformation. Malicious social media messaging and misinformation to people and fake news grew to an alarming proportion. Unverified information, a lack of understanding of dangers, and a plethora of conspiracy theories have all led to community fear and, in some circumstances, aided in the execution of cyberattacks. Nearly 30 % of countries participating in the worldwide cybercrime study reported that incorrect material about COVID-19 was being circulated. A country recorded 290 postings in a month, the bulk of which contained hidden spyware. According to reports, misinformation has also been related to the unlawful trafficking of fake medical supplies. Other incidents of disinformation also reported scams, including 'too great to be true' offers like free food. Hence, there is an urgent need for research on how to address the issue of malicious social media messaging attacks that is fast growing as a means of cyber-attacks.

1.8. Business email compromise

Business Email Compromise (BEC) threats are one of the most financially devastating types of cybercrime ( Greathorn.com, 2021 , Cross and Gillett, 2020 , Cross and Kelly, 2016 ). They often use social engineering strategies and phishing emails to infiltrate organizations and fool unwary employees and executives into performing tasks that appear to come from a trustworthy sender, frequently posing as legitimate business activities. BEC attacks increased by 14 % in 2020 due to the massive cyber-attack surge prompted by the COVID-19 issue and worldwide lockdown measures. Profit will likely continue to drive this category forward; in 2020, hostile actors received compensation that was 30 % higher than the previous year, 2019. Hackers masquerading as the World Health Organization (WHO) send messages to people's emails that an attached file explains how to stop the sickness from spreading. They say that “ one small measure can cure you .” However, according to Proofpoint, the email attachment contains no relevant information and instead infects Personal computers (PCs) with malicious software known as AgentTesla Keylogger. AgentTesla Keylogger could record every keystroke and sends it to the attackers, allowing them to track their victims' online activities.

In a recent BEC report by “Cybersecurity Insiders” found in Greathorn.com, 2021 , Cross and Gillett, 2020 : (i) the most popular type of BEC attack is a spoofed email accounting for 71 %, followed by spear-phishing, which was 69 %. Furthermore, (ii) more than half of links received via email lead to a malicious site (iii) 57 % of malicious links in phishing emails intend to steal credentials. (iv) the finance sector has a target on its back, according to 34 % of respondents. (v) in the last 12 months, 3 % of firms have had a security event, with BEC/phishing attacks accounting for more than 50 % of those occurrences, according to 35 %. Regrettably, the rate of financial crime ( Omolara et al., 2018a , Omolara et al., 2018b ), has increased in recent times ( Achim et al., 2021 , Ünvan, 2020 , Hasham et al., 2019 , Reid, 2018 , Masciandaro, 2017 , Gottschalk, 2008 , Sakurai and Smith, 2003 ).

Financial loss is the most evident consequence of BEC fraud. Fraud is successful when the perpetrator can tailor the details of their approach to the target's individual vulnerabilities or shortcomings. To do so, criminals can extensively study the organization and its linked individuals to imitate a believable attack. Information about some organizations is freely available on the internet ( Burns et al., 2019 ). Perpetrators may gather information about an organization and its employees by using public information or infiltrating social networking platforms. Therefore, individuals, organizations and governments must begin to invest more in cybersecurity to mitigate cyber-attacks such as BEC in crisis conditions.

1.9. Distributed denial-of-service (DDoS) attack

DDoS attack is a type of attack that cybercriminals deploy to render online services unavailable to users by generating a large amount of traffic. The number of DDoS attacks has surged thrice in the last three months compared to the prior three months. The overall number of reported DDoS attacks in the first quarter of 2020 was 242, while the number grew to 300 in the second quarter ( Wu et al., 2020 , Mansfield-Devine, 2015 ). The COVID-19 crisis has resulted in a considerable increase in fraudulent behavior. Many people's lives changed dramatically, making them more vulnerable: working from home rather than in an office, balancing childcare, and being concerned about health, financial resources and the future. The healthcare industry is particularly the hardest hit by COVID-19 since it has the most vulnerable and targeted systems. For instance, attackers launched a DDoS attack against the United States Department of Health and Human Services, causing significant damage to its servers (Stein et al., 2020). More also, financial sectors, like banks are equally affected as the healthcare industries.

As more heterogeneous devices connect online through Internet of Things (IoT) devices and enterprises build remote networking systems to augment pre-existing infrastructure, it unwittingly gives room for denial-of-service attacks to escalate.

Denial-of-Service attacks increased as more devices came online and organizations speedy-up remote access for their employees. In addition, the methods used by attackers are becoming more sophisticated as information systems get more advanced and digital. As a result, criminal and nationwide actors have long valued denial-of-service cyberattacks, which may create major economic interruptions for any organization connected to the internet.

DDoS attacks that interrupt critical healthcare operations can lead to patient death. Disruption of essential care and supplies to vulnerable patients due to a DDoS attack can result in the worst outcome of a disruption of healthcare operations leading to death. When assessing potential implications on health operation services, patients admitted to hospitals in critical condition and in need of quick access to treatment, as well as the safety and integrity of surgical procedures, are highly considered to be in danger. Therefore, more research is needed to mitigate DDoS attacks, especially during a crisis.

1.10. Denial-of-service (DoS) attack

Denial of Service (DoS) attacks are a type of cybercrime that is frequently used by more technical criminals. The attacker of DoS attempts to temporarily or permanently make certain services not available to users through Internet resources, such as paying for utility, paying for goods purchased, and paying for airline tickets online. Hacking entails jeopardizing a system's confidentiality or integrity, and it necessitates a decent level of skill. Tactics may include exploiting system flaws to gain access to systems. As more heterogeneous devices connect to the internet through the Internet of Things (IoT) devices, denial-of-service cyberattacks have increased, and enterprises have bolstered remote connectivity technologies to support pre-existing infrastructure. In addition, as telework grows in reaction to the new coronavirus and initiatives to foster social separation, threat actors seek to profit from the present danger scenario.

Organizations of all sizes frequently fail to follow asset and inventory organization best practices that would allow them to gain full awareness of their attack surface. Additionally, many IoT devices use default passwords and lack solid security postures, making them open to penetration and exploitation. Users are typically unaware that IoT devices have been infected, and an attacker may simply compromise many of these devices to launch a massive attack. DoS attacks disrupt system availability by flooding important services with unauthorized requests. The purpose is to take up all of the bandwidth allocated to genuine server queries in order to bring the server down. Hence, researchers need to urgently focus on preventing DoS attacks, especially during a crisis.

1.11. Malicious websites

Any act by a malicious attacker to undermine the security of a Web-based application is referred to as a malicious website apps attack. Web application or website apps attack can either target the application itself in order to get access to sensitive data, or they can use the application as a staging area for attacks against the application users. At the pinnacle of COVID-19, the use of the web to cause harm increased dangerously. As the number of people infected with coronavirus continues to rise, so do dangerous cyber-attacks such as spam emails, phishing, malware, ransomware, and malicious domains that utilize the virus as bait ( French et al., 2021 ). As a result, businesses of all sizes are under increasing pressure to tackle the obstacles posed by Covid-19-based cyber threats.

In reality, attackers are constantly devising new ways to assault and con people to profit from the fear and uncertainty surrounding the ongoing pandemic, keeping a step ahead. According to new Malwarebytes data, web skimming increased by 26 % in March 2020 compared to the prior month of February 2020. Another interesting discovery is that the number of people skimming the internet climbed slowly from January 2020 to February 2020 by 2.5 % and then increased dramatically between February and March 2020 by 26 %. While this is still a small increase, Malwarebytes feels it indicates a pattern that will become more visible in the months ahead. Hence, to move business, the executives should plan to prioritize operational capability towards eliminating malicious websites over the next two years. Similarly, researchers need to investigate how to block malicious websites for resiliency in digital business.

1.12. Malicious domains

Malicious domains are a type of cyber security breach that poses a serious threat to people's privacy and property by delivering malicious services such as phishing websites, spam servers, and command & control servers to Internet users. Cybercriminals have been exploiting, developing, and boosting their attacks at an alarming rate, taking advantage of the anxiety and uncertainty induced by COVID-19′s precarious social and economic bad conditions. The lockdown measures had particularly accelerated the creation of malicious web domains to make fictitious and concocted money from their target ( Interpol., 2020 ). Thus Malicious websites (URLs) are used by threat actors to deceive the public, collect confidential data, and propagate malware to harm or corrupt systems and devices. A COVID-19 cybercrime assessment by INTERPOL revealed a considerable shift in target from individuals and small enterprises to major organizations, governments, and key infrastructure using malicious domains. Criminals are using new security weaknesses to steal data, create money, and cause disruption as organizations and companies rapidly deploy remote systems and networks to enable workers to work from home. One of INTERPOL's partner organizations detected 907,000 spam communicated messages, then 737 malware events, and 48,000 harmful Web links – all associated with COVID-19, over a four-month period, from January to April.

Malicious domains proliferated during the rise of COVID-19 and global lockdown countermeasures. Cybercriminals have begun registering domain names with keywords such as “coronavirus” or “COVID” to take advantage of the increasing demand for medical supplies and data about COVID-19. These phony websites support a wide range of criminal operations, such as C 2 servers, malware deployment, and phishing. A private organization partner noticed and reported to INTERPOL a 569 % increase in illegal registrations, including phishing and malware, and a 788 % increase in high-risk registrations between February and March 2020. Therefore, researchers need to focus more on how to tackle malicious domains for resiliency in digital business. Likewise, to move businesses forward, the organization’s executives must plan to prioritize operational capability toward eliminating malicious domains over the next two years.

1.13. Spam emails

Unsolicited or anonymous messages sent in bulk by email are known as email spam, sometimes known as junk email or simply spam. The name stems from a Monty Python joke in which the packaged pork product's name is mentioned. Spam is pervasive, inevitable, and monotonous. The amount of spam emails has risen by 300 times, and the number of harmful URLs has increased by 300 percent, especially at the peak of the COVID-19 crisis. The United States is the top country for spam and malware detection; most target consumers come from there (Cook, 2020). For instance, Google claims to have detected over 100 million phishing emails and 18 million daily spyware related to Covid-19 through its Gmail service. This is on top of the 240 million coronavirus-related spam emails sent daily. In addition, a study conducted by RiskIQ identified the top dangers for 2020 and found that cybercrime costs businesses roughly $24.70 per minute, while a malicious assault costs $4.95 per minute. As a result, cybercrime was forecasted to cost $11.4 million (£8.7 million) each minute globally by 2021, a 100 percent rise when relatively compared to the incidences of the year 2015.

Statistics have shown that 375 new threats of cyber-attacks are discovered every minute, and also a new vulnerability is discovered every 24 min, and more also, 16,172 records are compromised every minute. Every 16 min, there is a new Magecart cyber-attack. For example, the credit card skimmer attack vector, RiskIQ was first discovered in 2018. “The world have seen thousands of new COVID-19 domains standing up daily, ” said Steve Ginty, director of threat intelligence at RiskIQ. He stated this when asked how many COVID-19 domains they generally see in a day. Attackers usually leverage current events in their operations. Something as widespread and disruptive as COVID-19 has proven to be especially valuable to them, which is why we're seeing such a large-scale growth of COVID-19-related threat infrastructure“.

Therefore, to move business, the executives must plan to prioritize operational capability towards eliminating malicious spam emails over the next two years. Likewise, researchers need to focus more on how to address malicious spam emails for resiliency in digital business.

1.14. Browsing apps

The COVID-19 pandemic has added new complexities to constraints in marketing, advertising and selling of business (Gursoy and Chi, 2021; Boiral et al., 2021; DiResta et al., 2020). It is difficult to break through the online clutter due to cautious consumers’ opinions and a digital landscape inundated with an onslaught of news. As consumers stay at home, out-of-home marketing, advertising and selling become obsolete, and significant events are pushed back or pushed into a virtualized environment, a robust digital strategy is essential. The following use cases are gaining traction to enhance marketing, advertising, and sales for businesses:

(1) Live transaction data, consumer intent information, usage, and other digital datasets are used in real-time churn analytics (common in B2C, increasing use in B2B).
(2) AI-based lead creation and prioritization to find top customers and the relevant product/service requirement (B2B technology, professional services).
(3) AI-based pricing that takes into account dynamic cost changes (labor, materials, etc), market trends (competition, sector preferences), and internal price history (B2B technology, industrial goods, and telecommunications).
(4) Using webcasting as a vital marketing tool from home, by staff, with influencers to shift buyers online and distinguishing companies from home, through staff, with influencers, that is retail, food & beverage.
(5) Given WFH and rising online demand, hyper-local online marketing is extremely important across sectors of businesses.
(6) AI-assisted sales assistants assist customers who are mostly first-time buyers with buying online (retail) and a simple walkthrough of technical requirements of industrial equipment.

Therefore, research should focus on managers to plan operational ability in the direction of developing digital browsing apps towards marketing, advertising, and selling in order to take the organization forward and enhance cyber efficiency and safety for advancement in business.

1.15. Mobile apps

A mobile application, often known as an app, is a software application or computer program that runs on a mobile device such a laptop, tablet, phone, or smartwatch. Some organizations use mobile device management systems (MDMS) applications to manage their employees' mobile devices by allowing system administrators to remotely deliver certificates, programs, access-control lists, and wipe stolen devices. After a security researcher told the vendor about issues patched in July 2020, many threat actors attacked one MDM, particularly MobileIron. CVE-2020-15505 and CVE-2020-15506, two of the three vulnerabilities, were rated critical with a CVSSv3 score of 9.8. The other vulnerability, CVE-2020-15507, was given a strong grade and a CVSSv3 score of 7.5. Exploiting these CVEs would result in remote code execution, authentication bypass, and unauthorized file reading, among other security problems.

During the spike of COVID-19 and the lockdown, cyber-attackers target mobile phones. For example, the computer emergency response team of India (CERT-In). The federal organization charged with combating cyber threats and protecting India's cyber space, has published a new advisory containing over a dozen recommendations for keeping personal mobile phones safe and secure.

2. Existing work

Many aspects of life have gone online as a result of the widespread adoption of digital technologies, ranging from commerce and social connections to business, industry, and, sadly, criminality. According to the most recent reports, cybercrime is increasing in frequency and severity ( Lallie et al., 2021 , Auyporn et al., 2020 ), with a forecast of $6 trillion in revenue by 2021 up from $3 trillion in 2015 ( Adeyoju, 2019 ). It may even overtake traditional crime in terms of volume and cost ( Netherlands, 2020 ). It is apparent that cybercrime may continue due to its profitable nature ( McGuire, 2018 ) and low-risk level since cyber-criminals can launch assaults from anywhere on the planet.

Cybercrime, like traditional crime, is usually portrayed by the crime triangle ( Khweiled et al., 2021 ), which stipulates that three variables must exist for cybercrime to happen: a victim, a motive, and an opportunity. The victim is the person who will be attacked, the motive is what motivates the criminal to perform the crime, and the opportunity is when the crime will be committed. For instance, it can be an innate vulnerability in the network or an unprotected system. Other criminological models include Routine Activity Theory ( Yar, 2005 ) and the fraud triangle ( Cressey, 1953 ). Employ similar factors to characterize crimes, with some replacing the victim with the attacker's means, which can be viewed as part of the opportunity.

Phishing attacks can take several forms, including email phishing, phishing websites, and phone phishing, popularly referred to as vishing. There are various types of phishing attacks, which are; Email phishing, Domain spoofing, Vishing, Smishing, Search engine phishing, Whaling, CEO fraud, spear phishing, Deceptive phishing, Pharming attack and Malware-based phishing.

2.1. The different types of phishing Cyber-attacks

The following are the most popular types of phishing cyber-attacks. They have been used in the past and are still being used to target unsuspecting people and organizations.

(i) Email phishing: Email phishing is a type of phishing assault. They frequently include harmful attachments and URLs that are designed to steal a victim's personal information.
(ii) Domain spoofing: In this form of phishing attack, attackers imitate prominent domains and aim to deceive users.
(iii) Vishing: In Vishing, the attacker calls the target on the phone and pretends to be someone from an organization with whom the victim is affiliated to obtain information from their target.
(iv) Smishing: Smishing is similar to Vishing; however, it occurs via text messaging.
(v) Spear Phishing: One of the most dreaded but powerful phishing strategies is spear phishing. Instead of arbitrarily targeting people, it selects individuals, conducts detailed studies on them, and then sends phishing emails to obtain related information from an organization.
(vi) Search engine phishing: This entails constructing bogus websites and webpages that can be accessed by typing specified keywords into search engines. People rarely hesitate to enter their private details on these pages since they look completely trustworthy.
(vii) Whaling: Whaling is similar to spear-phishing in that it targets the organization's top executives rather than simply any employee. It usually targets high-profile members of a company, such as the CEO and CFO.
(viii) The Chief executive officer (CEO) fraud: is a deception in which cybercriminals spoof business email accounts and impersonate CEOs in order to dupe an accounting or human resources (HR) employee into giving out private tax information or making illicit wire transfers.

The Federal Bureau of Investigation (FBI) refers to this type of scam as “BEC,” or “Business Email Compromise.” It defines it as “a sophisticated scam targeting firms that engage with international suppliers and/or make frequent wire transfer payments.” The fraud is carried out by using computer intrusion or social engineering tactics to compromise legitimate company email accounts to make illicit financial transfers”.

(ix) Deceptive phishing: The most common phishing fraud is deceptive phishing. Fraudsters pose as a real company to obtain people's personal information or login passwords. Attacks and a sense of urgency are used in these emails to terrify recipients into doing what the attackers want.
(x) Phishing based on malware. This technique occurs when a thief attaches a destructive computer program that appears to be useful to websites, emails, and other electronic documents on the Internet. Phishing based on malware or Malware based phishing is a form of a computer program that is also known as malware.
(xi) Phone phishing or voice phishing: is the practice of making false phone calls in order to dupe individuals into donating money or divulging personal information. It's a new label for a problem that's been around for a long time: phone scams. A common phishing method is for a criminal to pose as a trustworthy institution, organization, or government agency.
(xii) Pharming attack is a type of cyberattack in which users are directed to a false website that appears to be a genuine website. When users type in a legitimate web URL, they are led to a false website that looks exactly like the original one.
(xiii) Phishing websites: A phishing website is a domain with a name and appearance similar to an official website. They are designed to deceive someone into thinking it's real. Some pointers on how to spot a phishing website include; (a) visiting the website directly, (b) avoiding pop-ups and insecure sites. (c) keeping a close eye on the URL or web address. (d) Entering a fictitious password. (e) examine the website's content and design. (f) looking at online reviews and the payment options available on a website.

2.2. A monthly cyber-attacks during the COVID-19 pandemic

On a monthly basis there are incidences of cyber-attack during the global crisis of COVID-19. These incidences of cyber-attack include phishing, DDoS, malware, ransomware, botnet, etc. A summary of monthly cyber-attacks is presented in Table 3 .

A Summary of Monthly Cyber-attacks during the Covid-19 Pandemic.

Date	Country	Type of attack	Attack details
February 2020	United States of America	Phishing	On February 12, 2020, Puerto Rico revealed that a firm it owned had fallen prey to a phishing scam in a plot to steal $4 million.
February 2020	United States of America	Phishing	In February 2020, the personal information of 10.6 million MGM Resorts guests was hacked on a cyber-attacks forum. This included information such as tourists' names, phone numbers, addresses, email addresses, and birth dates as well as those of tech CEOs, celebrities, and government employees.
February 2020	United States of America	DDoS	Amazon detailed the attack in its first-quarter 2020 threat report, stating that it happened in the month of February (Musotto and Wall, 2020).
February 2020	China	DoS	DoS on COVID-19 epidemic prevention units ( ).
February 2020	Singapore	Phishing	Phishing cyber-criminals steals email log-in username, passwords and credentials ( , ).
February 2020	Japan	Phishing /Malware	Safety measures phishing cyber-attack shares emotet malware ( ).
March 2020	France	DDoS	The devices of a group of hospitals in Paris that play a key role in combating the COVID-19 crisis in the capital were the target of DDoS attacks that impacted access to computers and email (Pranggono and Arabo, 2021).
March 2020	Italy	Malware	Distribution of Trickbot Malware through email ( ).
March 2020	United Kingdom	Ransomware	The Maze ransomware group has leaked the medical and personal information of thousands of former patients of a London-based medical research firm that offers COVID-19 testing (Tuttle, 2021).
March 2020	United Kingdom	Phishing	It was a free school meal deceptive short message service that directed the recipient to the website that stole payment credentials ( ).
March 2020	Czech Republic	Ransomware	The Brno University Hospital, one of the country's COVID-19 testing laboratories, was impacted by a cyber-attack and then was forced to shut down its whole information technology network (Kolouch et al., 2022).
March 2020	Vietnam	Malware	LOKIBOT malware spread through email, purporting incorrect invoice payments ( ).
March 2020	Spain	Ransomware	It was a disguised email Netwalker ransomware attack that advised people on the use of restroom use ( ).
March 2020	China Mongolia	Malware	Chinese hackers were suspected of spreading the Vicious Panda virus to Mongolia using emails ostensibly from Mongolia's ministry of foreign affairs ( , ).
March 2020	United States of America	DDoS	United States Department of Health and Human Services, that is deeply involved in the COVID-19 issue, was the victim of a DDoS attack ( ).
March 2020	Libya	Malware	Exfiltration of user’s data using SpyMax malware through trojanized app ( ).
March 2020	Phillipines	Malware	It was a REMCOS malware communicated on the Internet in the Philippines at the early stage of lockdown ( ).
April 2020	Worldwide	DDoS	Credentials of World Health Organization Officials were Leaked ( ; Ahmad, 2020).
March 2020	United States of America	Malware	It was SMS that requested the recipient to take the COVID-19 preparation test to specific a website that downloads malware into a victim system ( ).
April 2020	China	Phishing	Vietnam has been accused of conducting a METALJACK phishing attack against Wuhan district offices ( ).
April 2020	United States of America	Phishing	Zoom was subjected to a severe cyber-attack in San Jose, California. Zoom Video Communications were the most talked-about cybersecurity issue in April 2020, just as the video meeting software has become a critical tool for daily business activities all over industries ( ).
April 2020	United States of America	Phishing	Magellan Health has been a victim of phishing. Over a five-day period, attackers got access to an organization server containing highly sensitive employee data.
April 2020	United States of America	Ransomware	A Maze hacking incident attacked cognizant information technology solutions company on April 18, 2020, which hindered the service online for some customers.
May 2020	Taiwan	Phishing	Emails revealed an unauthorized connection hacking tool that impersonated Taiwan's top infection-disease official and urged recipients to go and get coronavirus tests (Chigada andMadzinga, 2021).
Phishing	UK	Phishing	People were directed to a counterfeit track and trace website that gathered the credentials of the victim ( ).
May 2020	Japan	Undisclosed but suspected to be DDoS	On May 7, Nippon Telephone and Telegraph (NTT), Japan's largest firm and one of the largest in the world, was the victim of one of the most recent cyberattacks. Until May 11, the attack on the Firm went unnoticed.
May 2020	Nigeria	Undisclosed but suspected to be DDoS and unknown scammers.	Scammers pose as real and well-known organizations such as banks, travel agencies, insurance providers, and telecommunications companies, and use various excuses around COVID-19 to: Scammers have set up fictitious online stores claiming to sell products that do not exist, such as COVID-19 cures or vaccinations and face masks.
May 2020	United States of America	Ransomware	A group of hackers known as “Maze” stole and published sensitive data from the Asheville Plastic Surgery Institute, as well as a similar volume of information from a plastic surgeon in Washington state. Patient names, birthdays, insurance information, order forms, and before-and-after photos are among the information contained in the database.
June 2020	United States of America	Ransomware	The University of California, San Francisco (UCSF), which had been working on the COVID-19 vaccine, was indeed the victim of a ransomware attack and was compelled to pay $1.14 million to malicious actors known as Netwalker (Pranggono and Arabo, 2021).
June 2020	Canada	Ransomware	On an Android smartphone, Crycryptor ransomware masquerades as COVID-19 contact-tracing apps (Sun et al., 2021).
June 2020	Germany	Phishing	Phishing emails were sent to senior executives at a firm that handles personal protective equipment (PPE). The phishing links take executives to bogus Microsoft login pages to steal their login information (Ramadan et al., 2021).
June 2020	Worldwide	Botnet	In the COVID-19 era, coming across a bot account while browsing through Twitter is more likely. Researchers at Carnegie Mellon University revealed that most of the discussion surrounding the covid-19 pandemic and stay-at-home authorizations is fueled by propaganda and misinformation that use plausible botnet (Dornan, 2020)
July 2020	United States of America	Phishing	The social media platform was hacked, and hackers verified the Twitter accounts of high-profile US figures such as Barack Obama, Elon Musk, Joseph R. Biden Jr., Bill Gates, and others (Aslan et al., 2020).

Table 3 proved that the year 2020 was a tumultuous one, with daily life disrupted and huge changes in the corporate environment, all of which were exacerbated by increased Internet fraud as a result of the COVID-19 disaster. Most organizations are more reliant on the Internet than ever because many people are working from home or relying on their digital devices to keep them connected and entertained. However, the current cybersecurity trends demonstrate that hackers are taking full advantage of these COVID-19 crisis times, wreaking havoc on different organizations and their data more than ever before. Therefore, the year 2020 has had a huge impact on the most recent cyberattacks, including deadly phishing, malware, DDoS, botnet, APT and ransomware.

2.3. Timeline of cyber-attacks related to COVID-19

The cyber-crime episodes resulting from the COVID-19 pandemic constitute a severe threat to the global population's safety and socio-economy development. Therefore, understanding their mechanics, as well as their propagation and reach, is critical. Many techniques for understanding how such events evolve have been offered in the literature, ranging from formal definitions to systematic approaches to examining the nature of threats. However, while these methods allow for the categorization of an attack, they frequently lack the ability to map bigger, spread events like the ones described in this paper when the pandemic causes a slew of unconnected occurrences.

People increasingly work from home, attend digital school, and conduct business online to prevent the spread of the Coronavirus; practically every country in the globe proclaimed a state of emergency. However, during the COVID-19 crisis, almost all economic sectors were constantly under cyber security threats. Cyber-security most affected economic sectors are highlighted and discussed in the subsection below;

2.4. Cyber-security most affected economy sectors

Hackers also use credential stuffing tactics to get access to employees' credentials, and the stolen information is again sold to other criminals in the digital black market. One of the effects is that firms that rely significantly on videoconferencing platforms will be severely disrupted. Credential stuffing is a type of cyberattack in which hackers utilize stolen login and password combinations to obtain access to all other accounts. Because it is fairly usual for people to use the same password and username for many accounts, this is conceivable. Cyber-attack most affected economic sectors are highlighted in Fig. 2 .

An external file that holds a picture, illustration, etc.
Object name is gr2_lrg.jpg

Cyber-attack: most affected economy sectors at the wake of COVID-19 health crisis.

The war on the digital economy during the lockdown caused by the COVID-19 health crisis cannot be over-emphasized. Therefore, cyber-attack most affected economic sectors are discussed as follows;

(1) Financial sector

The financial industry faced numerous cyber security attacks during the COVID-19 crisis. At 5.85 million dollars, the mean cost of cybercrime in the financial services business is also among the highest of any industry ( ibm.com, 2020 , Najaf et al., 2020 , Bossler, 2021 ). It has compelled financial institutions like banks and insurance firms to continue providing online assistance to their customers. Again, the majority of employees worked from home in an insecure network. Once employees are at work, they are bound by certain security measures, which were not there before and which became the new normal practice. Employees were more vulnerable to cyber risks when using an insecure network ( Babulak et al., 2020 ). Customers increasingly rely on online banking, which exposes them to hackers. Hackers commonly target the financial sector with distributed denial of service (DDoS), phishing, and malware cyberattacks. ATM transactions ( Omolara et al., 2019a , Omolara et al., 2019b , Omolara et al., 2019c ) were visited by hackers that stole bank credit cards to withdraw money. During the Covid-19 crisis, there was an increase in credit card fraud (Zhu et al., 2021; Payne and Morgan, 2020). Therefore, there is an urgent need to protect data from intruders by developing a hybrid cipher ( Omolara et al., 2014 ) and up-to-date safe encryption algorithms to secure data in online transactions.

In the case of insurance firm cyber-attack, the Avaddon gang attacked the European insurance business AXA in May 2020. The incident occurred shortly after the corporation announced significant insurance policy modifications. In essence, AXA said it would no longer reimburse many of its clients for ransomware charges. The hacker group acquired access to a colossal 3 TB of data in this one-of-a-kind (and rather ironic) threat on a cyber-insurance corporation that made the news. Another significant insurance firm was hit by ransomware earlier in March 2020. On March 21, 2020, a hacker group targeted CNA's network, encrypting 15,000 devices, including many computers used by remote employees. The hacking group Evil Corp is suspected of being behind the attack, which uses a new strain of malware known as Phoenix CryptoLocker.

(2) Healthcare sector

A typical computer systems shutdown case occurred at Brno University Hospital due to a cyber-attack. The Brno University Hospital, is a significant Covid-19 testing site in the Czech Republic, was one of the first medical facilities obliged to turn away patients with serious illnesses and postpone surgeries. The World Health Organization (WHO) declared that cyber-attacks surged to fivefold during the COVID-19, causing public fear. Nearly 450 functional email addresses with a WHO username and passwords were compromised in the third week of April 2020 ( World Health Organization. 2020 ). Hackers and invaders are well aware that the global healthcare system is in disarray as a result of the epidemic. Since more people use the remote care system, hackers were increasingly active in gaining access to healthcare systems all over the globe for financial benefit. Hackers attempted to gain access to a huge series of individual data and credentials of patients, according to the United States cybersecurity and infrastructure security agency and the United Kingdom's national cyber security centre ( Lallie et al., 2021 ).

Throughout the pandemic, telemedicine became the only means to receive care. The treatment has made it easier for hackers to gather the needed information from specific patients. Before the pandemic, only 95 people in New York used telemedicine on a daily basis. However, during the disease outbreak, the number of patients surged by a factor of 44.30 times, and on a daily basis, nearly 4209 people used telemedicine. Ransomware assaults have increased dramatically as a result of these staggering numbers ( Jalali et al., 2021 ). Different Cyber-attacks / data breaches in healthcare and academic organizations at the peak of the COVID-19 crisis, in Summary, is presented in Table 4 .

(3) Education sector

Different Cyber-attacks / data breaches in healthcare and academic organizations at the peak of COVID-19 crisis in summary as reported.

S/No	Date of cyber-attack	Country of Cyber- attack	Organization	Report and impact of the attack	References
1	13 March 2020	Czech Republic	University hospital in Brno	The IT network went down, causing important surgeries to be postponed and emergency medical services to be jeopardized.	( ).
2	13 March 2020	Worldwide	World Health Organization (WHO)	Making a rogue website that looked like the WHO's official email system in order to steal employee passwords. According to WHO Chief Information Security Officer Flavio Aggio, the attack was unsuccessful. DarkHotel, a gang of sophisticated hackers, is suspected by many sources, according to Reuters.	( ).
3	14 March 2020	United Kingdom	Hammersmith Medicines ResearchGroup, UK (COVID-19 Vaccine Trial Group)	A ransomware attack resulted in the disclosure of previous patients' private details, as well as an unsuccessful attempt to deactivate the network.	( ).
4	16 March 2020	United States of America	Health and Human Services (HHS) Department	HHS servers were subjected to an unspecified attack.	( ).
5	22 March 2020	France	Paris Hospital Authority (AP-HP)	An attack on AP-HP servers that has not been identified.	( ).
6	4 April 2020	United Kingdom and Spain	Healthcare Workers	An attempt was made to disable anti-virus software as part of a ransomware attack.	( ; ).
7	13 May 2020	United Kingdom	ARCHER Academic High- Performance Computing(HPC) network	It was an exploitation of login nodes to force all user passwords to be rewritten	( ).
8	13 May 2020	United Kingdom	Bam Construct and Interserve (Companies who helped construct temporary COVID-19 hospitals for the UK’s National Health Service)	Unknown type of attack	( ).
9	10 June 2020	Iraq	Babylon Health (Appointment and video conferencing software for NHS doctors)	Due to a software flaw, there was a data leak.	( -health-admits-gp-hand-app-data-breach-caused software-issue).
10	16 July 2020	United States, United Kingdom and Canadian authorities	Governments	It was unspecified state-sponsored cyber-threats on institutions developing COVID-19 vaccines are alleged.	( -state-sponsored-hackers-target-covid-19-vaccineresearchers).

The abrupt transformation induced by the COVID-19 crisis significantly impacted educational systems. Most students at all levels now rely on e-learning, putting them at risk of cybercrime. In addition, most educational institutions use applications like Zoom for their e-learning processes. However, because of the attack, for instance, some schools in California were compelled to suspend their program activities for a few periods ( Harris and Jones, 2020 ). COVID-19′s dreadful status jeopardized schooling at all levels. Education was also at risk as the pandemic spreads. Homebound students took classes through online e-tech systems, e-learning environments, and video-conferencing. Cybercriminals have hijacked video and teleconference sessions (known as Zoom-bombing) in the past to distribute unpleasant or dangerous content. Educational institutions should keep private information out of e-learning platforms. They should use a software-as-a-service (SaaS) solution rather than a local client. Furthermore, they should prevent third-party providers from having direct access, and evaluate vendors and their security documents on a regular basis.

In some countries like the United Arab Emirates (UAE), e-learning tools were deployed in higher education. For example, UNESCO supplied a variety of distant learning resources to assist many schools and organizations in adjusting to continuing their work during COVID-19 ( UNESCO, 2020 ). Popular applications utilized to deliver lecture include WebEx, Zoom, Google Classroom, Ultra Collaborative, Skye, Blackboard Learn, GoToMeeting, Monitor Lockdown Browser, Respondus, amongst others. There are also many occasions where academic and non-academic staff and students communicate via social media platforms like Facebook, YouTube, WhatsApp, and others that offer online services that were used to promote education during the COVID-19 pandemic crisis. Thus, expert-led online courses were made available in English, French, Spanish, Italian, Portuguese, and other languages during the COVID-19 crisis.

(4) Military sector

A coronavirus-themed malware has been reported to overwrite a computer's Master Boot Record (MBR), rendering it unbootable. “Coronavirus Installer” is written in the malware file's description. Thus, the Covid-19 crisis and lockdown regulation was used as a trap by another Coronavirus-themed malicious HTA file (HTML executable file). It is most likely from the infamous SideWinder organization, which is known for targeting military targets. A pop-up PDF enticement with click-bait headlines and photographs of the Pakistan army is included in this HTA file. The CEOs and top executives of energy providers face a unique set of cyber and safety threats. Employees who use their residences to access crucial plant production and grid networks increase the likelihood of a second-wave crisis; rolling power outages and safety occurrences parallel when keeping the electricity or lights on is critical. The rush to remote systems, understaffed facilities, and new working modes will be exploited by attackers.

(5) Energy sector

In the energy sector, in times of crisis, such as COVID-19, the focus is on how to protect the public and how to maintain power flowing to customers. Working remotely is the most important priority for utility companies, but this fact also exposes the energy business to threats from inside and outside its cyber defenses. Energy companies must protect their employees and concurrently avoid outages since lives are on the line. Energy companies are facing new cyber-risks as a result of remote working. Attackers will look for new weaknesses in an energy's infrastructure to exploit. Utilities are fundamentally changing their power generation workflows, and cybersecurity approaches and structures will need to be updated as well. New operational models will be required for distributed energy sources. Likewise, remote work and automation will boost productivity. Energy businesses will have to educate and train the next generation of workers. The frequency and sophistication of cyberattacks against electricity will continue to rise. As each trend forms the new reality, electricity companies will need to iteratively update cybersecurity policies to protect operations. Then keep the lights on both in the short, middle and long term.

The hack of Colonial Pipeline in late April received the most media attention of all the cyber and ransomware assaults in 2021. “The Colonial Pipeline attack had such an impact because the pipeline is an integral part of the national critical infrastructure system,” says Joe Giordano, director of Touro College Illinois' Cybersecurity Program. Gas supplies were disrupted all along the East Coast of the United States as a result of the system's downtime, producing confusion and panic.“ Due to the fact that most Americans are directly affected by gasoline shortages, this strike touched close to home for many people. The attack was carried out the DarkSide gang, which targeted the company's billing system and internal business network, causing major shortages across many states. Colonial Pipeline finally caved in to the cyber-attacker's demands and paid the group $4.4 million in bitcoin to avert additional disruption. Luckily, much of the $4.4 million ransom collected was recovered by US law enforcement. The money was traced thanks to the FBI's monitoring of bitcoin transactions and digital wallets.

(6) Manufacturing sector

If manufacturing sectors were under the impression that they were protected from cyberattacks, that belief is gradually disproving, especially in 2020. In the years 2017 and 2018, more people became cognizant of Industry 4.0 and the rise of cybercrime. However, many companies in the sector were completely uninformed of the risks. By 2019, the manufacturing industry had risen to the eighth most targeted sector by cyber criminals. Due to the pandemic restrictions, many organizations were compelled to rely nearly entirely on remote labor in 2020, which exacerbated the problem. While most of the world was unprepared for COVID-19′s impact, cyber attackers were prepared. The industrial industry has slipped from eighth to second place in terms of cyber-attacks. Monitoring the company's network ecosystem for anomalies is highly significant in protecting against cyber-attack. Some security procedures are impossible to implement when working from home during the COVID-19 crisis. For example, both legitimate and illegitimate directives came from outside the company. It is difficult to tell what they are and their intention. As a result, monitoring becomes even more important to distinguish between attackers and employees.

Some monitoring and surveillance can be automated, allowing relevant employees to spend more time investigating suspected activity. Nevertheless, the threat to the nation's essential infrastructure and government organizations has not flown under the radar. Public institutions such as government parastatals are beginning to implement stronger restrictions for corporations that secure sensitive data, despite their poor response to cyber threats in the past. The Cybersecurity Maturity Model Certification and the IoT Cybersecurity Act were introduced in 2020 as ways to implement minimal cybersecurity rules for enterprises that deal with government organizations. Even so, the full impact of these laws will not be felt until 2022 or 2026. Meanwhile, cybercriminals will continue targeting organizations that have ignored warnings and failed to implement cybersecurity solutions.

However, there is just one answer for industrial companies looking to avoid risks. They need to learn about the potential cybersecurity risks for manufacturing companies and how to create a comprehensive cybersecurity solution to identify and prevent attack vectors before they breach the company network.

(7) Technology sector

The year 2020 and 2021 are years of the top significant data breaches ever globally. These breaches badly affected technology industries (information technology) such as Google, Twitter, Zoom, Amazon, Finastra, CDProjekt Red, SolarWind supply chain, etc. On its Chrome update page, Google stated that it is aware of exploits for two vulnerabilities, CVE-2021–38000 and CVE-2021–38003. However, both issues have been resolved, but only if Chrome users upgrade their browsers. “The Stable channel has been updated to 95.0,” Google verified the upgrade. Some well-known and well-respected Twitter accounts were hacked and exploited to spread false information about Bitcoin. The accounts asked for Bitcoin from their followers in exchange for a double reward. Despite the tweets being only active for a brief period, they made more than $100,000 in Bitcoin. Those who were tricked into transferring Bitcoin got nothing in return.

Zoom moved from a little-known boutique business to one of the most well-known and frequently used videos and audio conferencing systems almost overnight because of the quick increase in individuals working from home due to COVID-19. In Q2 2020, it had a factor of 3.55 times increase in revenue year over year. With such rapid expansion, Zoom had multiple security incidents, the most notable of which was the sale of over 500,000 user accounts on a dark web forum. According to reports, the accounts were accessed by utilizing user IDs and passwords that had previously been exposed in other breaches, a practice known as credential stuffing.

Finastra, a provider of software solutions company to financial institutions in many parts of the world, notably 90 of the top 100 banks, was hit by a ransomware attack that interrupted operations and forced the company to temporarily isolate compromised servers from the world wide web. Finastra has the US $1.9 billion in revenue, 9,000 + employees, and about 8,600 customers, with a global footprint and a broad set of financial technology products. Finastra likely have been a victim because of a history of issues pertaining to obsolete security practices and devices, like having four Citrix (NetScaler) servers vulnerable to CVE-2019–19781 operating in early January 2020, according to Bad Packets. This company monitors and helps in identifying cyber-security threats. Finastra said it employed “isolation, inquiry, and containment” to bring the case to court.

Other attacks were launched on CDProjekt Red, a well-known videogame studio in Poland. The HelloKitty gang hacked the company in February of this year. The hacker group gained access to source code for in-development games as well as encrypted gadgets. CDProjekt, on the other hand, has declined to pay the ransom and has backups in place to salvage the lost data.

In April 2020, REvil gang requested a $50 million ransom from computer manufacturer Quanta, similar to the Acer computer hack. Although Quanta is not a household name, it is one of Apple's most important business partners. REvil went after Apple when the company declined to negotiate with the hacker organization. They threatened to reveal more sensitive documents and data after disclosing Apple product blueprints taken from Quanta. REvil seems to have halted the offensive by May.

The biggest cyberattack in the year 2020 was the SolarWind supply chain attack that affected prominent private companies, including Microsoft, FireEye, Cisco, and NVidia, as well as multiple United States government organizations. Additionally, Amazon was the target of a massive DDoS attack by attackers.

(8) Tourism sector

Marriott hotel disclosed that personal information of about 5.2 million hotel guests was improperly obtained in 2020, marking the company's second major data breach in less than two years. Marriott is one of the leading hotels, with 7,300 hotel and resort locations in 134 countries. The visitor information was hacked in mid-January using login credentials from personnel at a franchised location, according to the firm, which was notified at the end of February 2020. Marriott has deactivated those logins and is cooperating with investigators. However, according to a statement, Marriott claims that the data breach did not affect their Marriott Bonvoy account passwords or PINs, emails, passport information, credit card information, address, and driver's license numbers.

(9) Food and Agricultural sectors

Ransomware victims in the food and agriculture sector face enormous financial losses as a result of ransom payments, lost output, and remediation costs. Companies may potentially lose proprietary data and personally identifiable information (PII) as a result of a ransomware assault, as well as suffer reputational damage. For example, JBS S.A., a Brazilian meat processing corporation, was hit by a cyberattack on May 30, 2021, rendering its pork and beef slaughterhouses inoperable. Facilities in Australia, the United States, and Canada, were all hit by the attack. A ransomware attack on an unidentified US farm in January 2021 resulted in a $9 million loss because of the temporary closure of their farming operations. The identified adversary targeted their internal servers by getting full administrator access via hacked credentials. In another incidence, a United States bakery firm lost access to its server, data, and apps in July 2021, disrupting production, shipping, and receiving (MSP) due to the Sodinokibi/REvil ransomware attack. The ransomware was delivered using software used by an IT support managed service provider. The bakery was closed for about a week, causing delays in customer orders and ruining the company's reputation.

In the case of agricultural farm cyber-attacks, for example, a popular agricultural farm in the United States lost $9 million in productivity after being forced to shut down due to a ransomware threat. It is ultimately up to the firm whether or not to pay the ransom, but it is crucial to note that paying does not mean the problem is solved. According to the FBI, up to 80 % of ransomware victims who paid the blackmail experienced a repeated attack, either from the same criminals or from a new group, after paying the ransom. Likewise, Australia's agricultural business faced cyber-threat according to a new AgriFutures Australia research that examines the cyber hazards following two major cyber assaults in the last 12 months. Most rural agricultural industries that fail to protect themselves from cyber threats endanger not only themselves but also Australia's food security.

(10) Transportation sector

The number of ransomware cyberattacks is rising across all industries, but the transportation industry appears to be the hardest hit. Transportation organizations are more adversely affected by the global cybersecurity gap than others because they have not traditionally deployed significant security teams to defend their digital assets. According to Cybertalk.org , the transport sector saw a 186 % spike in weekly ransomware attacks between June 2020 and June 2021. For example, new York's Metropolitan Transportation Authority (MTA), North America's largest transportation network, had been targeted by a cyber-attacker, according to sources in June 2021. Downstate New York is served by the MTA, as are two counties in southwestern Connecticut. The transportation system handles about 11 million passengers on weekdays, and over 850,000 automobiles pass through the MTA's seven toll bridges. The MTA’s network cyber-incidence was reportedly perpetrated by the Chinese attackers that allegedly used a zero-day vulnerability in a remote access product from Pulse Connect Secure.

(11) Commerce sector

The demand for goods and services has shifted to e-commerce. While the number of e-commerce in total retail in the United States climbed modestly from 9.6 % to 11.8 % between the first and second quarters of 2020, that is, from 9.6 % to 11.8 %, it jumped to 16.1 % between the first and second quarters of 2020. The trend in the United Kingdom is similar: between the first quarter of 2018 and the first quarter of 2020, the share of e-commerce in retail increased from 17.3 % to 20.3 %, before increasing dramatically to 31.3 percent between the first and second quarters of 2020. Similar trends can be seen in other places, such as the People's Republic of China, in which the share of online retail sales in cummulative net retail sales increased to 24.6 % from January to August 2020, from 19.4 % in August 2019 and 17.3 % in August 2018.

3. Methodology

Methodologically, this study started by looking for articles that looked at the overall ontology between COVID-19 and cybersecurity. Then, it was narrowed down to articles that looked at each affected economic sector, such as finance, healthcare, education, military, energy, manufacturing, tourism, technology, transportation, commerce, food, and agriculture. It searched various databases for papers connected to coronavirus OR COVID-19, including Science Direct, IEEE Xplore, Springer Link, PubMed, Willey, Emerald insight, Elsevier, and others, between March 2020 and December 2021. The period under review was the peak period of the COVID-19 incidence. Thus, we explore literature for material that had been published regarding cybersecurity issues in organizations during the lockdown, movement restriction and COVID-19 crisis. However, this study eliminates any epidemiological articles and research that were replicated.

We used 300 articles covering a wide range of economic sectors mentioned earlier. It also encompasses changes in consumer behavior and business practices, employees, managers, ethical issues, and policy-related challenges. The goal of this study was to learn how organizations reacted during the outset of the COVID-19 pandemic, identify cyber-attacks, and analyze them in order to provide solutions based on best working and management practices. It delivers the following answers to the research questions: What is the impact of the COVID-19 epidemic on organization cybersecurity? What are the best cybersecurity techniques that corporations utilize for early pandemic response? How can organizations deal with a cybersecurity problem during a crisis?

Based on a scoping examination of relevant literature published on the subject, this research aimed to analyze the cybersecurity problems faced by various organizations. That is, published articles in journals, letters, newspapers, and magazines between March 2020 and December 2021. A scoping review, rather than a systematic review, is better for fast covering of broader subjects from publications with a variety of study designs without judging the quality of the studies considered (Arksey and O'Malley 2005). This strategy is also well suited to examining new challenges and informing policy changes (Colquhoun et al., 2014; Kastner et al., Peters et al., 2014). Therefore, the approach developed by Arksey and O'Malley was also applied in this study, which consists of five steps.

3.1. Identifying relevant articles

Two complementary search strategies were utilized to find relevant published articles; from mid-March 2020 to December 2021, a state-of-the-art examination of reports was conducted. Search engines: The table and timeline were created using a variety of search engines. These search engines were Google, Baidu, Yahoo, Qwant, DuckDuckGo, Bing, AOL., Ask.com , and Excite. Likewise, we utilized Search engines for research such as Google Scholar, Educational Resources Information Center, Microsoft Academic, Worldwide Science, Wolfram Alpha, and Refseek.

Keywords utilized: When compiling cyber-attack reports, a number of keywords have been used. The Google translation tool was utilized to translate non-English phrases (Google Translate, 2020). Additionally, independent sources were employed to validate the translation ( Prates et al., 2020 , Suhono et al., 2020 ). The criteria for locating reports have been established and presented in a manner comparable to existing evaluations in the cyber security literature. A search was conducted in the English language using the Eureka database, which specializes in print media, using the following keywords:

“COVID-19 OR coronavirus,” “Organization and Cybersecurity” OR “Companies and Cybersecurity,” “SME and Cybercrime and COVID-19″ OR ”business and Cybersecurity or COVID-19,“ ”manager and employee and COVID-19 and Cybercrime“ OR ”COVID-19 and Cybercrime,“ ”COVID-19 and Cybercrime,“ Second, using the same terms, a Google News search was run to find other relevant articles. The first search results returned 4,874 potentially relevant articles. However, 3,012 of them were irrelevant, while 1,862 were included. The articles were examined again, and 1,102 duplicates were found. The methodical screening was the third step. The methodological screened number was 760. As a result of the methodological screening, 460 articles were found to be irrelevant for the study, and the final excluded articles were 60 because they were epidemiological studies. Therefore, 300 articles were found to be relevant for the study, as shown in Fig. 3 .

An external file that holds a picture, illustration, etc.
Object name is gr3_lrg.jpg

Shows the screening and selection procedure for the articles.

3.2. Selecting relevant articles

The exclusion and inclusion criteria were created to aid in removing articles unrelated to the core study issue of analyzing the best practices used by organizations to manage the COVID-19 pandemic. Articles in the research describe corporate policies implemented expressly to address the COVID-19 crisis, focusing on North America, Europe, South America, Australia, Africa, and Asia. Furthermore, in order to be considered for the study, the article had to provide at least one concrete example of an organization's behavior, as well as the organization's name. Articles that only discussed broad corporate, social, or political topics or examined management perspectives on COVID-19-related issues were omitted. Finally, 60 articles were removed throughout the selection process, while 300 relevant articles were included out of 4,874 evaluated.

3.3. Selection criteria

The articles discussed in this paper are all mentioned in the 'References' section. Meanwhile, exclusion and inclusion criteria for reviewed articles are described in Table 5 .

Study exclusion and inclusion criteria.

Exclusion Criteria
Inclusion Criteria	1- Published articles between March 2020 and December 2021. 2- English Language Write-up articles 3- Available or Found as full text. 4- Published articles in a peer-peer-reviewed journal. 5- Articles from reputable journals, conferences and letters, magazines, websites, news post and newspapers 6- Articles investigating cybersecurity issues during the COVID-19 pandemic.

3.4. Data visualization

The data was analyzed and a data extraction grid was created using Microsoft Excel. Then, the sheet was divided into six sections: (i) general characteristics; (ii) design and (iii) cyber crisis impacts; (iv) organizational techniques for cybersecurity management practices; (v) organizational methods for cyber-attack management; and (iv) preventive measures. Likewise, several articles were analyzed to develop the first draft of the list of cyber-attack types in the study.

3.5. Getting information, processing, and reporting

Meanwhile, an online questionnaire was taken to address the cybersecurity issues in many types of attacks. Then, 900 organization executives responded to the online questionnaire plan to prioritize operational capabilities to address the cybersecurity issues in many types of attacks. The information gathered from the corporate executives was analyzed. In the following sections, figures and tables were developed to reveal the study's primary findings. The percentage of articles discussing a given item under each category was also assessed, and the results are presented in the Figures and Tables in the next section.

4.1. Result on the number of articles processed in the study

The article mapping gives an overview of the topic's publications, notably in terms of organizational cybersecurity challenges during the global Covid-19 crisis. The article's goals and emphasis on specific subjects, most notably business sustainability, are also important considerations. The examination of the sectors covered in the articles reveals a diverse variety of activities and organizations involved in managing the COVID-19 problem and cybersecurity issues, as shown in Table 3 . The analysis also highlights the crisis' breadth, as it impacts all sectors of the economy. The result of the number of articles processed in the review is summarized in Table 6 .

Result on the number of articles processed in the study.

Indexer	Search results	Excluded	Included
PubMed	470	398	58
Science Direct	384	275	23
Emerald insight	360	351	20
IEEE Xplore	375	365	18
ACM Digital Library	235	225	18
Directory of Open Access Journals (DOAJ)	280	264	12
Scopus	230	220	10
Compendex	260	255	17
Willey	225	220	11
Elsevier	228	220	15
Taylor and Francis	223	219	13
Springer Link	268	260	14
Academic Search Complete EBSCO Host	240	235	15
ERIC	225	220	9
World of Science (WoS)	223	213	11
Google Scholar	220	217	12
Journal Storage (JSTOR)	219	215	14
Others	209	202	10
Total

Thus, Table 6 highlights the number of papers studied. After filtering and subsequent selection, three hundred (3 0 0) articles have been surveyed.

4.2. Result based on the percentages of screened and selected articles

The study removed 4,874 articles and 4,574 articles throughout the selection process. In comparison, 300 relevant articles were included, thus, accounting for 6 % of the included articles and 94 % of excluded articles, as shown in Fig. 4 .

An external file that holds a picture, illustration, etc.
Object name is gr4_lrg.jpg

Percentages of Included and Excluded Articles in the Study.

4.3. Results based on the types of cybersecurity questionaries’ to participants’

The cybersecurity questionaries’ to participants’ was based on providing enough cyber threat knowledge. Every-one needs to be aware of the cyber security attack and risks in today's world. However, most people are uninformed of this issue, and many are unaware of the potential cyber risks. This is creating a vacuum in terms of preventing cyber-attacks, and cyber criminals are seizing the opportunity to further their nefarious goals. On a hundred persons, a survey was conducted to assess their understanding of cyber dangers. The outcome is displayed in Table 7 .

Result of the survey based on the types of cybersecurity questionnaires to the participants.

S/n	Question	Correct Answer	Incorrect Answer
1	What is Hacking?	36 %	64 %
2	What is DoS attack?	21 %	79 %
3	What is Phishing?	27 %	73 %
4	What is Malware?	18 %	82 %
5	What is APT cyber-attack?	18 %	82 %
6	What is Ransomware?	22 %	78 %
7	What is Botnet cyber-attack?	22 %	78 %
8	What is Spam Email attack?	22 %	78 %
9	What is Browsing Apps attack?	22 %	78 %
10	What is Mobile Apps attack?	22 %	78 %
11	What is DDoS attack?	30 %	70 %
12	What is Malicious Domain?	20 %	80 %
13	What are Malicious Websites?	40 %	60 %
14	What is Business Email compromise (BEC)?	23 %	77 %
15	What is Malicious social media messaging (MSMM)	36 %	74 %

Given the survey results in Table 6 , it is evident that the majority of people are unaware of these issues, making it necessary to educate digital users on cyber insecurity. Users' awareness of cyber-security issues is urgently required to enable them protect and secure sensitive details in their devices. Likewise, organizations should prepare to educate their employees on cyber security problems by conducting training or workshops regularly. The government and agencies should provide similar training regularly for public consumption on radio and television. Furthermore, banks should help their customers take precautions against cyber criminals through constant text messages. To avoid losing their personal or organizational information, the general public should endeavor to gain a basic understanding of cyber security concerns and practise safety measures suggested by experts.

4.4. The background of the participants

Executives of organizations were among the respondents to the online questionnaire on plans to prioritize operational capabilities in order to address the cybersecurity challenges in many types of attacks. The analysis of the characteristics of the survey is shown in Table 8 .

Result of characteristics of the survey.

Gender	Frequency	Percentages (%)
Male	552	61
Female	348	39
Total
Age group
18–30	93	10
31–36	104	12
37–43	195	22
44–55	237	26
56 and above	271	30
Total
Educational qualification
Undergraduate	104	12
First degree	317	35
Master degree	387	43
Doctorate degree	92	10
Total
Participants Area of Expertize
Cybersecurity	238	26
Non-Cybersecurity	662	74
Total

Table 8 reveals the background of the participants in the survey. Generally, there are more male participants than their female counterparts. The number of males accounts for 61 %, while that of females accounts for 39 %. The age group between 18 and 30 have the least participants, accounting for 10 %. However, the age group between 56 and above has the most participants, accounting for 30 %. The highest level of educational qualification of the participants was master’s degree. But it was interesting to know that many of them are graduates and some participants have obtained doctorate degrees. Experts and non-experts in cybersecurity both participated in the survey. However, it was observed that cybersecurity experts are business executives with significant numbers who made valuable contributions to the validity of this study.

4.5. Result on economic sectors and number of articles reviewed in percentage

Several economic sectors hit by the pandemic have been identified in the literature and by online interaction with the organization executives for the period under study, that is, from March 2020 to December 2021. This study explores the business types affected and the number of articles in percentage is presented in Table 9 .

The result on the economy business sector and the number of articles reviewed in percentage.

S/n	Economy and business sectors	Number of articles	Percentage of number of articles
1	Finance	44	14
2	Healthcare	40	13
3	Information technology companies	35	12
4	Manufacturing	33	11
5	Transportation	30	10
6	Education	27	9
7	Energy	25	8
8	Food and Agriculture	20	7
9	Tourism industry	17	6
10	Military	10	3
11	Commerce	11	4
12	Other economy sectors	8	3

Table 9 revealed the main sectors of the global economy affected by cyber-attack during the COVID-19 crisis. The number of articles reviewed in percentage was calculated as follows; Finance (14 %), Healthcare (13 %), Information technology companies (12 %), Manufacturing (11 %), Transportation (10 %), and Education (9 %). Others include Energy (8 %), Food and Agriculture (7 %), Tourism (6 %), Commerce (4 %), Military (3 %), and Other sectors (3 %). The sudden lockdown of these industries for months has adversely affected their operational capabilities, but they have had to adjust rapidly, especially by creating telework, online sales, and delivery services.

4.6. Result of the number of articles reviewed continentally and their percentages

This coverage on specific continents was due largely to the inclusion and specific criteria for the articles, specifically in terms of English language online contact. Notwithstanding, approximately-one-third of the articles had a global outlook and focused on measures put in place against cyber-attacks by big organizations and businesses in different countries or on the worldwide platform.

The articles primarily covered continent by continent and are arranged in alphabetical order: Africa, Asia, Australia, Europe, North America, and South America. The continental distribution of the organizations cited in the articles is shown in Table 10 .

Alphabetical order of continents, number of articles reviewed and their percentages.

S/n	Continent	Number of articles	Percentage of number of articles
1	Africa	28	14
2	Asia	56	13
3	Australia	35	12
4	Europe	70	11
5	North America	84	10
6	South America	27	9

Furthermore, the number of articles in percentage per continent is highlighted in Fig. 5 .

An external file that holds a picture, illustration, etc.
Object name is gr5_lrg.jpg

Percentages of continental distribution of the organizations cited in the articles.

Fig. 5 reveals the percentages of continental distribution of the organizations cited in the articles. North America top the number of articles studied with 28 %. The next is Europe-based articles with 23 %, then Asia with 19 %, Australia with 12 %, Africa with 9 %, and South America with 9 % respectively.

4.7. Result of some cyber-attacks reported cases during the Covid-19 pandemic per month

A result of some cyber-attack cases reported globally during the COVID-19 pandemic between March 2020 and December 2021 can be presented in Table 11 .

Result of some cyber-attack cases reported during the Covid-19 pandemic per month.

S/n	Months	Number of reported cases of cyber-attacks globally at the wake of COVID-19 in the year 2020	Number of reported cases of cyber-attacks globally at the wake of COVID-19 in the year 2021
1	January	–	800
2	February	–	780
3	March	300	650
4	April	750	750
5	May	700	700
6	June	580	580
7	July	500	560
8	August	300	550
9	September	300	500
10	October	280	580
11	November	400	540
12	December	420	530

Furthermore, the result of some cyber-attack during the COVID-19 crisis, as highlighted in Table 10 , between March 2020 and December 2021 is clearly shown in Fig. 6 .

An external file that holds a picture, illustration, etc.
Object name is gr6_lrg.jpg

Cyber-attacks during the COVID-19 crisis between March 2020 and December 2021.

Table 9 and Fig. 6 revealed that cyber-attacks on the global economy were severe in certain months within 2020 and 2021. For example, cyber-attacks were severe between April and July 2020 and then slowed down from August to November but rose again in December of that year. In the following year, 2021, it became severe in January and February, then slowed down in March but rose again in April and May. Then, it slowed down gradually between June and September, then picked up again in October; and finally slowed down in.

4.8. Result of the respondents to the questionnaires on the main types of cyber-attack experienced during the COVID-19 crisis

This study explored the types of cybersecurity problems encountered at the wake of the COVID-19 crisis and analyzed the frequency of cyber-attack obtained from the respondent questionnaire. The analysis results are as follows: Malware was 7 %, phishing was 7 %, ransomware 2 %, distributed denial-of-service 6 %, browsing apps 6 %, malicious domains 9 %, denial-of-service 10 %, mobile apps 8 %, and malicious websites 10 %. Others are spam emails, capped at 13 %, malicious social media messaging 6 %, business email compromise at 4 %, APT at 1 %, Botnet attack at 2 %, and hacking attacks at 37 %. Therefore, the main types of cyber-attack reported, their frequency and percentages at the peak of the COVID-19 phenomena are summarized in Table 12 .

Results on the main types of cyber-attacks, frequency of attack and percentages between March 2020 and December 2021.

S/n	Types of cyber-attack	Frequency of attack	Percentages of attack
1	Phishing	140	7
2	Malware	131	7
3	Distributed denial-of-service (DDoS)	123	6
4	Ransomware	40	2
5	Browsing apps	125	6
6	Denial-of-service (DoS)	122	6
7	Malicious domains	168	9
8	Mobile apps	150	8
9	Website apps	121	6
10	Business email compromise (BEC)	70	4
11	Malicious social media messaging (MSMM)	119	6
12	Advanced persistent threat (APT)	25	1
13	Botnet	35	2
14	Hacking	330	17
15	Spam emails	250	13

Thus, organization executives look forward to prioritizing operational capabilities in cybersecurity and IT resiliency to boost business in diverse areas, as well as to increase profit. Even though many cyber-attack prevention mechanisms have been implemented, attackers often come up with some out-of-the-box scheme that can attack the network at all times. Some of the negative repercussions of falling victim to cyber-attacks include; (i) identity theft (ii) financial losses (iii) ransomware attack (iv) network slowdown (v) communication breakdown (vi) data loss breakdown (vii) data leak (viii) information breach (ix) network breakdown (x) loss of customer (xi) business bankruptcy and failure, etc.

Many types of cyber-attacks that occurred during the COVID-19 crisis were analyzed, and the result is presented as follows;

4.9. Result on the types of most common cyber-attack between March 2020 and December 2021

Different organization executives responded to the online questionnaires, which investigated the plan to prioritize operational capabilities in addressing cybersecurity issues in the next two years. The questionnaire’s data was evaluated and the result was obtained. About 900 organization executives were contacted online to answer questionnaires designed on plans to prioritize operational capabilities to address the cybersecurity issues in the next two years. Interestingly, a large proportion of them responded. That is, 895 out of 900 organization executives responded to the online questionnaire plan to prioritize operational capabilities to address the cybersecurity issues in many types of attacks as listed in Table 13 .

Result of the number of organizations' executives plan to minimize certain types of cyber-attacks in the next two years.

S/n	Type of cybersecurity challenges	Number of organization's executives planned to minimize a type of cyber-attack	Percentage of organization's executives planned to minimize a type of cyber-attack
1	APT	21	2
2	MSMM	25	3
3	Website apps	28	3
4	Browsing apps	30	3
5	Botnet	35	4
6	Ransomware	40	5
7	Malware	49	6
8	DoS	55	6
9	DDoS	60	7
10	Mobile apps	65	7
11	Malicious domains	72	8
12	Spam emails	80	9
13	BEC	90	10
14	Phishing	110	12
15	Hacking	135	15

895 out of 900 organization executives that responded to the online questionnaires planned to prioritize operational capabilities to address the cybersecurity issues in many attacks, as listed in Table 13 .

Table 13 was further analyzed to produce a graph for more clarity. Therefore, organizations' executives planning to curb certain types of cyber-attack in the next two years was in the following hierarchical order as presented in Fig. 7 .

An external file that holds a picture, illustration, etc.
Object name is gr7_lrg.jpg

Number of organization executives planned at minimizing difference cyber-attacks to advance ICT resilient.

Fig. 7 demonstrates that business executives plan to prioritize operational capabilities in cybersecurity to advance ICT resilience, sustain business and maximize profit. According to the analysis of the collated questionnaire, about 135 respondents out of 900 business executives that participated in the online interview planned to mitigate cyber-hacking in their organizations. In contrast, 110 business executives want to focus on reducing cyber-phishing that affected their operations during the COVID-19 crisis. Meanwhile, 90 business executives want to concentrate on tackling business email compromise (BEC) attacks that paralyzed business activities in their organization during the COVID-19 crisis. Moreover, 80 business executives want to address the issue of spam emails that are predominant in their organization’s network during the COVID-19 crisis. Likewise, 72 business executives promised to eliminate common malicious domain network attacks that have beclouded their organization’s cloud computing.

Similarly, 65 business executives vow to stop malicious mobile apps causing vulnerability in their organization’s Internet infrastructure. DDoS and DoS are other cyber-attacks that 115 business executives planned to extenuate within the next two years. Malware is a deadly type of cyber weapon that 49 business executives plan to palliate in their different organizations over the next two years. Ransomware is also an exploitative type of cyber-attacks that 40 business executives are planning to counter in their organizations within the next two years. Finally, botnets are a dangerous type of cyber-attacks that 35 business executives planned to mitigate in their various organizations in the next two years. Interestingly, 30 business executives wanted to resolve the problem of malicious browsing apps, and 28 planned to prioritize operational capabilities to curtail vulnerable website apps.

Moreover, over the next two years, 25 organization executives planned to handle malicious social media messaging (MSMM) troubling their digital network. Furthermore, 21 business executives seek to address the challenges of APT attacks in their organizations in the next two years.

4.10. Result on types of most common phishing attack

Many types of phishing attacks that occurred at the peak of the COVID-19 crisis were analyzed, and the result is summarized in Table 14 .

Types of phishing attacks between March 2020 and December 2021.

S/n	Types of phishing attacks	Frequency of attacked	Percentages of attacked
1	Email phishing	40	22
2	Domain spoofing	15	8
3	Vishing	12	7
4	Smishing	10	6
5	Spear Phishing	11	6
6	Search engine phishing	8	4
7	Whaling	7	4
8	Mobile phone phishing	20	11
9	Website phishing	15	8
10	Browsing phishing	10	5
11	Pharming attack	10	5
12	Deceptive phishing	25	14

Although many email phishing prevention mechanisms have been implemented, attackers often come up with some out-of-the-box email phishing scheme that manages to mislead people at all times. The following are some of the negative repercussions of falling victim to phishing emails: (i) identity theft, (ii) financial losses, (iii) ransomware attack, (iv) economic slowdown, and (v) communication breakdown.

Therefore, the types of phishing attacks that occurred throughout the epidemic and their percentages are depicted in Fig. 8 .

An external file that holds a picture, illustration, etc.
Object name is gr8_lrg.jpg

Various Types of Phishing Attacks.

Therefore, the various types of phishing attacks that occurred throughout the epidemic, as well as their percentages, is presented in Fig. 8 . According to the data breach investigations report, one out of every 14 people clicked on a link or opened an attachment in a phishing message. Likewise, a report from the BBC news on April 13, 2020, focused on how hackers are preying on Covid-19′s fears, as phishing emails were discovered and used in French, English, Italian, Turkish, and Japanese to attack people. As a result, individuals, as well as businesses such as aircraft, transportation, manufacturing, hospitality, healthcare, and insurance, are being targeted by cybercriminals. In addition, security experts noted that an increase in email frauds tied to the coronavirus is the worst in recent years.

4.11. Result of the main objectives of the articles reviewed

The main objectives of the articles reviewed can be summarized with analyzed results. The result of the main objectives of the articles reviewed can be summarized as depicted in Table 15 .

Result of the main objectives of the articles reviewed.

S/n	Article’s Objectives	Number of articles	Percentages of articles
1	Challenges faced by organizations during COVID-19	9	3
2	Cyber-security challenges during COVID-19	10	3
3	Emerging cyber-attack issues in COVID-19	7	2
4	Implication of COVID-19 pandemic	9	3
5	Cyber-attack implication for governance	7	2
6	COVID-19 trends and security concerns	8	3
7	Cost of doing business and cyber-attack	7	2
8	The COVID-19 pandemic and trends in technology	9	3
9	Cybercrime during COVID-19	7	2
10	Reflection of COVID-19 crisis on business	8	3
11	Policy framework on business to curb cyber-attack during COVID-19	7	2
12	COVID-19 crisis implication on economic and cybersecurity	6	2
13	COVID-19 and cybersecurity problems, solutions and future	5	2
14	COVID-19, cyber-attack and types of business affected	7	2
15	Is COVID-19 changing the cybercrime landscape?	8	3
16	COVID-19 and cyber-attack disruptions of business	7	2
17	Digitization priority in business and emerging issues	6	2
18	Private sector in fragile and conflict situations during COVID-19	8	3
19	Ten Deadly Cyber Security Threats Amid COVID-19 Pandemic	7	2
20	Technology adoption in emerging markets during COVID-19 crisis	9	3
21	Preparation for business resumption and cybersecurity	10	3
22	The long-term impacts of COVID-19 related cybercrime	7	2
23	The EU integrates COVID-19 into its long-term fight against disinformation	6	2
24	COVID-19 cyber security threats to MSMES	9	3
25	COVID-19 disruptions increase risk of cyber-attacks on MSMEs	8	3
26	Key cyber security risks for MSMES in the context of the COVID-19 crisis	5	2
27	Phishing and Business Email Compromise attacks using COVID-19 as bait	8	3
28	Malware distribution using COVID-19 as bait	6	2
29	Remote working and supply chain threats	9	3
30	2021 data risk report financial services	5	2
31	A Study of Security Threats in Cloud: Passive Impact of COVID-19 Pandemic	7	2
32	Cyber security in the age of COVID-19: A timeline and analysis of cyber-crime and cyber-attacks during the pandemic	8	3
33	Cyber Security Threats During Covid-19 Pandemic	6	2
34	Cyber Security Attacks on Smart Home During Covid-19 Pandemic	7	2
35	Cybersecurity During COVID-19	8	3
36	Cybersecurity post-COVID-19: Lessons learned and policy recommendations	11	4
37	Distributed denial of service (DDOS) attacks	8	3
38	How Covid-19 is Dramatically Changing Cybersecurity	7	2
39	IT Risk and Resilience— Cybersecurity Response to COVID-19	8	3
40	Pandemic Parallels: What Can Cybersecurity Learn From COVID-19?	6	2

5. Discussion

The goal of this study was to examine the effect of cybersecurity on organizations during the global COVID-19 crisis using a scoping review of relevant articles published on this topic in journals, conferences, magazines, media broadcasts and newspapers between March 2020 and December 2021. The study's analysis of the 300 articles provides the challenges faced by organizations, companies, small and medium scale (SMEs), as well as a global view of the major initiatives in this new and unusual situation, which frequently calls into question the possibility of “business as usual” and may even threaten companies' survival.

The article contributes significantly to the emerging literature on pandemic management in organizations. To our knowledge, it is the first systematic study of the practical measures implemented by businesses during the pandemic, based on a large number of concrete examples. The current literature on the COVID-9 crisis is based on health and medical rather than a business managerial perspective, and studies focusing specifically on business are still few. These studies tend to concentrate on specific industries and economic sectors, such as finance, healthcare, education, manufacturing, transportation, IT, energy, commerce, tourism, etc.

The data was generated from the global survey through online contact and responses, especially from the distinct organizations and business executives, revealed differences in cyber-attack techniques. After evaluation, the result showed that hacking attack was most frequent, with a record of 330, accounting for 37 % of the overall attacks. The second was spam emails with an attack frequency of 250, which account for 13 %. The third was Malicious domains, with 168 attacks accounting for 9 %. Finally, mobile apps with 150 attacks accounted for 8 % of the total attack, as earlier presented in Table 2 . However, APT attacks recorded 2 % as the least common type of attacks leveraged during the global COVID-19 crisis for the period under study.

In general, 99 % of organizations and their executives intend to prioritize cybersecurity over the next two years. However, 15 % of organizations and their executives intend to focus on reducing hacking attacks, which were most frequent in the period under review. Then, 12 % of the respondent vowed to concentrate on reducing Phishing attacks, and 10 % set priority on BEC attacks. Next was spam emails with 9 %, which executives intend to reduce, followed by Malicious domains 8 % which they planned to minimize as presented in Table 8 . However, 2 % are ready to minimize APT attacks in the next two years. In the future, the organizations and their executives equally plan to use artificial intelligence to improve cybersecurity. Therefore, it is not surprising that the hacking rate was the highest type of cyber-attacks, which organizations and their executive priority is built upon in the next two years.

Similarly, 27 % of the respondents believed that email phishing was the most common among different phishing attacks and must be most critical. Mobile phone phishing was also found scary with 14 %, Domain spoofing and Website phishing attacks were each 10 %. However, search engine phishing and whaling recorded 5 % as the least common type of phishing threats during the global COVID-19 crisis for the period under study. A summary of implications, future research issues, and actionable insights of COVID-19 and cybersecurity is presented in Table 16 .

COVID-19 and the Cybersecurity: A Summary of Implications, Future Research Issues, and Actionable Insights.



	The lockdown measure and high rise in digital hacking have caused employees to lose control of their organization’s network system. Organizations may protect themselves by sensitizing employees to be careful of hackers and also emails from unknown sources. Organizations like banks, schools, hospitals, airlines, restaurants, and supermarkets must adopt the best cybersecurity practices to sustain post-pandemic business.	What are the strategies that an organization such as bank, school, hospital, airline, restaurant, and supermarket need to put in place to prevent malicious cyber-criminals such as hackers? How will increase in hacking policies affect employee attitudes to work and behaviors to their employers? How will an organization invest in technologies such as cloud computing, Internet of things, artificial intelligence, and blockchain, to detect and prevent cyber-hacking even in a crisis situation like COVID-19?	Employees should build an innovative to mitigate vulnerability of hacker both in hardware and software system to avoid sudden loss of job of information or data breach. Organization managers in different sector of economy should adopt and encourage routines that will improve innovation and skill on how to mitigate hacking in various form to an atmosphere of confidentiality, integrity and authorization to data access. Governments could also implement a balanced method for ICT resilient in business and economy with new policy that will include lesson learn from hacking attacks in COVID-19 crisis.
	Employees should learn how to mitigate Malware attack using software like anti-Malware and other professional strategy with critical decision-making in an uncertain environment. Likewise, employees who are compelled to work online especially on team projects need to navigate the indirect and direct conflicts that could result in performance losses through cyber-attack by Malware. Organization managers need to possess rapid adaptability to both survive and then thrive in business in unprecedented environment regarding cybersecurity.	What are the strategies that an organization need to adopt to prevent malicious Malware cyber-attack such as worms and viruses? How will one identify the features of cyber-attack like Malware? How will rapid adaptation to new security ideas or environment promote organization operation or progress? How will employees or customer’s security awareness affect their emotional expression and team communication affect business resiliency, viability, sustainability or confidentiality? What are the methods that can help in dealing with cybersecurity in a complex, unprecedented, and change in doing business? How will these methods impact outcomes?	Employees team members need to pay attention to the ICT infrastructural security and nature of adaptation to new novel ideas or environment as well as communication flows with their managers. Likewise, employees team members need to pay attention to innovative ideas of customers, public opinions and experts advise. Furthermore, employees team members need to pay attention to stakeholders in the industry on how to reduce cyber-attack especially on how to identify Malware and counter it for business advancement. Organizations should enable opportunities for non-task interactions among employees and customers to build security and emotional ontology and confidentiality to continue among them. More also, organizations can better guide their security investments toward technologies with the largest potential cost savings. Furthermore, they can focus those technologies on the internal activities with the greatest strategic impact on improving cybersecurity protection.
	Employee’s must seek a novel approach to minimize data breach or data stealing which may lead to paying ransome of money to cyber-criminals. Managers/leaders are faced with new challenges to respond to cyber criminal’s demand for ransome pay with high level decision than usual. Organizations must seek ease way of dealing with call to pay ransome of money to cyber-criminals when sensitive data are stolen. A new security measure must be put in place to discover the cybercriminal without the need to pay money.	What are the strategies that an organization need to follow to prevent cyber-attack such as Ransomware? How will employees handle the issue of data breach or stolen data from an organization for financial benefit by the cybercriminals in a difficult situation like COVID-19 crisis? What are the best practices in handling the issue of data breach or stolen data from an organization for financial benefit by the cybercriminals in a difficult situation? How would the impact of data breach or stolen data and the ransome payment be on an organization like banks, schools, hospitals, airlines, restaurants, and supermarkets?	Organizations and business leaders plan ahead on how to address ransomware attack to avoid loss or bankruptcy
	Countries with a sizeable developed Internet connectivity saw the greatest type of phishing attacks of the century at the peak of COVID-19 crisis. Business owners with a developed digital ecosystem can accelerate growth through phishing free environment especially in the period of upheavals.	What are the strategies that an organization need to adapt to prevent cyber-adversaries such as phishing? How will one identify the features of phishing cyber-attack? How will one carry out feature selection (Abiodun et al. 2021) of phishing cyber-attack? How will phishing attacks on digital technology adoption such as Internet affect business operation particularly crisis scenario? How will employees and managers shift to working from home and socializing through the Internet fast track phishing operation and detection business in crisis? What methods or technologies to apply in order to successful halt the phishing kind of attack during coronavirus or any crisis? How will technologies be applied to successful halt the phishing kind of attack during coronavirus and restoring normalcy in the society? How will phishing kind of cyber-attack have an impact on business or organization?	Phishing cyber-attacks may not allow users to have confident in the use of technology or build one’s business all around customer which must not be ignored. Organization or business leaders must take advantage of being able to access the Internet to promote their themselves even at difficult time such as COVID-19 crisis.
	The present COVID-19 crisis is wake-up call to organization about the awareness creation on common cyber-attacks including spam emails.Organizations should ensure all employees are training to identify common spam emails attack especially during crisis.It is vital for organization to improve the computer ecosystem that will be devour of threat. So that they can maximize profit, and optimize use of cloud based technologies to support remote management and monitoring of essential services.	What are the strategies that an organization need to put together in order to prevent cyber-attackers such as spam emails? How will one identify the features of spam emails? What are the best ICT tools that can be utilized to address spam email attack? How can ICT tools be used to address spam email attack? What are the technical measures that can be deployed by a staff and an organization to mitigate spam email attack?	Computer and online resiliency can be enable when pre-caution and pro-active measure against spam emails are adequately used in an organization.
Distributed Denial of Service	Individual and employees that utilize or maintain ICT infrastructure such as the Internet connections must take cognizant of DDoS cyber-attack and zero-day vulnerabilities. With the challenges of multiple cyber-attack reported at the peak of COVID-19, organizations should be highly concerned about the rising cybersecurity to demonstrate commitment towards network security, protection and safety.	What are the strategies that an organization need to deploy to prevent cyber-attack such as DDoS? How will one identify the features of cyber-attack such as DDoS? How will an organization address cyber-attack such as DDoS?	Employees and employers should be worried about increasing DDoS cyber-attack to show commitment toward their organization’s computer network infrastructural security, protection and safety. Employers must be concerned about the sophisticated tools such as DDoS utilizing by the cyber –adversaries to disrupt business and cause loss.
Denial of Service (DoS) attack	Employees in banks, schools, hospitals, airlines, restaurants, and supermarkets need to learn how to use IoT systems to address state-of-the-art cybersecurity issues and they should conversant with cloud computing and DoS challenges. Management need to address DoS issue of non-compliances with latest technology that can drive organization operation for maximum advantages such as IoT devices, cloud computing and mobility as well as DoS cyber-attack.	What are the strategies that an organization need to adopt to prevent cyber-attack such as denial of service (DoS)? How will an organization invest in technologies such as artificial intelligence, Internet of things, blockchain, and cloud in order to recover from COVID-19 attacked?	Employees and employers must be concerned about the rising DoS cyber-attack to show commitment toward their organization ICT infrastructural security, protection and safety. Leaders must be concerned about the sophisticated tools such as DoS applying by the cyber-attackers to disrupt business and loss. Business leaders must be razor focused on commercial outcomes, work with the talent they have and trust the digital ecosystem.
	Employees need to understand how to build their skills to address emerging issues to meet employer’s innovation demand and customers’ needs specially in the use of mobile applications to solve emerging challenges. Organization’s executives must know that enhancing operating-model resiliency in mobile apps will require adapting employee’s skills and positions to post-pandemic modes of working to avoid sudden attack.	What are the strategies that an organization need to imbibe to prevent cyber-attack such as mobile apps attack? How can organization like banks, schools, hospitals, airlines adopt and promote procedures that increase trust of employees while keeping in mind the expenses of additional investment through mobile apps? How to address increasing long-term mobile apps damaged caused by cyber-attacked at the event of coronavirus crisis?	Individual or Internet users should create novel ideal to mitigate vulnerability of mobile devices through apps. Users of both in hardware and software system must avoid the use of any kind of mobile apps to eliminate loss of credentials or personal data breach. Organization executives should build manpower that will improve skill on how to mitigate attack in diverse form including the use of mobile apps. Governments could also implement a balanced method for ICT resilient with new policy that will include lesson learn from hacking mobile apps during COVID-19 crisis.
	Employees need to be innovative after COVID-19 incidence to bring new product to meet competitive market and consumer demands through reliable browsing apps which can improved customer retention and gain new customers.An organization like banks, schools, hospitals, airlines, restaurants, and supermarkets can gain from operational innovation of browsing apps by meeting consumer demands or demand, that will result in increasing market share or improve customer retention.	What are the strategies that an organization need to put in place to prevent cyber-attackers in browsing apps? How will an organizations such as banks, schools, hospitals, airlines gain from operational innovation by meeting consumer demands or demand, that can bring about increasing market sharing or promote customer retention?	Individual that utilize digital technology should seek a novel ideal to mitigate vulnerability of computer devices via browsing apps. Users of hardware and software system must be careful of using any type of browsing apps to avoid loss of information or data breach. Business managers must build manpower that will enhance skill on how to counter attack in various form such as the use of browsing apps. Governments could also implement a balanced method for ICT resilient with new policy that will incorporate lesson learn from hacking of mobile apps during COVID-19 crisis.
	Employees need to be innovative to bring new product to meet competitive market and consumer demands which can improve customer retention and gain new customers. Leaders must emphasize operational competence, such as fresh business entrance with a larger proportion of investment in ICT.	What are the strategies that an organization such as bank, school, hospital, airline, restaurant, and supermarket need to put in place to prevent cyber-attack such as website apps? How will employee’s innovation bring new product to meet competitive market and consumer demands in order to enhance customer retention and attract new customers by effective website apps?	To achieve more success in business, managers must plan to prioritize website capabilities and control apps available on business website.To regain loss after the COVID-19 crisis, it is critical for companies to prioritize new website apps to retain old customers and gain new ones in to maximize profit.
	Employees need to be bring a novel ideal into online marketing, advertising, and selling Amid COVID-19. Managers must plan to emphasize operational ability in the direction of digital marketing, advertising, and selling in order to take the organization forward and enhance efficiency	What are the strategies that an organization need to put in place to prevent cyber-attack such as domain? How will an organization like banks, schools, hospitals, airlines, restaurants, and supermarkets identify software tool that can be used to promote digital marketing, advertising, and selling by preventing malicious domains? How will an organization apply software tool to digital marketing, advertising, and selling in order to promote business? How will digital marketing, advertising, and selling promote business?	Organization should begin investing in technologies such as artificial intelligence to detect malicious domains in cloud in computing in order to prevent early cyber-attack in a crisis scenario like COVID-19. As consumers stay at home, selling, advertising and out-of-home marketing becomes obsolete and, paramount events are pushed back or left in a virtualized platform, then a strong defensive digital strategy against malicious domains are critical for business to advance.
	Due to the sheer loss of social structure, social ties and, status unemployment has both economic and hidden consequences. Those who remain as workers in organizations that have laid off workers as a result of the COVID-19 issue face both direct and indirect losses. Employees and employer’s relationship must be balanced to move business forward and optimize performance	What are the strategies that an organization need to put in place to prevent cyber-attack such as Botnet?What are the long-term effects of lack of job on mental health, and how can the jobless get job again? How does the COVID-19 pandemic changed an organizational working conditions and shattered employees and employer’s relationship, but given room for government to have upper hand in the control of workforce?	As consumers stay at home working, advertising and out-of-home marketing and rendering services becomes outdated and, important events are delay or pushed away into an online environment, then a strong defensive digital strategy against botnet is essential for business to grow.Organization require perseverance and tenacity, and sustainability even in the multiple attack of Botnet need to seek for assistance and information from others. COVID-19 phenomena have significantly altered organizations working conditions and broken employees and employer’s relationship and given room to cyber-adversaries to have an upper hand to destroy business using dreaded attack via botnet.
	Employees need to be alert of malicious social media messaging while bringing new social media messaging product to meet competitive market and consumer perspectives which can project customer retention and to gain new customers. Organization managers must create awareness to employees on cybersecurity issues such as malicious social media messaging to avoid been a victim.	What are the methods that an organization such as bank, school, hospital, airline, restaurant, and supermarket need to put in place to prevent cyber-attack such as malicious social media messaging? How will employees prevent falling victim of malicious social media messaging? How will employee’s innovation bring new product to meet competitive market and consumer demands in order to enhance customer retention and attract new customers by effective website apps?	Individuals, employees and organizations must learn how to prevent falling victim to this scam, and be curious of emails purporting to come from trusted individual, organization and government, as they can be fraudulent. Organizations should avail themselves the opportunity to be connected to Internet to promote their businesses in legitimate social media platform and take precaution of malicious social media messaging even in a crisis period such as COVID-19.To regain loss after the COVID-19 crisis, it is critical for companies to sanitize and train employees about the danger of business email scam.
	Employees need to be alert of business email compromise while enabling new product and services to meet competitive market and consumer perspectives which can encourage old customer retention and to accept new customers. Organization managers must create unique environment to let their employees share knowledge on cybersecurity issues such as malicious business email compromise to avoid falling victim.	What are the procedures that an organization such as bank, school, hospital, airline, restaurant, and supermarket need to put in place to prevent cyber-attack such as ? How will employees prevent falling victim of business email scam? How will employee’s innovation bring new product to meet competitive market and consumer demands in order to enhance customer retention and attract new customers by effective business email that can detect scam?	Individuals, employees and organizations must learn how to prevent falling victim to this scam, and be curious of emails purporting to come from trusted individual, organization and government, as they can be fraudulent.To achieve more success in business, managers must plan to prioritize website capabilities and control apps available on business website and emails.To regain loss after the COVID-19 crisis, it is critical for companies to sanitize and train employees about the danger of business email scam.

6. Solution to the identified cybersecurity challenges

(i) Phishing: When malicious communications pass via the computer, anti-spam software and anti-phishing security can be employed to protect users. Other forms of threats are protected by anti-malware. anti-malware software, like anti-spam software, can be designed by software security experts to detect even the most evasive malware. Phishing is the leading cause of all cyber-attacks, and it continues to be one of the easiest ways to steal sensitive information and spread malware. MetaPhish, on the other hand, was built to provide an effective defense against these threats and allow businesses to determine how vulnerable they are to phishing.

(ii) Malware: Installing anti-virus software is one of the most fundamental strategies to protect against malware. Anti-virus software can safeguard valuable devices against harmful viruses that could compromise the system. It will run a scan on the computer to detect and remove malware such as viruses, as well as give automatic updates to improve protection against newly generated malware or viruses. Likewise, purchasing software applications from reputable sources reduce the risk of malware infection on the device. Big companies will take great care to avoid tarnishing their reputation by disseminating malware. One may verify a source's validity by looking at the entire name, list of published apps, and contact information in the app description on Apple or Google Play. The Malwarebytes Threat Intelligence Team (MTIT) needs to keep an eye on the threat landscape, especially for attempts that try to capitalize on the public's concern over the COVID-19 problem.

(iii) DDoS: Distributed denial of service (DDoS) attack prevention solutions can help protect IT infrastructure. Multi-level protection techniques are also required for computer networks and applications. This could include DDoS prevention management systems that include firewalls, content filtering, anti-spam, VPNs, and other security layers to monitor malicious activities and identify traffic anomalies.

Primary technical tools used to mitigate DDoS attacks are (1) Loading scripts onto load balancers to filter malicious traffic, (2) Web Application Firewalls, (3) Third-party BGP-based scrubbing, (4) Third-party DNS-based scrubbing, (5) Network blocks based on Layer 3 or 4 characteristics, (6) Upstream Filtering, (7) Connection rate-limiting, (8) Blackhole and sinkhole routing, (9) Packet/Session Time-to-Live (TTL) Restrictions and (10) Protocol/Port Filtering.

Operational control to mitigate DDoS attacks: The following operational controls should be employed to prevent DDoS attacks. (1) Attribution – organizations should engage their law enforcement partners and work with them during DDoS botnet takedown missions, which will increase understanding of adversary TTPS and aid in preventing future attacks.

(2) Lessons learned – organizations should prepare a detailed post-incident report, discuss lessons learned, and update incident response plans as necessary. Furthermore, lessons learned from the DDoS attack should be used to legislate on cyber-crime.

(iv) DoS: Firewalls are effective in preventing DoS attacks because they can help block the offending internet protocol (IP) addresses or the ports the adversary is attacking. However, this has the disadvantage of preventing genuine queries through those ports. Intrusion prevention systems (IPS) detect and refuse non-legitimate server requests. Another DoS attack prevention strategy is to scan the hard drive to detect Trojans on network connections and backdoors, as well as, educate users about the dangers of installing unknown software.

(v) Malicious Social Media Messaging: To avoid being hacked on social media, it is crucial to be aware of what is available to the general population on phone. Examine one’s privacy options. Strangers should not be accepted as friends. There should be caution when checking in or sharing one’s whereabouts with others. Tags for Personal review information should not be shared over the internet. Anything you would not want others to see should not be shared.

(vi) Hacking: Hackers masquerading as the world health organization (WHO) send messages to people's emails that an attached file explains how to stop the sickness from spreading. They say that “one small measure can cure the infected person.” However, according to Proofpoint, the email attachment contains no relevant information, and instead, it will infect personal computers with malicious software known as AgentTesla Keylogger. AgentTesla Keylogger could record every keystroke and send it to the attackers, allowing them to track their victims' online activities. Therefore, to prevent falling victim to this kind or other variants of such scams, users or organizations must be skeptical of emails purporting to come from WHO, as they are sometimes fraudulent. Instead, users or organizations are advised to go to the organization's official website or social media outlets for the most up-to-date information. Individuals, organizations, and the government must invest more in cybersecurity to mitigate cyber-attack and better protect themselves during a crisis.

(vii) Business Email Compromise (BEC): Spear phishing or impersonating an internal email account is the most common BEC tactic. IT measures such as virtual private networks (VPNs) and application-based multi-factor authentication (MFA) can help to curtail, prevent or detect BEC.

(viii) APT: Selecting a firewall as the first line of security against APT operations is critical. The three most prevalent forms of firewalls are software firewalls, hardware firewalls, and cloud firewalls, all of which can help prevent APTs.

(ix) Mobile apps: Hackers deploy their own apps in the form of utilities, games, and other items that will monitor user behaviors and inputs behind the scenes. It enables them to steal various information, including what other apps the user has installed, network activities, the user's keyboard, and so on. However, to ensure the security of mobile apps, users must encrypt source code, conduct penetration tests, conduct a thorough question and answer, ensure security check, and secure data in transit. Similarly, users should encrypt files and databases, provide data security provisions, apply the latest cryptography techniques, implement high-level authentication, and secure the backend.

(x) Browsing apps: Working in tandem with the behavioural firewall, intelligent browsing apps such as web application firewall (WAF) can protect against these weaknesses, preventing sophisticated and hazardous cyberattacks.

(xi) Spam emails: Marking spam emails as spam, deleting spam emails, and marking as spam are all simple techniques to help remove spam emails. Also, using a third-party spam filter and keeping email addresses private is a sure way to avoid spam mail attacks.

(xii) Botnet: re-install software, especially the operating system. Email attachments from suspicious or unknown sources should also be avoided. Most botnet malware will be prevented from ever being installed on a computer by a reliable antivirus, and it will typically be easy to delete if the computer is already infected. Some recommended brands are TotalAV, Norton, Bitdefender, and Malwarebytes.

(xiii) Website apps: Web applications frequently feature a whitelist and blacklist of requests to prevent these attacks, although these can also be evaded. The simplest approach to prevent this particular type of attack is to program web applications so that code cannot be executed or injected.

(xiv) Malicious domains: The attacker can construct their new malicious domains to put malware and avoid using the original websites of an organization to put malware. The term “custom or fake malicious domains” refers to domains established by attackers themselves that are unknown or well-known to most people and only exist for a brief time to avoid discovery.

Therefore, in order to avoid infection or attack from malicious domains, users must maintain their computers and update software regularly. When necessary, the user can use a non-administrator account before clicking on any links or downloading anything. When opening email attachments or photos, they need to take precautions. Pop-up windows that ask the user to download software are not to be trusted and must be scanned. Importantly, file-sharing should be limited.

(xv) Ransomware: A variety of good monitoring applications, frequent file backups, anti-malware software, and user training is required for effective ransomware attack prevention. Although no cyber-defense can totally eliminate threats, one can considerably lower the chances of an adversary succeeding. File recovery is one of the most remarkable ways to recover from a ransomware attack. Maintaining a safe, up-to-date backup of all important files is the most reliable strategy to evade a ransomware attack. For example, a known Acronis cyber protect home office can be used to back up files; it could actively strive to detect and prevent ransomware attacks.

7. Future projections

The study's key topics of projection and worry for the future are as follows:

(1) In the foreseeable future, there is a strong likelihood of an increase in cybercrime. Cyber attackers will continue to ratchet in their malicious activities and develop more sophisticated and advanced modi operandi due to the vulnerabilities associated with working from home and the opportunity for higher financial gain.

(2) To capitalize on public worry over the pandemic, cyber actors are expected to continue spreading coronavirus-themed internet frauds and phishing tactics.

(3) Due to the economic slump and shift in the business climate, business email compromise techniques are likely to increase, creating new opportunities for criminal activity.

(4) Once a COVID-19 vaccine is ready, there will undoubtedly be another surge in phishing attacks targeting medical products.

(5) People all around the world are becoming more reliant on the internet, which is opening up new chances for many businesses and individuals who are not keeping their cyber defenses up to date.

(6) There is a need for more private to public sector collaboration to effectively combat the threat COVID-19 brings to cyber security.

(7) BEC fraud is a constant threat to all enterprises, people, law enforcement, and society as a whole. Perpetrators' tactics are dubiously effective, and the financial losses sustained by businesses can be crippling. According to the information presented in this analysis, there is a global upsurge of fraud victimization and losses associated with fraud Internet Crime Complaint Centre (ICCC) and BEC fraud seem to be adopting that trend ( Cross and Gillett, 2020 ).

(8) In addition, studies on the human consequences of BEC fraud are scarce. While the financial losses sustained by BEC fraud are well-known, little is known about the human and professional consequences of victimization. Currently, there is inadequate knowledge of how businesses handle BEC fraud in terms of both internal and external messaging. This is an area where best practice concepts that might be supported to improve an organization's reaction to BEC fraud could be identified. Analogous to data breaches, denial of the situation is unlikely to result in a successful future recovery.

(9) Data breaches have become an unwelcome aspect of the present world, and BEC fraud is no exception. Unfortunately, this will, without a doubt, continue to rise in the future.

(10) To more successfully tackle this crime category of BEC in the new decade, there is indeed a fundamental need for organizations and governments to invest in knowledge and research across both technology and human factors.

(11) Intelligence-gathering methods. Organizations should encourage the proactive use of cyber threat information to identify and address important indications of attacks (IOC).

(12) Risk control. Organizations can use governance, risk, and compliance (GRC) systems for better risk management. GRC solutions give you a clear picture of your company's risk exposure and help you connect the dots between different risk disciplines, for example, cybersecurity, operational risks, and business continuity.

(13) Be ready for an attack. Companies are recommended to conduct frequent cyber crisis simulation exercises to prepare for a cyberattack in these high-risk times.

(14) There is no such thing as zero trust. Organizations such as CISOs and CIOs should think about creating a zero-trust cybersecurity strategy. Only authorized and authenticated users and devices are allowed access to apps and data in this security paradigm.

(15) Another ransomware strain that could emerge in the future is one that explicitly targets backups. This would be quite troublesome because they are the only sure-fire ways to avoid malware. Ransomware has been discovered to attack intelligent thermostats, according to researchers. This ransomware could lock one’s home or business's thermostat and only allow you to modify it if you pay a ransom.

(16) Immutable and distributed ledgers with auditable records are available with blockchain technology, making it suitable for tracking every asset in supply chain management. It relies on a distributed, private, secure, and immutable record-keeping system ( Khurshid, 2020 ). Using blockchain, governments and hospitals may find COVID-19 suspected cases, places linked to reported cases, and infected areas with high risks. Blockchain has also been used to ensure healthcare data security ( Hossain et al., 2020 ). Keeping track of patients and analyzing their symptoms or reactions to the disease is critical during the COVID-19 epidemic. Many countries affected by COVID-19, notably in healthcare, have found blockchain to be a helpful platform.

(17) Research should also focus on data exfiltration prevention, such as developing a cognitive model ( Taofeek et al., 2022 , Omolara et al., 2019a , Omolara et al., 2019b , Omolara et al., 2019c ) that can deceive attackers who intend to steal data for ransoms, terrorism or any other purposes.

(18) More also different encryption schemes and techniques such as honey encryption techniques ( Omolara et al., 2019a , Omolara et al., 2019b , Omolara et al., 2019c ), enhanced one-time pad algorithms, quantum-based algorithms, amongst other state-of-the-art encryption schemes can be used to safeguide communicated and non-communicated data ( Omolara et al., 2018a , Omolara et al., 2018b ).

(19) Furthermore, more encryption schemes can be applied to secure patient information to thwart electronic health record threats based on decoys messages ( Esther Omolara et al., 2020 ) to prevent access to malicious attackers, especially during a crisis. Therefore, more research should be focused on different encryption paradigms that address the challenges of unauthorized data theft and penetration by malicious attackers.

(20) Contact tracing or tracing based on quantum computing will be exponentially powerful in future studies ( Slussarenko and Pryde, 2019 ). Artificial learning techniques and powerful computational intelligence tools like Monte-Carlo or particle filter tracking solutions may be included. Quantum sensing uses quantum entanglements' sensitivities to increase the timing, network synchronization, location precision, and accelerometer accuracy ( Degen et al., 2017 ). Thus, leveraging such technologies will be a good line of action in these unprecedented times.

8. Recommendations

The following recommendations are considered as additional solutions to the cybersecurity initially identified for users of digital systems, which include first prevention strategies and second prevention strategies:

A. The First Steps in Preventing Cyber-Attacks.

(1) Step 1: The user should ensure that anti-virus software is updated on all devices.

(2) Step 2: Ensure the device’s firewall is turned on.

(3) Step 3: Do away with any software that has been pirated.

(4) Step 4: Avoid accessing unfamiliar websites that may include phishing material.

(5) Step 5: The user should not save their username or password in the browser.

(6) Step 6: The user should not click on any email links until they have been ascertained safe.

(7) Step 7: Users can find security-certified websites; that is, those that begin with 'HTTPS://' are safe.

(8) Step 8: The user should not save credit/debit card information in the browser.

(9) Step 9: The user should always review the website address and double-check the address, whether it is a phishing site or not, before making a credit and debit card payment.

(10) Step 10: Users should not use the same password for all accounts.

(11) Step 11: Passwords must be sufficiently strong and not contain notable dates or numerals such as date of birth or private numbers.

(12) Step 12: Users should maintain the habit of installing a commercial operating system rather than pirated software.

(13) Step 13: Users should ensure that the system’s operating system is updated.

9. Practitioner recommendations

It is important to know that the COVID-19 crisis period is for a limited time as huge measures are being taken to find a vaccine that will address the debilitating health issue. Nevertheless, the crisis period could compound an already difficult situation for information technology (IT) and cybersecurity.professionals. Therefore, it is necessary to adhere to several professional advice from experts that could assist in preserving the digital ecosystem during the COVID-19 health crisis following the cybersecurity implications.

(1) Protection against DDoS attacks. An organization must maintain the firewall turned on to minimize DDoS attacks. In addition, Ingress and Egress filtering can assist control overflow by detecting the origin of the Internet protocol range ( Balas et al., 2020 ).

(2) Protection against phishing. Phishing attacks continue to unfold as a new danger for internet users. Cyber attackers send phishing emails with counterfeit website links to collect personal information and utilize it for financial gain. To minimize the risk of such attacks, having a good understanding of the modus operandi of phishing emails is essential. For example, clicking on phishing links is a bad idea. In addition, users should not provide their login information to vulnerable websites.

(3) Anti-malware protection. Malware attacks can be reduced by using up-to-date anti-virus gadgets. Nevertheless, there is a need for firmware updates to reflect the latest patch, and firewalls need to be enabled ( Gounder and Farik, 2017 ).

(4) Anti-ransomware protection. Ransomware steals data from a device solely for financial gain. End-users have the option of using updated anti-virus software. Then, to avoid ransomware attacks, an upgraded operating system can give an updated patch file.

(5) Anti-hacking measures. The following precautions can be taken to avoid hacking. User must not reveal their login details or password to people. However, they should ensure that their Passwords are complex enough that they cannot be easily guessed. Account information should not be shared.

(6) It is necessary for educational institutions to keep private information out of e-learning platforms; the use of a software-as-a-service (SaaS) solution rather than a local client prevents third-party providers from having direct access. More so, vendors and their security documents should be evaluated regularly.

(7) A novel blockchain-based system might be provided to connect intercountry for COVID-19 and track infected or tested patients internationally. Similarly, developing a blockchain-based system for secure home quarantine administration may help curtail some of the challenges.

(8) One of the most advanced quantum applications is quantum communications ( Manzalini, 2020 ). Therefore, improved cybersecurity in communications and greater privacy protection will almost certainly be one of its key benefits for tracing susceptible applications ( Ahmed et al., 2020 ).

(9) Nowadays, cyber terrorism has increased. Therefore, there is an urgent need on how to prevent cyber-terrorism using modern scientific approaches such as AI ( Dilek et al., 2015 ), machine learning algorithms ( Salih et al., 2021 , Zhang et al., 2021 , Naik et al., 2021 ), mathematical models (Oludare et al., 2018), forensic DNA profiling (Oludare et al., 2018) amongst others. Likewise, there is a need for increasing forensic investigation ( Arshad et al., 2022 , Arshad et al., 2020 ) into crime scene to searching for evidence that can be used for justice.

(10) Some businesses will have to switch to new operating models. To overcome the barriers in providing secure procedures for staff who work from home or are remotely linked, IT and cybersecurity rights would involve a careful investigation and prompt attention. Staff assistance and remote control would be essential. Before permitting the upgraded equipment to rejoin to the network, cybersecurity experts must ensure that people transferring from home to office are subjected to serious systems and access controls.

(11) Businesses will have to reset their security networks to ensure that there are no outliers. To assess any digital gaps in the firewall, physical and digital components must be reset. In order to support remote work, device and data access rights granted during the pandemic would need to be examined to see if they might be canceled or altered. IT infrastructure would have to be checked for flaws, improper routes, and forged identities. This is based on the discussion and findings from previous sections, as cybercriminals may have devised methods to gain access to regular security systems.

(12) Emerging cyber threats that have unfolded as a result of the outbreak must be understood. Security specialists would need to review their digital capabilities to ensure that key business activities can withstand cyber-attacks during a lockout. In addition, in order to ensure sustainability amid a health emergency, they will look into crucial supply linkages, particularly digital distribution networks.

(13) Organizations' security infrastructures should be reevaluated. This comprises re-assessing secure authentication tools, substantial remote access frameworks, risk and context-based secure authentication strategies.

(14) The security architecture of organizations should be re-evaluated. Secure authentication technologies, robust remote access mechanisms, and risk and context-based authenticating user procedures are all part of this.

(15) The security team would also have to share the lessons learned throughout the incident. This will help them design effective countermeasures in the case of a future epidemic. According to experts, security systems need to be re-calibrated, especially in terms of provision, scalability, remote management capabilities, and cloud-based dependability.

(16) Security team should collaborate with trusted stakeholders ahead of time in order to prepare for dynamic scaling, service delivery, and solution offering. Planning involves both creative and methodical thinking. Leaders are increasingly expected to use innovative methods and evaluate new functioning technology. Automation, especially, boosts operational efficiency while reducing the need for human interaction.

(17) Organizations will be forced to optimize expenditures and accelerate their digital revolutions as they adjust to the new normal post-crisis. These initiatives would need security leaders to adopt evolving technologies such as the Internet, IoT, Blockchain, 5G, and service models that have been adjusted to do more with less. That is crucial to operating in the most cost-effective way feasible.

(18) Anti-malware software detects and disables malware using behavioral heuristics analysis, signature detection, and, in certain cases, artificial intelligence. Anti-malware software should be deployed across every digital endpoint of an organization's network. However, ensuring that current anti-malware is properly deployed within all devices with network connectivity in today's age of bringing your own device (BYOD) workplaces might be challenging.

(19) Educational institutions should introduce courses on cyber security to create awareness for young students and researchers in the field of computer science in order to meet the future need on how to address the cyber-attacks challenges.

(20) Some essential ‘ must know ’ cyber security measures must be introduced in a syllabus as a general mandatory cybersecurity course for students in all the higher education programme to provide more solutions in the field.

10. Conclusion

The contribution of this paper should, however, be considered in light of some limitations. First, our research is a general literature review with an informative purpose, which might suggest that there is a possibility of a subjective selection of literature. Notwithstanding, the databases we have used, such as PubMed, IEEE Xplore, Emerald insight, Willey, ACM Digital Library, Google Scholar, Semantic Scholar, and EBSCO, represent the most cited articles. Asides, the purpose and the informative nature of this paper do not require a systematic review of the literature. Secondly, during the conception and development of this paper, the COVID-19 pandemic is still ravaging. Therefore, it was not possible to accurately identify the long-term challenges and opportunities. Therefore, future research should be directed toward longitudinal analysis to identify these challenges and opportunities.

Selected articles included in the survey were from March 2020 to December 2021. Following the COVID-19 pandemic, it is vital for top executives to look internally rather than outwardly to prioritize operational competencies across key areas for the recovery of their businesses in the next two years. The data explored for this study came from an online global poll, and the responses, particularly from different organizations and business executives, highlighted variances in cyber-attack strategies. After analysis, it was discovered that hacking attacks were the most common, accounting for 17 percent of all incidents, with a total of 330 attacks. The second was spam emails, which accounted for 13 % of all attacks with a frequency of 250. Finally, malicious domains came in third with 168 attacks, accounting for 9 % of all attacks.

As seen in Table 3 , mobile apps with 150 attack occurrences account for 8 % of all attacks. Throughout the global COVID-19 crisis, however, APT attacks were the least common sort of attack, accounting for 2 % of all attacks during the research period. Moreover, over the next two years, 99 percent of firms and their CEOs plan to emphasize on emanating cybersecurity issues. Also, 15 % of firms and their leaders plan to work on lowering hacking attacks, which were the most common throughout the study period.

With the proliferation of IoT devices, technological advancements, demand for access to sophisticated systems, and historical trends, DDoS attacks will expectedly grow in volume and frequency. Cybercriminals are expected to continue to seek and exploit vulnerabilities within these systems in an attempt to weaponize them for DDoS and RDoS campaigns. Plans to implement 5G capabilities coupled with recent and ongoing shifts to digitization by organizations have provided new grounds for intrusion by threat actors. It is imperative for organizations to remain vigilant in securing critical infrastructure by monitoring pre-existing and new technologies, ensuring new policies are being followed, and adhering to security best practices for managing enterprise networks and remote workforces.

The study focuses on current cyber challenges in the context of the COVID-19 pandemic. This pandemic has seen the most Internet usage and attack ever. Many people worldwide use the Internet to continue their contact, businesses, education, and medical care, amongst others. This pandemic has put every-one's stress levels to the test. Likewise, people have also used the Internet to reduce their stress levels. This epidemic has demonstrated that people can perform their duty at home, go to school, and participate in other activities. However, cybercriminals have seized the opportunity to profit from the general public's widespread usage of the Internet. But due to a lack of awareness of the tactics, dynamism and complexity of cyber security and its associated loopholes, cyber security attacks have escalated dramatically during this epidemic.

Every digital user must understand and engage with the digital world with a proactive approach as if an impending cyber threat is looming. Considering that cyber-attacks constitute a severe danger to individuals, government and private organizations, it has become a top priority to provide every internet-connected individual with a basic understanding of cyber security to prevent crucial data from falling into the hands of cyber thieves.

COVID-19 is only the start. In the future, the globe may be confronted with an increasing number of viruses like this. As a result, it's time to start thinking about the future. We should all learn from the COVID-19 epidemic so that every-one can better prepare well for the future and ensure that Cyber Security does not cause any more problems for the world at large. Cybersecurity concerns must be on the agendas of executive committee meetings of organizations; they should be given special attention in light of the increased threats during crisis scenarios. Rather than reacting to successful cyberattacks, organizations should be proactive in dealing with them and devise strategies to prevent them. Although prevention measures are crucial, cyber-attack detection, response, and recovery skills are also required. Future research will focus on executives prioritizing operational capabilities in the direction of cost management, health and cybersecurity.

Declaration of Competing Interest

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

Acknowledgements

While accepting sole accountability for the article's substance, the authors want to thank the reviewers for their important remarks in this survey research efforts.

Compliance with ethical standards

Funding information: This work has been fully supported by Abu Dhabi University under Grant No 19300635.

Human and animal’s rights: This article does not contain any studies with human participants or animals performed by any of the authors.

Informed consent: Informed consent was not required in this article as no humans or animals were involved.

Peer review under responsibility of King Saud University.

Abiodun O.I., Abiodun E.O., Alawida M., Alkhawaldeh R.S., Arshad H. A review on the security of the internet of things: challenges and solutions. Wireless Pers. Commun. 2021; 119 (3):2603–2637. [ Google Scholar ]
Abiodun E.O., Alabdulatif A., Abiodun O.I., Alawida M., Alabdulatif A., Alkhawaldeh R.S. A systematic review of emerging feature selection optimization methods for optimal text classification: the present state and prospective opportunities. Neural Comput. Appl. 2021; 33 (22):15091–15118. [ PMC free article ] [ PubMed ] [ Google Scholar ]
Achim, M. V., Văidean, V. L., Borlea, S. N., & Florescu, D. R. (2021). The impact of the development of society on economic and financial crime. Case Study for European Union Member States. Risks, 9(5), 97.
Adeyoju, A. (2019). Cybercrime and Cybersecurity: FinTech’s Greatest Challenges. Available at SSRN 3486277.
Ahmed N., Michelin R.A., Xue W., et al. A survey of covid-19 contact tracing apps. IEEE Access. 2020; 8 :134577–134601. [ Google Scholar ]
Arshad H., Omlara E., Abiodun I.O., Aminu A. A semi-automated forensic investigation model for online social networks. Comp. Security. 2020; 97 [ Google Scholar ]
Arshad H., Abdullah S., Alawida M., Alabdulatif A., Abiodun O.I., Riaz O. A multi-layer semantic approach for digital forensics automation for online social networks. Sensors. 2022; 22 (3):1115. [ PMC free article ] [ PubMed ] [ Google Scholar ]
Auyporn W., Piromsopa K., Chaiyawat T. ISPIM Conference Proceedings. The International Society for Professional Innovation Management (ISPIM); 2020. Critical Factors in Cybersecurity for SMEs in Technological Innovation Era; pp. 1–10. [ Google Scholar ]
Babulak E., Hyatt J., Seok K.K., Ju J.S. COVID-19 & cyber security challenges US, Canada & Korea. Int. J. Trans. Machine Learn. Data Mining. 2020; 2020 (2):43–59. [ Google Scholar ]
Balas V.E., Kumar R., Srivastava R., editors. Recent trends and advances in artificial intelligence and internet of things. Springer; 2020. pp. 389–425. [ Google Scholar ]
Bossler A.M. Neutralizing cyber attacks: techniques of neutralization and willingness to commit cyber attacks. Am. J. Criminal Justice. 2021; 46 (6):911–934. [ Google Scholar ]
Burns A.J., Johnson M.E., Caputo D.D. Spear phishing in a barrel: Insights from a targeted phishing campaign. J. Organiz. Comp. Electr. Commerce. 2019; 29 (1):24–39. [ Google Scholar ]
Cbsnews (2021). https://www.cbsnews.com/news/us-covid-relief-hacking-hackers-arrested-indonesia-aid-program-scam/.
Cressey, D. R. (1953). Other people's money; a study of the social psychology of embezzlement.
Cross C., Gillett R. Exploiting trust for financial gain: An overview of business email compromise (BEC) fraud. J. Financial Crime. 2020 [ Google Scholar ]
Cross C., Kelly M. The problem of ‘white noise’: examining current prevention approaches to online fraud. J. Financial Crime. 2016; 23 (4):806–828. [ Google Scholar ]
Das S. Springer; New Delhi: 2015. The Cyber Security Ecosystem: Post-Global Financial Crisis. In Managing in Recovering Markets; pp. 453–459. [ Google Scholar ]
Degen C.L., Reinhard F., Cappellaro P. Quantum sensing. Rev. Mod. Phys. 2017; 89 [ Google Scholar ]
Dilek, S., Çakır, H., Aydın, M., 2015. Applications of artificial intelligence techniques to combating cyber crimes: A review. arXiv preprint arXiv:1502.03552.
Esther Omolara A., Jantan A., Abiodun O.I., Arshad H., Dada K.V., Emmanuel E. HoneyDetails: A prototype for ensuring patient’s information privacy and thwarting electronic health record threats based on decoys. Health Inf. J. 2020; 26 (3):2083–2104. [ PubMed ] [ Google Scholar ]
French G., Hulse M., Nguyen D., Sobotka K., Webster K., Corman J., Ewing M. Impact of hospital strain on excess deaths during the COVID-19 pandemic—United States, July 2020–July 2021. Morb. Mortal. Wkly Rep. 2021; 70 (46):1613. [ PMC free article ] [ PubMed ] [ Google Scholar ]
Gottschalk P. Stages of financial crime by business organizations. J. Financial Crime. 2008 [ Google Scholar ]
Gounder M.P., Farik M. New ways to fight malware. Int. J. Sci. Technol. Res. 2017; 6 [ Google Scholar ]
Greathorn.com (2021). Cybersecurity Insiders. https://info.greathorn.com/hubfs/Reports/2021-Business-Email-Compromise-Report-GreatHorn.pdf.
Harris A., Jones M. COVID 19–school leadership in disruptive times. School Leadership Manage. 2020; 40 (4):243–247. [ Google Scholar ]
Hasham S., Joshi S., Mikkelsen D. McKinsey & Company; 2019. Financial crime and fraud in the age of cybersecurity; pp. 1–11. [ Google Scholar ]
Hill, M., 2020. HMRC Shuts Down Almost 300 COVID19 Phishing Scam Sites, 2020, https://www.infosecuritymagazine.com/news/hmrc-covid19-phishing-scams/, (Accessed 10 June 2020).
Hossain M.S., Muhammad G., Guizani N. Explainable AI and mass surveillance system-based healthcare framework to combat COVID-I9 like pandemics. IEEE Network. 2020; 34 :126–132. [ Google Scholar ]
ibm.com (2020). https://www.ibm.com/annualreport/.
Interpol. (2020). INTERPOL report shows alarming rate of cyberattacks during COVID-19.
Jalali M.S., Landman A., Gordon W.J. Telemedicine, privacy, and information security in the age of COVID-19. J. Am. Med. Inform. Assoc. 2021; 28 (3):671–672. [ PMC free article ] [ PubMed ] [ Google Scholar ]
Kaspersky, (2020). Coronavirus phishing, 2020.
Khan, N. A., Brohi, S. N., & Zaman, N. (2020). Ten deadly cyber security threats amid COVID-19 pandemic.
Khurshid A. Applying blockchain technology to address the crisis of trust during the COVID-19 pandemic. JMIR Med. Inf. 2020; 8 :e20477. [ PMC free article ] [ PubMed ] [ Google Scholar ]
Khweiled R., Jazzar M., Eleyan D. Cybercrimes during COVID-19 Pandemic. Int. J. Inf. Eng. Electr. Business. 2021; 13 (2) [ Google Scholar ]
Lallie H.S., Shepherd L.A., Nurse J.R., Erola A., Epiphaniou G., Maple C., Bellekens X. Cyber security in the age of COVID-19: A timeline and analysis of cyber-crime and cyber-attacks during the pandemic. Comp. Security. 2021; 105 [ PMC free article ] [ PubMed ] [ Google Scholar ]
Mansfield-Devine S. The growth and evolution of DDoS. Network Security. 2015; 2015 (10):13–20. [ Google Scholar ]
Manzalini A. Quantum communications in future networks and services. Quantum Rep. 2020; 2 :221–232. [ Google Scholar ]
Masciandaro D., editor. Global financial crime: terrorism, money laundering and offshore centres. Taylor & Francis; 2017. [ Google Scholar ]
McGuire, M., 2018. Understanding the growth of the cybercrime economy. In RSA conference, USA.
Mertoiu G.B., Mesnita G. Global crises and cybersecurity atacks–an analysis during the covid-19 pandemic. Acta Scient. Polonorum Oeconomia. 2021; 20 (4):39–48. [ Google Scholar ]
Mohamed, N. A., Jantan, A., Abiodun, O. I., 2018. An improved behaviour specification to stop advanced persistent threat on governments and organizations network. In proceedings of the International MultiConference of Engineers and Computer Scientists (Vol. 1, pp. 14-16).
Naidoo R. A multi-level influence model of COVID-19 themed cybercrime. Eur. J. Inf. Syst. 2020; 29 (3):306–321. [ Google Scholar ]
Naik B., Mehta A., Yagnik H., Shah M. The impacts of artificial intelligence techniques in augmentation of cybersecurity: a comprehensive review. Complex Intelligent Syst. 2021:1–18. [ Google Scholar ]
Najaf K., Schinckus C., Yoong L.C. VaR and market value of fintech companies: an analysis and evidence from global data. Managerial Finance. 2020 [ Google Scholar ]
NCSC, (2020). NCSC Shines Light on Scams Being Foiled via Pioneering New Reporting Service, 2020, https://www.actionfraud.police.uk/news/cyber-expertsshine-light-on-online-scams-as-british-public-flag-over160000-suspect-emails, (Accessed 7 May 2020).
Netherlands, C. B. S. (2020). Less traditional crime, more cybercrime.
Sky News, (2020). Coronavirus: Fraud victims have lost more than £4.6m to virus-related scams, 2020. https://news.sky.com/story/coronavirus-fraud-victimshave-lost-more-than-4-6m-to-virus-related-scams11996721.
Ng A.W., Kwok B.K. Emergence of Fintech and cybersecurity in a global financial centre: Strategic approach by a regulator. J. Financial Regul. Compliance. 2017 [ Google Scholar ]
Omolara, A. E., Jantan, A., Abiodun, O. I., & Arshad, H. (2018). An enhanced practical difficulty of one-time pad algorithm resolving the key management and distribution problem. In proceedings of the International MultiConference of Engineers and Computer Scientists (Vol. 1).
Omolara A.E., Jantan A., Abiodun O.I., Singh M.M., Anbar M., Kemi D.V. State-of-the-art in big data application techniques to financial crime: a survey. Int. J. Comp. Sci. Network Security. 2018; 18 (7):6–16. [ Google Scholar ]
Omolara A.E., Jantan A., Abiodun O.I. A comprehensive review of honey encryption scheme. Indonesian J. Electr. Eng. Comp. Sci. 2019; 13 (2):649–656. [ Google Scholar ]
Omolara A.E., Jantan A., Abiodun O.I., Dada K.V., Arshad H., Emmanuel E. A deception model robust to eavesdropping over communication for social network systems. IEEE Access. 2019; 7 :100881–100898. [ Google Scholar ]
Omolara, A. E., Jantan, A., Abiodun, O. I., Arshad, H., & Mohamed, N. A. (2019). Fingereye: improvising security and optimizing ATM transaction time based on iris-scan authentication. Int. J. Electr. Comp. Eng. (2088–8708), 9(3).
Omolara O.E., Oludare A.I., Abdulahi S.E. Developing a modified hybrid caesar cipher and vigenere cipher for secure data communication. Comp. Eng. Intelligent Syst. 2014; 5 (5):34–46. [ Google Scholar ]
Pras I.A. University OF Twente); 2021. Investigating an Association Between DDoS and Phishing Attacks. Doctoral dissertation. [ Google Scholar ]
Prates M.O., Avelar P.H., Lamb L.C. Assessing gender bias in machine translation: a case study with google translate. Neural Comput. Appl. 2020; 32 (10):6363–6381. [ Google Scholar ]
Reid A.S. Financial crime in the twenty-first century: the rise of the virtual collar criminal. Palgrave Macmillan; London: 2018. pp. 231–251. [ Google Scholar ]
Rosso, K. D. (2020). New threat discovery shows commercial surveillanceware operators latest to exploit covid-19.
Sakurai, Y., Smith, R. G. (2003). Gambling as a motivation for the commission of financial crime.
Salih A., Zeebaree S.T., Ameen S., Alkhyyat A., Shukur H.M. 2021 7th International Engineering Conference “Research & Innovation amid Global Pandemic“(IEC) IEEE; 2021. A survey on the role of artificial intelligence, machine learning and deep learning for cybersecurity attack detection; pp. 61–66. [ Google Scholar ]
Särökaari, N. (2020). Phishing attacks and mitigation tactics.
Slussarenko S., Pryde G.J. Photonic quantum information processing: A concise review. Appl. Phys. Rev. 2019; 6 [ Google Scholar ]
Smzdm.com, Hackers are using the ”coronavirus” fear for phishing 2020.
Suhono S., Zuniati M., Pratiwi W., Hasyim U.A.A. Clarifying google translate problems of Indonesia-English translation of abstract scientific writing. EAI. 2020; 24–25 :1–13. [ Google Scholar ]
Sultana J., Jilani A.K. Springer; Cham: 2021. Classifying Cyberattacks Amid Covid-19 Using Support Vector Machine. In Security Incidents & Response Against Cyber Attacks; pp. 161–175. [ Google Scholar ]
Taofeek O.T., Alawida M., Alabdulatif A., Omolara A.E., Abiodun O.I. A cognitive deception model for generating fake documents to curb data exfiltration in networks during cyber-attacks. IEEE Access. 2022 [ Google Scholar ]
Thakur, K., Ali, M. L., Jiang, N., & Qiu, M. (2016, April). Impact of cyber-attacks on critical infrastructure. In 2016 IEEE 2nd International Conference on Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing (HPSC), and IEEE International Conference on Intelligent Data and Security (IDS) (pp. 183–186). IEEE.
Tidy J. Coronavirus: Israel enables emergency spy powers. BBC News. 2020; 17 [ Google Scholar ]
UNESCO: (2020). Distance Learning Solutions (2020).
Ünvan, Y. A. (2020). Financial Crime: A Review of Literature. Contemporary Issues in Audit Management and Forensic Accounting.
Walter J. Threat intel| cyber-attacks leveraging the covid-19/coronavirus pandemic. SentinelLABS. 2020; Sep :4. [ Google Scholar ]
Watters P.A., McCombie S., Layton R., Pieprzyk J. Characterising and predicting cyber attacks using the Cyber Attacker Model Profile (CAMP) J. Money Laundering Control. 2012 [ Google Scholar ]
World Health Organization. (2020). WHO reports fivefold increase in cyber attacks, urges vigilance. News release), April, 23.
Wu S., Chen Y., Li M., Luo X., Liu Z., Liu L. Survive and thrive: A stochastic game for DDoS attacks in bitcoin mining pools. IEEE/ACM Trans. Networking. 2020; 28 (2):874–887. [ Google Scholar ]
Yar M. The novelty of ‘cybercrime’ an assessment in light of routine activity theory. Eur. J. Criminol. 2005; 2 (4):407–427. [ Google Scholar ]
Zahra S.R., Chishti M.A., Baba A.I., Wu F. Detecting Covid-19 chaos driven phishing/malicious URL attacks by a fuzzy logic and data mining based intelligence system. Egypt. Inf. J. 2021 [ Google Scholar ]
Zhang Z., Ning H., Shi F., Farha F., Xu Y., Xu J., Choo K.K.R. Artificial intelligence in cyber security: research advances, challenges, and opportunities. Artif. Intell. Rev. 2021:1–25. [ Google Scholar ]

Threats and vulnerabilities

zephyr_p - stock.adobe.com

10 of the biggest cyber attacks of 2020

Here is a list of 10 of the largest cyber attacks of a pandemic-dominated 2020, including several devastating ransomware incidents and a massive supply chain attack..

Arielle Waldman, News Writer

A pandemic-focused year made the events of 2020 unprecedented in numerous ways, and the cyber attacks were no different.

As the world transitioned to virtual everything -- work, school, meetings and family gatherings -- attackers took notice. Attackers embraced new techniques and a hurried switch to remote access increased cyberthreats across the board. For example, K-12 schools took a brunt of the hit, and new lows were reached like the exfiltration of student data. The list of top cyber attacks from 2020 include ransomware, phishing, data leaks, breaches and a devastating supply chain attack with a scope like no other. The virtually-dominated year raised new concerns around security postures and practices, which will continue into 2021.

While there were too many incidents to choose from, here is a list of 10 of the biggest cyber attacks of 2020, in chronological order.

Toll Group tops the list for the year's worst cyber attacks because it was hit by ransomware twice in three months. However, a spokesperson for Toll Group told SearchSecurity the two incidents were not connected and were "based on different forms of ransomware." On Feb. 3 the Australia-based logistics company announced on Twitter that it had suffered a cyber attack. "As a precautionary measure, Toll has made the decision to shut down a number of systems in response to a cyber security incident. Several Toll customer-facing applications are impacted as a result. Our immediate priority is to resume services to customers as soon as possible," Toll Group wrote on Twitter . The most recent attack occurred in May and involved a relatively new ransomware variant: Nefilim.

Marriott International

For the second time in two years, the popular hotel chain suffered a data breach . On March 31, Marriott released a statement disclosing the information of 5.2 million guests was accessed using the login credentials of two employees at a franchise property. According to the notice, the breach affected an application used by Marriott to provide guest services. "We believe this activity started in mid-January 2020," the statement said. "Upon discovery, we confirmed that the login credentials were disabled, immediately began an investigation, implemented heightened monitoring, and arranged resources to inform and assist guests." While the investigation is ongoing, Marriott said it has no reason to believe that the information included the Marriott Bonvoy account passwords or PINs, payment card information, passport information, national IDs, or driver's license numbers. However, compromised information may have involved contact details and information relating to customer loyalty accounts, but not passwords.

On May 12, the healthcare insurance giant issued a letter to victims stating it had suffered a ransomware attack. Threat actors had successfully exfiltrated logins, personal information and tax information. The scope of the attack included eight Magellan Health entities and approximately 365,000 patients may have been impacted. "On April 11, 2020, Magellan discovered it was targeted by a ransomware attack. The unauthorized actor gained access to Magellan's systems after sending a phishing email on April 6 that impersonated a Magellan client," the letter said . The company, which has over 10,000 employees, said at the time of the letter they were not aware of any fraud or misuse of any of the personal information. Phishing, a common attack vector, intensified over the year as threat actors refined their impersonation skills.

The popular social media company was breached in July by three individuals in an embarrassing incident that saw several high-profile Twitter accounts hijacked . Through a social engineering attack, later confirmed by Twitter to be phone phishing, the attackers stole employees' credentials and gained access to the company's internal management systems; dozens of high-profile accounts including those of former President Barack Obama, Amazon CEO Jeff Bezos, and Tesla and SpaceX CEO Elon Musk, were hacked. The threat actors then used the accounts to tweet out bitcoin scams that earned them over $100,000. Two weeks after the breach, the Department of Justice (DoJ) arraigned the three suspects and charged 17-year-old Graham Ivan Clark as an adult for the attack he allegedly "masterminded," according to authorities.

The navigation tech supplier suffered a cyber attack that encrypted some of its systems and forced services offline. Though Garmin first reported it as an outage, the company revealed on July 27 that it was the victim of a cyber attack which resulted in the disruption of "website functions, customer support, customer-facing applications, and company communications." The press release also stated there was no indication that any customer data was accessed, lost or stolen. Speculation rose that the incident was a ransomware attack, although Garmin never confirmed. In addition, several media outlets reported that they gave in to the attackers' demands, and a ransom had been paid . Some news outlets reported it as high as $10 million .

Clark County School District

The attack on the Clark County School District (CCSD) in Nevada revealed a new security risk: the exposure of student data. CCSD revealed it was hit by a ransomware attack on Aug. 27 which may have resulted in the theft of student data. After the district declined to pay the ransom, an update was posted saying it was aware of media reports claiming student data had been exposed on the internet as retribution. While it's unclear what information was, the threat of exposing stolen student data was a new low for threat actors and represented a shift to identity theft in attacks on schools.

Software AG

The German software giant was the victim of a double extortion attack that started on Oct. 3, which resulted in a forced shutdown of internal systems and ultimately a major data leak. Files were encrypted and stolen by operators behind the Clop ransomware. According to multiple news outlets, a $20 million ransom was demanded, which Software AG declined to pay. As a result, the ransomware gang followed through with its promise and published confidential data on a data leak site including employees' passport details, internal emails and financial information. Operators behind the Clop ransomware weren't the only group utilizing a double extortion attack. The name-and-shame tactic became increasingly common throughout 2020 and is now the standard practice for several ransomware gangs.

Vastaamo Psychotherapy Centre

The largest private psychotherapy provider in Finland confirmed it had become the victim of a data breach on October 21, where threat actors stole confidential patient records. The attack set a new precedent; rather than making demands of the organization, patients were blackmailed directly. As of last month, 25,000 criminal reports had been submitted to Finland police. In addition, the government's overall response to the incident was significant, both in urgency and sensitivity. Finland's interior minister called an emergency meeting with key cabinet members and provided emergency counseling services to potential victims of the extortion scheme.

FireEye and SolarWinds supply chain attack victims

FireEye set off a chain of events on Dec. 8 th when it disclosed that suspected nation-state hackers had breached the security vendor and obtained FireEye's red team tools . On Dec. 13, the company disclosed that the nation-state attack was the result of a massive supply chain attack on SolarWinds . FireEye dubbed the backdoor campaign "UNC2452" and said it allowed threat actors to gain access to numerous government and enterprise networks across the globe. According to a joint statement Dec. 17 by the Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency and the Office of the Director of National Intelligence, the attacks are ongoing . Additionally, the statement revealed that the supply chain attack affected more than just the Orion platform. CISA said it has "evidence that the Orion supply chain compromise is not the only initial infection vector leveraged by the APT actor." Since the statement, major tech companies such as Intel, Nvidia and Cisco disclosed they had received the malicious SolarWinds updates, though the companies said they've found no evidence that threat actors exploited the backdoors and breached their networks. However, Microsoft disclosed on Dec. 31 that threat actors infiltrated its network and viewed -- but did not alter or obtain -- the company's source code. Microsoft also said there is no evidence the breach affected customer data or the company's products and services.

The scope of the attack, the sophistication of the threat actors and the high-profile victims affected make this not only the biggest attack of 2020, but possibly of the decade. The incident also highlights the dangers of supply chain attacks and brings into question the security posture of such a large company. Threat actors, who had performed reconnaissance since March, planted a backdoor in SolarWinds' Orion platform , which was activated when customers updated the software. SolarWinds issued a security advisory about the backdoor which the vendor said affected Orion Platform versions 2019.4 HF5 through 2020.2.1, which were released between March 2020 and June 2020. "We have been advised this attack was likely conducted by an outside nation-state and intended to be a narrow, extremely targeted and manually executed attack, as opposed to a broad, system-wide attack," the company said. In the three-week-long investigation since, the full breadth of the attack has grown immensely, but is still not yet fully understood.

6 common types of cyber attacks and how to prevent them

How to ensure cybersecurity when employees work remotely

How to perform a cybersecurity risk assessment, step by step

SolarWinds hack explained: Everything you need to know

Related Resources

Demystifying the myths of public cloud computing –TechTarget ComputerWeekly.com
Towards an Autonomous Vehicle Enabled Society: Cyber Attacks and Countermeasures –TechTarget ComputerWeekly.com
Create Secure Digital Experiences Across Hybrid Environments –Ironside Group
Simplify Threat Detection And Response With IBM Security ReaQta And Logicalis –Logicalis

Dig Deeper on Threats and vulnerabilities

Ransomware preparedness kicks off 2024 summit series

cyber attack

At the gates – How to survive the era of cyber insecurity

7 essential goal achievement tips for project managers

This introduction explores eight network devices that are commonly used within enterprise network infrastructures, including ...

Organizations should create comprehensive work-from-home reimbursement plans that drive better network and internet connectivity ...

Experts at the Cisco Live 2024 conference discussed the future of AI in networks and how its use can help simplify network and ...

Businesses of the future will rely on workers with IT skills even more than they do today. Find out which jobs might be most in ...

Get guidance on how relevant cloud compliance standards are developed and tips on evaluating third-party providers' cloud ...

The Biden administration's regulatory efforts have defined the U.S. approach to climate over the last four years. That could ...

As Microsoft prods its customers toward Windows 11, organizations should be asking what their approach to the new OS will be and ...

These 12 tools approach patching from different perspectives. Understanding their various approaches can help you find the right ...

Windows 10 end of support is a critical date for administrators to know about. While the simplest option is to move to Windows 11...

CIOs are taking a hard look at the VMware portfolio, weighing the potential benefits of Broadcom's changes and deciding whether ...

Building AI apps in the cloud requires you to pay more attention to your cloud workload management because of how AI impacts ...

While cloud-first gained popularity for its scalability and cost efficiency, the hybrid-first approach acknowledges that not all ...

Island telco makes next step in progress of installing 5G using Ericsson’s advanced telecoms solutions and software services, ...

Contract awarded for the deployment of cross-Scotland software-defined wide area network designed to ensure efficient, secure and...

IT expert used by Post Office to give evidence supporting prosecutions of subpostmasters did not understand legal duties he was ...

Thank you for visiting nature.com. You are using a browser version with limited support for CSS. To obtain the best experience, we recommend you use a more up to date browser (or turn off compatibility mode in Internet Explorer). In the meantime, to ensure continued support, we are displaying the site without styles and JavaScript.

View all journals
Explore content
About the journal
Publish with us
Sign up for alerts
Open access
Published: 23 February 2023

Exploring the global geography of cybercrime and its driving forces

Shuai Chen ORCID: orcid.org/0000-0003-3623-1532 1 , 2 ,
Mengmeng Hao ORCID: orcid.org/0000-0001-5086-6441 1 , 2 ,
Fangyu Ding ORCID: orcid.org/0000-0003-1821-531X 1 , 2 ,
Dong Jiang 1 , 2 ,
Jiping Dong 1 , 2 ,
Shize Zhang 3 ,
Qiquan Guo 1 &
Chundong Gao 4

Humanities and Social Sciences Communications volume 10 , Article number: 71 ( 2023 ) Cite this article

12k Accesses

11 Citations

1 Altmetric

Metrics details

Criminology
Science, technology and society

Cybercrime is wreaking havoc on the global economy, national security, social stability, and individual interests. The current efforts to mitigate cybercrime threats are primarily focused on technical measures. This study considers cybercrime as a social phenomenon and constructs a theoretical framework that integrates the social, economic, political, technological, and cybersecurity factors that influence cybercrime. The FireHOL IP blocklist, a novel cybersecurity data set, is used to map worldwide subnational cybercrimes. Generalised linear models (GLMs) are used to identify the primary factors influencing cybercrime, whereas structural equation modelling (SEM) is used to estimate the direct and indirect effects of various factors on cybercrime. The GLM results suggest that the inclusion of a broad set of socioeconomic factors can significantly improve the model’s explanatory power, and cybercrime is closely associated with socioeconomic development, while their effects on cybercrime differ by income level. Additionally, results from SEM further reveals the causal relationships between cybercrime and numerous contextual factors, demonstrating that technological factors serve as a mediator between socioeconomic conditions and cybercrime.

Rethinking the environmental Kuznets curve hypothesis across 214 countries: the impacts of 12 economic, institutional, technological, resource, and social factors

The Subnational Corruption Database: Grand and petty corruption in 1,473 regions of 178 countries, 1995–2022

Exposure to untrustworthy websites in the 2020 US election

Introduction.

Cybercrime is a broad term used by government, businesses, and the general public to account for a variety of criminal activities and harmful behaviours involving the adoption of computers, the internet, or other forms of information communications technologies (ICTs) (Wall, 2007 ). As an emerging social phenomenon in the information age, cybercrime has aroused growing concern around the world due to its high destructiveness and widespread influence. In 2017, the WannaCry ransomware attack affected more than 230,000 computers across 150 countries, resulting in economic losses of more than 4 billion dollars and posing a serious danger to the global education, government, finance, and healthcare sectors (Ghafur et al., 2019 ; Castillo and Falzon, 2018 ; Mohurle and Patil, 2017 ). Although there is currently no precise and universally accepted definition of cybercrime (Phillips et al., 2022 ; Holt and Bossler, 2014 ), it is generally acknowledged that the term covers both traditional crimes that are facilitated or amplified by utilising ICTs as well as new types of crimes that emerged with the advent of ICTs (Ho and Luong, 2022 ). Based on the role of technology in the commission of the crime, the most widely utilised typology divides cybercrime into cyber-dependent crime (such as hacking, distributed denial of service, and malware) and cyber-enabled crime (online fraud, digital piracy, cyberbullying) (Brenner, 2013 ; Sarre et al., 2018 ; McGuire and Dowling, 2013 ). Along with the rapid development of ICTs and the increasing prevalence of the internet, these criminal activities are significantly disrupting the global economy, national security, social stability, and individual interests. Although it is difficult to estimate the precise financial cost of cybercrime (Anderson et al., 2013 ; Anderson et al., 2019 ), statistical evidence from governments and industries indicates that the economic losses caused by cybercrime are extremely enormous and are still rising rapidly (McAfee, 2021 ).

Cybercrime is complicated in nature and involves many disciplines, including criminology, computer science, psychology, sociology, economics, geography, political science, and law, among others (Holt, 2017 ; Dupont and Holt, 2022 ; Payne, 2020 ). Computer science and cybersecurity efforts are primarily focused on applying technical approaches such as Intrusion Detection Systems (IDSs), Intrusion Prevention Systems (IPSs), firewalls, and anti-virus software to mitigate cyberattack threats (Kumar and Carley, 2016 ; Walters, 2015 ). These methods may help to some extent lessen the adverse impacts of cybercrime on both organisations and individuals. However, these technical solutions are largely unaware of the human and contextual factors that contribute to the issues, providing only reactive solutions, and are unable to keep up with the rapidly evolving modus operandi and emerging technologies (Clough, 2015 ; Neal, 2014 ). It is suggested that cybercrime is a complex social phenomenon driven by the compound interactions of underlying socioeconomic factors. Human and social factors play a substantial role in the formation of cybercrime agglomerations (Waldrop, 2016 ; Watters et al., 2012 ; Leukfeldt and Holt, 2019 ). They are also important aspects of cybercrime prevention and control (Dupont and Holt, 2022 ). The human factors influencing cybercrime have been the subject of an expanding body of sociological and psychological study in recent years. These studies, which covered cyberbullying, online harassment, identity theft, online fraud, malware infection, phishing, and other types of cybercrime, generally applied traditional criminological and psychological theories, such as routine activities theory, lifestyle-routine activities theory, self-control theory, and general strain theory, to explain the victimisation and offending of various cybercrimes (Bergmann et al., 2018 ; Mikkola et al., 2020 ; Ngo and Paternoster, 2011 ; Pratt et al., 2010 ; Williams, 2016 ). Results from these studies suggested that by altering criminal motivations and opportunity structures, individual factors (i.e., age, gender, ethnicity, education, socioeconomic status, and self-control) and situational factors (online activities, time spent online, risk exposure, deviant behaviours) may have an impact on cybercrime offence and victimisation. These findings advanced our knowledge in understanding the impact of technology on criminal behaviours, factors affecting the risk of cyber victimisation, and the applicability of traditional criminological theories to cybercrime (Holt and Bossler, 2014 ).

Cybercrime is a highly geographical phenomenon on a macro-level scale, with some countries accounting for a disproportionate amount of cybercrimes (Kigerl, 2012 ; Kigerl, 2016 ). This spatial heterogeneity is closely related to specific socioeconomic contexts (Kshetri, 2010 ). Academic efforts have been made to identify the clusters of high cybercrime countries and to explain the potential socioeconomic factors that led to the formation of these clusters. For example, Mezzour, Carley, and Carley ( 2014 ) found that Eastern European countries hosted a greater number of attacking computers due to their superior computing infrastructure and high levels of corruption. Similarly, Kumar and Carley ( 2016 ) found that higher levels of corruption and large internet bandwidth would favour attack origination. They also noted that countries with the greater gross domestic product (GDP) per capita and better ICT infrastructure were targeted more frequently. Meanwhile, Srivastava et al. ( 2020 ) pointed out that countries with better technology and economic capital were more likely to become the origins of cybercrime, but countries with better cybersecurity preparedness may reduce the frequency of the cybercrime originating within them. Moreover, Holt, Burruss, and Bossler ( 2018 ) suggested that nations with better technological infrastructure, greater political freedom, and fewer organised crime were more likely to report malware infections, while Overvest and Straathof ( 2015 ) suggested that the number of internet users, bandwidth, and economic ties were significantly related to cyberattack origin. Kigerl ( 2012 ) found that a higher unemployment rate and more internet users were linked to an increase in spam activities. However, these studies have tended to utilise a restricted range of predictor variables and only included certain aspects of cybercrime. Besides, most of the studies have been conducted at the national level, which could potentially hide many disparities within countries.

In this work, we construct a conceptual model to better represent the context from which cybercrime emerges, which is applied as a framework to analyse the underlying socioeconomic driving forces. A novel cybersecurity data set, the FireHOL IP blocklist, is adopted as a proxy to reflect the levels of cybercriminal activities within different areas. A set of social, economic, political, technological, and cybersecurity indicators is used as explanatory variables. Generalised linear models (GLMs) are used to quantify the effect of each factor on cybercrime, while structural equation modelling (SEM) is used to estimate the complex interactions among various factors and their direct and indirect effects on cybercrime.

Conceptual framework

We propose a conceptual framework for examining the driving forces of cybercrime by reviewing existing empirical literature and integrating different criminological theories. The conceptual framework includes five interrelated components: the social, economic, political, technological, and cybersecurity factors. The potential pathways by which each component may directly or indirectly influence cybercrime are illustrated in Fig. 1 .

The solid line indicates a direct effect, and a dashed line indicates indirect effect. H1–H5 refer to the five hypotheses, “+” indicates a positive effect, and “−” indicates a negative effect.

The social and economic factors depict the level of regional development, serving as the fundamental context in which cybercrime emerges. Given the intrinsic technological nature of cybercrime, global urbanisation, and the information technology revolution have promoted global connectivity and created unprecedented conditions and opportunities for cybercrime (UNODC, 2013 ). From the perspective of general strain theory, poverty, unemployment, income inequality, and other social disorders that are accompanied by social transformations could lead to cultures of materialism and stimulate motivations of cybercrime for illegal gains (Meke, 2012 ; Onuora et al., 2017 ). On the other hand, economically developed regions generally have superior ICT infrastructure, which can provide convenient and low-cost conditions for cybercriminals to commit crimes. High educational attainment is also likely to be associated with cybercrime, given that cybercrime usually requires some level of computer skills and IT knowledge (Holt and Schell, 2011 ; Asal et al., 2016 ). In general, better socioeconomic conditions are associated with more cybercriminal activities, which leads us to develop the first two hypotheses:

H1: Social factor is positively associated with cybercrime .

H2: Economic factor is positively associated with cybercrime .

The influence of political factors on cybercrime is mainly reflected in the regulation and intervention measures of governments in preventing and controlling cybercrime, such as legal system construction, government efficiency, control of corruption, and political stability. The offender’s decision to engage in illegal activity is a function of the expected probability of being arrested and convicted and the expected penalty if convicted (Ehrlich, 1996 ). As with traditional crimes, the lack of efficient social control and punishment mechanism will breed criminal behaviours. The deterrent effect of the legislation makes cybercriminals have to consider the consequences they need to bear. While the virtual and transnational nature of cyberspace makes it easier for perpetrators to avoid punishment, cybercrime can be deterred to some extent by increasing the severity of punishment and international law enforcement cooperation (Hall et al., 2020 ). On the other side, cybercriminals could seek protection through corrupt connections with the local institutional environment, which would weaken law enforcement operations and encourage cybercriminal activities (Hall et al., 2020 ; Lusthaus and Varese, 2021 ; Sutanrikulu et al., 2020 ). For instance, corruption in law enforcement authorities makes it hard for cybercriminals to be punished, while corruption in network operators or internet service providers (ISPs) makes it easier for cybercriminals to apply for malicious domain names or register fake websites. Some studies have shown that areas with high levels of corruption usually have more cybercriminal activities (Mezzour et al., 2014 ; Watters et al., 2012 ). Cybercrimes are typically attributed to political corruption, ineffective governance, institutional weakness, and weak rule of law across West Africa and East Europe (Asal et al., 2016 ). Therefore, we propose that:

H3: Political factor is negatively associated with cybercrime .

The technological environment, which is composed of communication conditions and underlying physical ICT infrastructure, serves as an essential medium through which cybercrime is committed. According to the rational choice theory, crime is the result of an individual’s rational consideration of the expected costs and benefits attached to their criminal activity (Mandelcorn et al., 2013 ; Brewer et al., 2019 ). Better internet infrastructure, greater internet penetration, and faster connection could facilitate cybercrimes by reducing crime costs, expanding opportunities, and increasing potential benefits. For example, in a majority of spam and DDoS attacks, cybercriminals often carry out large-scale coordinated attacks by sending remote commands to a set of compromised computers (also known as botnets). High-performance computers and high-bandwidth connectivity such as university, corporate, and government servers allow for more efficient attacks and could expand the scope of cybercrime, making them preferred by cybercriminals (Hoque et al., 2015 ; Van Eeten et al., 2010 ; Eslahi et al., 2012 ). We thus hypothesise that:

H4: Technological factor is positively related to cybercrime .

Cybersecurity preparedness reflects the capabilities and commitment of a country to prevent and combat cybercrime. According to the International Telecommunication Union (ITU), cybersecurity preparedness involves the legal, technical, organisation, capacity, and cooperation aspects (Bruggemann et al., 2022 ). Legal measures such as laws and regulations define what constitutes cybercrime and specify necessary procedures in the investigation, prosecution, and sanction of cybercrime, providing a basis for other measures. Technical measures refer to the technical capabilities to cope with cybersecurity risks and build cybersecurity resilience through national institutions and frameworks such as the Computer Incident Response Teams (CIRTs) or Computer Emergency Response Teams (CERTs). Organisation measures refer to the comprehensive strategies, policies, organisations, and coordination mechanisms for cybersecurity development. Capacity development reflects the research and development, awareness campaigns, training and education, and certified professionals and public agencies for cybersecurity capacity building. Cooperation measures refer to the collaboration and information sharing at the national, regional, and international levels, which is essential in addressing cybersecurity issues given the transnational nature of cybercrime. According to the general deterrence theory and routine activity theory of criminology (Leukfeldt and Holt, 2019 ; Hutchings and Hayes, 2009 ; Lianos and McGrath, 2018 ), cybersecurity preparedness serves as a deterrent or a guardianship of cybercrime. It is crucial in defending a country from external cybercrime as well as reducing cybercrime originating from within. Therefore, we hypothesise that:

H5: Cybersecurity preparedness is negatively associated with cybercrime .

The five hypotheses proposed in the conceptual model (Fig. 1 ) outline the direct effects of various contextual drivers on cybercrime. The social, economic, political, technological, and cybersecurity factors may interact in other ways, which could also have an indirect impact on cybercrime. Then, using a combination of two statistical methods and a set of explanatory covariates, we test the hypothesised pathways.

Cybercrime data

It is commonly acknowledged among cybercrime scholars that the lack of standardised legal definitions of cybercrime and valid, reliable official statistics makes it difficult to estimate the prevalence or incidence of cybercrime around the world (Holt and Bossler, 2015 ). Although in some countries, law enforcement agencies do collect data on cybercrime (e.g., police data and court judgement), there are inevitable under-reporting and under-recording issues with these official data (Holt and Bossler, 2015 ; Howell and Burruss, 2020 ). This has prompted some researchers to use alternative data sources to measure cybercrime, including social media, online forums, emails, and cybersecurity companies (Holt and Bossler, 2015 ). Among these data sources, technical data such as spam emails, honeypots, IDS/IPS or firewall logs, malicious domains/URLs, and IP addresses are often used as proxies for different aspects of cybercrime (Amin et al., 2021 ; Garg et al., 2013 ; Kigerl, 2012 ; Kigerl, 2016 ; Kigerl, 2021 ; Mezzour et al., 2014 ; Srivastava et al., 2020 ; Kshetri, 2010 ), accounting for a large proportion in the literature of macro-level cybercrime research. However, due to the anonymity and virtuality of cyberspace, cybercriminals are not restrained by national boundaries and could utilise compromised computers distributed around the world as a platform to commit cybercrime. Meanwhile, IP addresses can be faked or spoofed by using technologies such as proxy servers, anonymity networks, and virtual private networks (VPNs) to hide the true identity and location of cybercriminals (Holt and Bossler, 2015 ; Leukfeldt and Holt, 2019 ). As a result, the attribution of cybercriminal becomes extremely challenging and requires a high level of expertise and coordination from law enforcement agencies and cybersecurity teams (Lusthaus et al., 2020 ). Therefore, instead of capturing where cybercriminals reside in physical space, most studies using these technical data are measuring the possible locations where the cyberattacks or cybercrimes originate, even if part of them could be locations where cybercriminals choose to host their botnets or spam servers. Though there is partial support that certain types of cyberattacks originate from physically proximate IP addresses (Maimon et al., 2015 ), more elaborate and comprehensive research is lacking.

In this study, we used a novel cybersecurity data set, the IP addresses from FireHOL blocklist (FireHOL, 2021 ), as a proxy to measure cybercrime. The FireHOL IP blocklist is a composition of multiple sources of illegitimate or malicious IP addresses, which can be used on computer systems (i.e., servers, routers, and firewalls) to block access from and to these IPs. These IPs are related to certain types of cybercrime activities, including abuse, attacks, botnets, malware, command and control, and spam. We adopt FireHOL level 1 blocklist, which consists of ~2900 subnets and over 600 million unique IPs, with a minimum of false positives. The anonymous IPs, which are used by other parties to hide their true identities, such as open proxies, VPN providers, etc., were excluded from the analysis. Next, we applied an open-source IP geolocation database, IP2Location™ Lite, to map these unique IP addresses in specific geographic locations in the form of country/region/city and longitude/altitude pair. The location accuracy of the IP geolocation is high at the national and regional levels, with ~98% accuracy at the country level and 60% at the city level. In order to reduce uncertainty, we focused on the analysis at the state/region level. At last, we calculated the counts of unique IPs located within each subnational area to measure the global distribution of cybercrimes.

Although FireHOL IP blocklist has the same restrictions as other technical data, it was used in this study for several reasons. The basic function of IP addresses in the modern internet makes it an indispensable element in different phases of cybercrime, it is also the key ingredient of cybercrime attribution and digital evidence collection. As a result, an IP-based firewall is one of the most effective and commonly used preventive measures for cybersecurity defence. FireHOL IP blocklist has the advantage of global coverage and includes different cybercrime types. It dynamically collects cybercrime IPs from multiple sources around the world. Although it is difficult to determine whether the IPs in the blocklist are the real sources of cybercrime or come from infected machines, it does reflect the geographical distribution of the malicious IPs that are related to certain cybercrime activities. Besides, it provides a more fine-grained estimate of the subnational cybercrime geography than country-level statistics.

Explanatory variables

We adopted a broad set of explanatory variables to characterise the social, economic, political, technological, and cybersecurity conditions based on the conceptual model presented above (Fig. 1 ). The social environment is represented by population, the population aged 15–64, education index, nighttime light index, and human development index (HDI); The economic condition is measured by income index, GDP growth, Gini index, unemployment (% of the total labour force) and poverty rate; The political environment is measure by 5 dimensions of the World Governance Indicators (WGI), including control of corruption, government effectiveness, rule of law, political stability and absence of violence/terrorism, voice and accountability. The technological environment is reflected by the internet infrastructure (the number of internet data centres and internet exchange centres), internet users (% of the population), international bandwidth (per internet user), secure internet server (per 1 million people), and fixed broadband subscriptions (per 100 people). Moreover, we applied the five dimensions of the Global Cybersecurity Index (GCI) to assess the level of commitment among various nations to cybersecurity, including legal measures, technical measures, organisational measures, capacity development measures, cooperation measures, and one overall cybersecurity index (the sum of the 5 measures above). Population, income index, education index, HDI, nighttime light, and infrastructure data are collected at the subnational administrative level, while other variables are derived at the country level. Log transformations (base 10) were used to improve normality for variables with skewed distributions, including population, nighttime light, infrastructure, fixed broadband, secure internet server, and bandwidth. All variables were normalised for further analysis.

Generalised linear models (GLMs)

In this study, GLMs were used to assess the potential influence of various explanatory variables on cybercrime and to identify the most important factors. A GLM is an extension of a regular regression model that includes nonnormal response distributions and modelling functions (Faraway, 2016 ). GLM analyses were conducted at two scales: the global scale and the income group scale. All GLMs were built in R version 4.1.2 using the “glm” function of the “stats” package (R, Core Team, 2013 ), and a gaussian distribution is used as the link function. The Akaike information criterion (AIC), the determination coefficient ( R 2 ), and the significance level of the predictors ( p -value) are used to evaluate GLMs. The model with the lowest AIC and highest R 2 value is chosen as the optimal model. Variance inflation factors (VIFs) were calculated using the “car” package (Fox et al., 2012 ) to test for collinearity between quantitative explanatory variables prior to the GLM analysis. Variables with a VIF value greater than 10 (VIF > 10) were regarded as collinearity generators and were therefore excluded from further analysis. The relative contribution and coefficients of each GLM were plotted using the “GGally” package.

Structural equation modelling (SEM)

SEM was used to examine the causal relationships within the networks of interacting factors, thereby distinguishing the direct from indirect drivers of cybercrime. SEM is a powerful, multivariate technique found increasingly in scientific investigations to test and evaluate multivariate causal relationships (Fan et al., 2016 ). SEM differs from other modelling approaches in that it tests both the direct and indirect effects on pre-assumed causal relationships. The following fit indices were considered to evaluate model adequacy: (a) root mean square error of approximation (RMSEA), which is a “badness of fit” index in which 0 indicates a perfect fit while higher values indicate a lack of fit; (b) standardised root mean square residual (SRMR), which is similar to RMSEA and should be less than 0.09 for good model fit; (c) comparative fit index (CFI), which represents the amount of variance that has been accounted for in a covariance matrix ranging from 0.0 to 1.0, with a higher CFI value indicating better model fit; (d) Tucker–Lewis index (TLI), which is a non-normed fit index (NNFI) that proposes a fit index independent of sample size. In this study, SEM analysis was conducted using AMOS (Arbuckle, 2011 ).

Spatial distribution of cybercrime IPs

We mapped the subnational distribution of cybercrime IPs globally, which reveals significant spatial variability (see Fig. 2 ). On a global scale, most cybercrime IPs were located in North America, Central and Eastern Europe, East Asia, India, and eastern Australia. Meanwhile, areas with low numbers of cybercrime IPs were primarily found in large parts of Africa except for South Africa, western and northern parts of South America, Central America, some regions of the Middle East, southern parts of Central Asia, and some regions of Southeast Asia. On a continental scale, we found that the number of cybercrime IPs increased gradually from Africa to Europe. The two continents with the most cybercrime IPs were North America and Europe, with North America showing more variations. This trend seems to be closely associated with the regional socioeconomic development level. To further investigate this relationship, we grouped the subnational regions by income level according to the World Bank classification rules. We found a more evident pattern, with high-income regions hosting the majority of cybercrime IPs and lower-middle-income regions hosting the least.

a Number of cybercrime IPs at the subnational level. b Log-transformed cybercrime IP count by continent: Africa (AF), Asia/Oceania (AS/OC), South America (SA), North America (NA) and Europe (EU). c Log-transformed cybercrime IP count by income group: low-income (LI), lower-middle-income (LMI), upper-middle-income (UMI) and high-income (HI) groups. The centre line, boxes, and whiskers show the means, 1 standard error (SE), and 95% confidence interval (CI), respectively.

Major factors influencing cybercrime

GLMs were built based on the 5 categories of 26 representative influential variables identified in the conceptual framework. After excluding 8 collinear variables (i.e., government effectiveness, rule of law, HDI, and 5 cybersecurity measures) and 7 nonsignificant variables (GDP growth, unemployment, poverty, political stability, voice and accountability, bandwidth, and internet users), the global scale GLM model includes 11 variables with an R 2 value of 0.82. Figure 3 shows the relative contribution of each predictor variable to the model. Globally, the social and technological factors contribute most to the model, with relative contribution rates of 53.4% and 30.1%, respectively. Infrastructure alone explains up to 18.1% of the model variance in cybercrimes ( R 2 to 0.504). However, the inclusion of the population and education index improves the explanation of model variance by 18.3% and 28.5%, respectively ( R 2 to 0.596 and 0.766). This is also the case with GLMs of different income groups, indicating that despite the main effects of technological factors, the inclusion of a broad set of socioeconomic factors significantly improves the accuracy of models that attempt to quantify the driving forces of cybercrime.

Relative contribution of predictor variables to cybercrime.

When assessed by income group, we noted that although the social and technological factors were the most important factors in explaining cybercrime, the contribution of each variable varies by income group. For example, the contribution of the income index decreases gradually from low-income regions to wealthier regions, while the Gini index is more significant in upper-middle regions and high-income regions than in low-income regions and lower-middle-income regions. Fixed broadband subscriptions contributed the most in low-income regions and the least in high-income regions. Additionally, cybersecurity preparedness has a greater influence on low-income and lower-middle-income regions.

Estimated effect of factors on cybercrime

The coefficient values in Fig. 4 represent effect sizes from the GLMs for the relationship between cybercrime and the five categories of contextual factors. At the global scale, cybercrime is positively correlated with social, economic, and technological factors, suggesting that most cybercrimes are launched in regions with a higher population, higher urbanisation, better educational and economic conditions, and, most importantly, improved internet infrastructure and communication conditions. By contrast, cybercrime is negatively related to political and cybersecurity factors, indicating that the control of corruption and the commitment to cybersecurity show certain inhibitory effects on cybercrime.

The coefficient values are represented as dots, significant variables are represented as filled dots, nonsignificant variables are represented as hollow dots, and bars represent 95% CIs.

From the perspective of income groups, the ways contextual factors affect cybercrime remain basically consistent with the global results, but subtle differences are observed. In low-income countries, the influence of the income index on cybercrime is the strongest, and cybercrime is significantly associated with a higher income index, higher education index, better infrastructure, and higher fixed broadband subscriptions. This pattern may indicate that in low-income countries, wealthier areas tend to have more cybercrimes due to the existence of better communication conditions in these areas. However, in high-income countries, where the internet is universally available, the roles of income index and fixed broadband subscriptions gradually weaken. In contrast, the effects of the Gini index and education are stronger in wealthier countries, indicating that economic inequality and education in these countries can be important drivers of cybercrime. Moreover, the control of corruption is negatively related to cybercrime in lower-middle, upper-middle, and high-income regions.

Pathways of factors for cybercrime

To understand the intricate interactions among different predictors, we perform SEM based on the conceptual model. The SEM model is composed of five latent variables, representing the social, economic, political, technological, and cybersecurity context, and each latent variable has five components reflected by the explanatory variables. Overall SEM fit is assessed, showing a good fit (CFI = 0.917, TLI = 0.899, SRMR = 0.058). SEM confirms many of the hypotheses in the conceptual model, and all relationships are statistically significant. Fig. 5 shows the results of SEM.

Black arrows indicate a positive effect, red arrows indicate a negative effect, and values on the straight arrows between variables represent the standardised path coefficients.

According to the SEM, all the hypotheses are tested and supported. Specifically, social, economic, and technological factors have direct positive effects on cybercrime (standardised path coefficients of direct effect are 0.03, 0.10, and 0.61, respectively), indicating that when social, economic, and technological factors go up by 1 standard deviation, cybercrime goes up by 0.03, 0.10, and 0.61 standard deviations, respectively. By contrast, the political and cybersecurity factors have direct negative effects on cybercrime (standardised path coefficients of direct effect are −0.22 and −0.07, respectively), indicating that 1 standard deviation rise in political and cybersecurity factors are associated with 0.22 and 0.07 standard deviations decrease of cybercrime, respectively. It is worth noting that although the direct effects of social and economic factors on cybercrimes are relatively small, their indirect effects on cybercrime through the mediation of technological and political factors are non-negligible.

In sum, SEM quantifies the direct and indirect effects of social, economic, political, technological, and cybersecurity factors on cybercrime, consistent with the hypotheses outlined in the conceptual model. More importantly, the results suggest that even though cybercrimes are primarily determined by technological factors, the direct and indirect effects of underlying social, economic, political, and cybersecurity also play significant roles. This suggests that the technological factor is a necessary but not sufficient condition for the occurrence of cybercrime.

In the current study, we mapped the global subnational distribution of cybercrimes based on a novel cybersecurity data set, the FireHOL IP blocklist. Given the widespread difficulty in obtaining cybercrime data, the data sources used in this study could provide an alternative measure of the subnational cybercrime level on a global scale. Compared to country-level studies (Amin et al., 2021 ; Garg et al., 2013 ; Goel and Nelson, 2009 ; Solano and Peinado, 2017 ; Sutanrikulu et al., 2020 ), the results present a more fine-grained view of the spatial distribution of cybercrime. The map reveals high spatial variability of cybercrime between and within countries, which appears to be closely related to local socioeconomic development status.

To recognise the driving forces behind cybercrime, we proposed a theoretical framework that encompasses the social, economic, political, technological, and cybersecurity factors influencing cybercrime, drawing on existing theoretical and empirical research. On this basis, we used GLMs to identify the major factors and their contributions to cybercrime and SEM to quantify the direct and indirect effects of these driving forces. The GLM results show that using technological factors alone as explanatory variables is insufficient to account for cybercrime, and the inclusion of a broad suite of social, economic, political, technological, and cybersecurity factors can remarkably improve model performance. Global scale modelling indicates that cybercrime is closely associated with socioeconomic and internet development, as developed regions have more available computers and better communication conditions that facilitate the implementation of cybercrime. Some studies have argued that wealthier areas might have fewer incentives for cybercrime, while poorer areas could benefit more from cybercrime activities (Ki et al., 2006 ; Kigerl, 2012 ; Kshetri, 2010 ). However, our study shows that the technological factors constituted by the internet infrastructure and communication conditions are necessary for the production of cybercrime, rendering wealthier areas more convenient for committing cybercrime.

Meanwhile, the GLMs of the 4 income groups demonstrate important differential impacts of the explanatory variables on cybercrime. For example, in low-income countries, where the overall internet penetration rate is low, cybercrime originates mainly in more developed areas with better internet infrastructure, higher internet penetration, and higher education levels. A typical example is the “Yahoo Boys” in Nigeria, referring to young Nigerians engaged in cyber fraud through Yahoo mail, mostly well-educated undergraduates with digital skills (Lazarus and Okolorie, 2019 ). A range of factors, such as a high rate of unemployment, a lack of legitimate economic opportunities, a prevalence of cybercrime subculture, a lack of strong cybercrime laws, and a high level of corruption, have motivated them to obtain illegal wealth through cybercrime. In contrast, cybercrime in high-income regions originates in areas with a high Gini index and a high education level. One possible explanation for this finding may be that well-educated individuals who live in countries with a high Gini index are paid less for their skills than their counterparts, which motivates them to engage in cybercrimes to improve their lives.

Encouragingly, both the GLM and SEM results suggest that political factors and cybersecurity preparedness can mitigate the incidence of cybercrime to some extent, in agreement with the hypotheses. Though previous country-level studies suggest that countries facing more cybersecurity threats tend to have a high level of cybersecurity preparedness (Makridis and Smeets, 2019 ; Calderaro and Craig, 2020 ), our results indicate that cybersecurity preparedness could in turn reduce cybercrimes that originate from a country. This emphasises the importance of government intervention and cybersecurity capacity building. The necessary intervening measures may include the enactment and enforcement of laws, regulation of telecommunication operators and internet service providers (ISPs), strengthening of strike force by security and judicial departments, and improvement of cybersecurity capacity. Given the interconnectedness of cyberspace and the borderless nature of cybercrime, it must be recognised that cybersecurity is not a problem that can be solved by any single country. Thus, enhancing international cooperation in legal, technical, organisational, and capacity aspects of cybersecurity becomes an essential way to tackle cybersecurity challenges.

As presented through SEM, technological factors are closely associated with the development of socioeconomic development and serve as a mediator between socio-economic conditions and cybercrime. In the past decades, ICTs have developed unevenly across different parts of the world due to a range of geographic, socioeconomic, and demographic factors, which has led to the global digital divide (Pick and Azari, 2008 ). The disparities in internet access in different regions have largely determined the spatial patterns of cybercrime. Currently, developing countries (especially those within Asia, Africa, and Latin America) are the fastest-growing regions in terms of ICT infrastructure and internet penetration (Pandita, 2017 ). However, even in developed countries, the progress of technological innovation has outpaced the establishment of legal regulations, national institutions and frameworks, policies and strategies, and other mechanisms that could help manage the new challenges (Bastion and Mukku, 2020 ). Many developing countries are facing difficulties in combating cybercrime due to a lack of adequate financial and human resources, legal and regulatory frameworks, and technical and institutional capacities, providing a fertile ground for cybercrime activities. In this vein, it is extremely urgent and necessary to enhance the cybersecurity capacities of developing countries and engage them in the international cooperation of cybersecurity, ensuring that they can maximize the socio-economic benefits of technological development instead of being harmed by it.

Cybercrime is a sophisticated social phenomenon rooted in deep and comprehensive geographical and socioeconomic causes. This study offers an alternative perspective in solving cybersecurity problems instead of pure technical measures. We believe that improvements in cybersecurity require not only technological, legal, regulatory, and policing measures but also broader approaches that address the underlying social, economic, and political issues that influence cybercrime. While the results presented in this study are preliminary, we hope that this work will provide an extensible framework that can be expanded for future studies to investigate the driving forces of cybercrime.

However, our study has several limitations due to the disadvantages of data. First and foremost, the geo-localisation of cybercrimes or cybercriminals remains a major challenge for cybercrime research. Although the FireHOL IP blocklist has the potential to measure global cybercrime at a high spatial resolution, IP-based measures may not accurately capture the true locations of cybercriminals, as they may simply exploit places with better ICT infrastructure. Therefore, caution should be exercised in interpreting the associations between cybercrime and socioeconomic factors. Future studies combining survey data, police and court judgement data, and cybercrime attribution techniques are needed to further validate the accuracy and validity of IP-based technical data in measuring the geography of cybercrime and gain a deeper understanding of the driving forces of cybercrime. Besides, COVID-19 has greatly changed the way we live and work, and many studies have suggested that the pandemic has increased the frequency of cybercrimes within the context of economic recession, high unemployment, accelerated digital transformation, and unprecedented uncertainty (Lallie et al., 2021 ; Eian et al., 2020 ; Pranggono and Arabo, 2021 ). Unfortunately, the blocklist data cannot well capture this dynamic due to a lack of temporal attributes. Furthermore, different types of cybercrime can be influenced by different mechanisms. We use the total amount of all types of cybercrime IPs instead of looking into a specific type of cybercrime, given that such segmentation may result in data sparsity for some groups. Future studies are needed to determine how different categories of cybercrimes are affected by socioeconomic factors. At last, micro-level individual and behaviour characteristics and more fine-grained explanatory variables should be included to better understand cybercrime.

Data availability

The FireHOL IP lists data are publicly available at the FireHOL website ( https://iplists.firehol.org/ and https://github.com/firehol/blocklist-ipsets ); population, education index, income index, HDI, and subnational regions data are available from Global Data Lab ( https://globaldatalab.org ); nighttime light data are available from the Earth Observation Group ( https://eogdata.mines.edu/download_dnb_composites.html ); Population aged 15–64, Gini index, GDP growth, unemployment, poverty rate, control of corruption, government effectiveness, rule of law, political stability and absence of violence/terrorism, and voice and accountability, are obtained from World Bank ( https://databank.worldbank.org/home.aspx ), the internet users, international bandwidth, secure internet server, and fixed broadband subscriptions are available from International Telecommunication Union (ITU) ( https://www.itu.int/itu-d/sites/statistics ); the internet infrastructure are collected from TeleGeography ( https://www.internetexchangemap.com ) and the World Data Centers Database ( https://datacente.rs ); the legal measures, technical measures, organisational measures, capacity development, cooperation measures and overall cybersecurity index were obtained from the Global Cybersecurity Index (GCI) of the ITU ( https://www.itu.int/en/ITU-D/Cybersecurity/Pages/global-cybersecurity-index.aspx ).

Amin RW, Sevil HE, Kocak S, Francia G, Hoover P (2021) The spatial analysis of the malicious uniform resource locators (URLs): 2016 dataset case study. Information 12(1):2

Article Google Scholar

Anderson R, Barton C, Böhme R, Clayton R, Van Eeten MJ, Levi M, Moore T, Savage S (2013) Measuring the cost of cybercrime. In: The economics of information security and privacy. Springer, pp. 265–300

Anderson R, Barton C, Bölme R, Clayton R, Ganán C, Grasso T, Levi M, Moore T, Vasek M (2019) Measuring the changing cost of cybercrime. The 18th Annual Workshop on the Economics of Information Security. https://doi.org/10.17863/CAM.41598

Arbuckle JL (2011) IBM SPSS Amos 20 user’s guide. Amos Development Corporation, SPSS Inc. pp. 226–229

Asal V, Mauslein J, Murdie A, Young J, Cousins K, Bronk C (2016) Repression, education, and politically motivated cyberattacks. J Glob Secur Stud 1(3):235–247

Bastion G, Mukku S (2020) Data and the global south: key issues for inclusive digital development. https://doi.org/10.13140/RG.2.2.35091.50724

Bergmann MC, Dreißigacker A, von Skarczinski B, Wollinger GR (2018) Cyber-dependent crime victimization: the same risk for everyone? Cyberpsychol Behav Soc Network 21(2):84–90

Brenner SW (2013) Cybercrime: re-thinking crime control strategies. Crime online: Willan. pp. 12–28

Brewer R, de Vel-Palumbo M, Hutchings A, Holt T, Goldsmith A, Maimon D (2019) Cybercrime prevention: theory and applications. Springer

Bruggemann R, Koppatz P, Scholl M, Schuktomow R (2022) Global cybersecurity index (GCI) and the role of its 5 pillars. Soc Indic Res 159(1):125–143

Calderaro A, Craig AJ (2020) Transnational governance of cybersecurity: policy challenges and global inequalities in cyber capacity building. Third World Q 41(6):917–938

Castillo D, Falzon J (2018) An analysis of the impact of Wannacry cyberattack on cybersecurity stock returns. Rev Econ Financ 13:93–100

Google Scholar

Clough J (2015) Principles of cybercrime. Cambridge University Press

Dupont B, Holt T (2022) The human factor of cybercrime. Soc Sci Comput Rev 40(4):860–864

Ehrlich I (1996) Crime, punishment, and the market for offenses. J Econ Perspect 10(1):43–67

Eian IC, Yong LK, Li MYX, Qi YH, Fatima Z (2020) Cyber attacks in the era of covid-19 and possible solution domains. Preprints 2020, 2020090630

Eslahi M, Salleh R, Anuar NB (2012) ‘Bots and botnets: an overview of characteristics, detection and challenges’. 2012 IEEE International Conference on Control System, Computing and Engineering. IEEE, pp. 349–354

Fan Y, Chen J, Shirkey G, John R, Wu SR, Park H, Shao C (2016) Applications of structural equation modeling (SEM) in ecological studies: an updated review. Ecol Process 5(1):1–12

Faraway JJ (2016) Extending the linear model with R: generalized linear, mixed effects and nonparametric regression models. Chapman and Hall/CRC

FireHOL (2021) FireHOL. FireHOL IP lists. https://iplists.firehol.org [Accessed on Aug 21, 2021]

Fox J, Weisberg S, Adler D, Bates D, Baud-Bovy G, Ellison S, Firth D, Friendly M, Gorjanc G, Graves,S (2012) Package ‘car’, Vienna: R Foundation for Statistical Computing, 16

Garg V, Koster T, Camp LJ (2013) Cross-country analysis of spambots. EURASIP J Inform Secur 2013(1):1–13

Ghafur S, Kristensen S, Honeyford K, Martin G, Darzi A, Aylin P (2019) A retrospective impact analysis of the WannaCry cyberattack on the NHS. NPJ Digit Med 2(1):1–7

Goel RK, Nelson MA (2009) Determinants of software piracy: economics, institutions, and technology. J Technol Transfer 34(6):637–658

Hall T, Sanders B, Bah M, King O, Wigley E (2020) Economic geographies of the illegal: the multiscalar production of cybercrime. Trend OrganCrime 24:282–307

Ho HTN, Luong HT (2022) Research trends in cybercrime victimization during 2010–2020: a bibliometric analysis. SN Soc Sci 2(1):1–32

Holt T, Bossler A (2015) Cybercrime in progress: Theory and prevention of technology-enabled offenses. Routledge

Holt TJ (2017) Cybercrime through an interdisciplinary lens. Routledge

Holt TJ, Bossler AM (2014) An assessment of the current state of cybercrime scholarship. Deviant Behav 35(1):20–40

Holt TJ, Burruss GW, Bossler AM (2018) Assessing the macro-level correlates of malware infections using a routine activities framework. Int J Offender Ther Comp Criminol 62(6):1720–1741

Article PubMed Google Scholar

Holt TJ, Schell BH (2011) Corporate hacking and technology-driven crime. Igi Global

Hoque N, Bhattacharyya DK, Kalita JK (2015) Botnet in DDoS attacks: trends and challenges. IEEE Commun Surv Tutor 17(4):2242–2270

Howell CJ, Burruss GW (2020) Datasets for analysis of cybercrime. In: The Palgrave handbook of international cybercrime and cyberdeviance. Palgrave Macmillan. pp. 207–219

Hutchings A, Hayes H (2009) Routine activity theory and phishing victimisation: who gets caught in the ‘net’? Curr Issues Crim Justice 20(3):433–452

Ki E-J, Chang B-H, Khang H (2006) Exploring influential factors on music piracy across countries. J Commun 56(2):406–426

Kigerl A (2012) Routine activity theory and the determinants of high cybercrime countries. Soc Sci Comput Rev 30(4):470–486

Kigerl A (2016) Cyber crime nation typologies: K-means clustering of countries based on cyber crime rates. Int J Cyber Criminol10(2): 147–169

Kigerl A (2021) Routine activity theory and malware, fraud, and spam at the national level, Crime Law Soc Chang 76:109–130

Kshetri N (2010) Diffusion and effects of cyber-crime in developing economies. Third World Q 31(7):1057–1079

Kumar S, Carley KM (2016) ‘Approaches to understanding the motivations behind cyber attacks’. 2016 IEEE Conference on Intelligence and Security Informatics (ISI). IEEE, pp. 307–309

Lallie HS, Shepherd LA, Nurse JR, Erola A, Epiphaniou G, Maple C, Bellekens X (2021) Cyber security in the age of covid-19: a timeline and analysis of cyber-crime and cyber-attacks during the pandemic. Comput Secur 105:102248

Article PubMed PubMed Central Google Scholar

Lazarus S, Okolorie GU (2019) The bifurcation of the Nigerian cybercriminals: Narratives of the Economic and Financial Crimes Commission (EFCC) agents. Telemat Informat 40:14–26

Leukfeldt R, Holt TJ (2019) The human factor of cybercrime. Routledge

Lianos H, McGrath A (2018) Can the general theory of crime and general strain theory explain cyberbullying perpetration? Crime Delinq 64(5):674–700

Lusthaus J, Bruce M, Phair N (2020) ‘Mapping the geography of cybercrime: a review of indices of digital offending by country’. 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW): IEEE, pp. 448–453

Lusthaus J, Varese F (2021) Offline and local: the hidden face of cybercrime. Policing J Policy Pract 15(1):4–14

Maimon D, Wilson T, Ren W, Berenblum T (2015) On the relevance of spatial and temporal dimensions in assessing computer susceptibility to system trespassing incidents. Br J Criminol 55(3):615–634

Makridis CA, Smeets M (2019) Determinants of cyber readiness. J Cyber Policy 4(1):72–89

Mandelcorn S, Modarres M, Mosleh A (2013) An explanatory model of cyberattacks drawn from rational choice theory. Trans Am Nuclear Soc 109(1):1869–1871

McAfee (2021) McAfee and the Center for Strategic and International Studies (CSIS). The Hidden Costs of Cybercrime. https://www.csis.org/analysis/hidden-costs-cybercrime [Accessed on Aug 21, 2021]

McGuire M, Dowling S (2013) Cyber-crime: a review of the evidence summary of key findings and implications Home Office Research Report 75, Home Office, United Kingdom, Oct. 30p

Meke E (2012) Urbanization and cyber Crime in Nigeria: causes and consequences. Eur J Comput Sci Inform Technol 3(9):1–11

Mezzour G, Carley L, Carley KM (2014) Global mapping of cyber attacks. Available at SSRN 2729302

Mikkola M, Oksanen A, Kaakinen M, Miller BL, Savolainen I, Sirola A, Zych I, Paek H-J (2020) Situational and individual risk factors for cybercrime victimization in a cross-national context. Int J Offender Ther Comparat Criminol https://doi.org/10.1177/0306624X20981041

Mohurle S, Patil M (2017) A brief study of wannacry threat: ransomware attack 2017. Int J Adv Res Comput Sci 8(5):1938–1940

Neal S (2014) Cybercrime, transgression and virtual environments. Crime: Willan, pp. 71–104

Ngo FT, Paternoster R (2011) Cybercrime victimization: an examination of individual and situational level factors. Int J Cyber Criminol 5(1):773

Onuora A, Uche D, Ogbunude F, Uwazuruike F (2017) The challenges of cybercrime in Nigeria: an overview. AIPFU J School Sci 1(2):6–11

Overvest B, Straathof B (2015) What drives cybercrime? Empirical evidence from DDoS attacks. CPB Netherlands Bureau for Economic Policy Analysis

Pandita R (2017) Internet: a change agent an overview of internet penetration & growth across the world. Int J Inform Dissemination Technol 7(2):83

Payne BK (2020) Defining cybercrime. The Palgrave handbook of international cybercrime and cyberdeviance. Palgrave Macmillan. pp. 3–25

Phillips K, Davidson JC, Farr RR, Burkhardt C, Caneppele S, Aiken MP (2022) Conceptualizing cybercrime: definitions, typologies and taxonomies. Forensic Sci 2(2):379–398

Pick JB, Azari R (2008) Global digital divide: Influence of socioeconomic, governmental, and accessibility factors on information technology. Inform Technol Dev 14(2):91–115

Pranggono B, Arabo A (2021) COVID‐19 pandemic cybersecurity issues. Internet Technol Lett 4(2):e247

Pratt TC, Holtfreter K, Reisig MD (2010) Routine online activity and internet fraud targeting: extending the generality of routine activity theory. J Res Crime Delinquency 47(3):267–296

R (Core Team, 2013) R: A language and environment for statistical computing. R Core Team

Sarre R, Lau LY-C, Chang LY (2018) Responding to cybercrime: current trends. Taylor & Francis

Solano PC, Peinado AJR (2017) ‘Socio-economic factors in cybercrime: Statistical study of the relation between socio-economic factors and cybercrime’. 2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA): IEEE, pp. 1–4

Srivastava SK, Das S, Udo GJ, Bagchi K (2020) Determinants of cybercrime originating within a nation: a cross-country study. J Glob Inf Technol Manag 23(2):112–137

Sutanrikulu A, Czajkowska S, Grossklags J (2020) ‘Analysis of darknet market activity as a country-specific, socio-economic and technological phenomenon’. 2020 APWG Symposium on Electronic Crime Research (eCrime): IEEE, pp. 1–10

UNODC (2013) Comprehensive study on cybercrime. United Nations, New York

Van Eeten M, Bauer JM, Asghari H, Tabatabaie S (2010) The role of internet service providers in botnet mitigation an empirical analysis based on spam data. TPRC

Waldrop MM (2016) How to hack the hackers: The human side of cybercrime. Nature 533: 164–167

Wall D (2007) Cybercrime: the transformation of crime in the information age. Polity

Walters GD (2015) Proactive criminal thinking and the transmission of differential association: a cross-lagged multi-wave path analysis. Crim Just Behav 42(11):1128–1144

Watters, PA, McCombie, S, Layton, R and Pieprzyk, J (2012) Characterising and predicting cyber attacks using the Cyber Attacker Model Profile (CAMP). J Money Laund Control . ISSN: 1368-5201

Williams ML (2016) Guardians upon high: an application of routine activities theory to online identity theft in Europe at the country and individual level. Br J Criminol 56(1):21–48

Download references

Acknowledgements

This research was funded by the National Key Research and Development Project of China, grant number 2020YFB1806500 and the Key Research Program of the Chinese Academy of Sciences, grant number ZDRW-XH-2021-3. We thank Yushu Qian, Ying Liu, Qinghua Tan for providing valuable suggestions.

Author information

Authors and affiliations.

Institute of Geographic Sciences and Nature Resources Research, Chinese Academy of Sciences, Beijing, China

Shuai Chen, Mengmeng Hao, Fangyu Ding, Dong Jiang, Jiping Dong & Qiquan Guo

College of Resources and Environment, University of Chinese Academy of Sciences, Beijing, China

Shuai Chen, Mengmeng Hao, Fangyu Ding, Dong Jiang & Jiping Dong

Big Data Center of State Grid Corporation of China, Beijing, China

Shize Zhang

The Administrative Bureau of Chinese Academy of Sciences, Beijing, China

Chundong Gao

You can also search for this author in PubMed Google Scholar

Contributions

DJ, QQG and CDG designed the research; SC, FYD, DJ, SZZ and MMH performed the research; SC, FYD and JPD analysed the data; SC, FYD, DJ and MMH wrote the first draft of the paper; JPD, SZZ, QQG, CDG and DJ gave useful edits, comments and suggestions to this work.

Corresponding author

Correspondence to Dong Jiang .

Ethics declarations

Competing interests.

The authors declare no competing interests.

Ethical approval

This article does not contain any studies with human participants performed by any of the authors.

Informed consent

Additional information.

Publisher’s note Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made. The images or other third party material in this article are included in the article’s Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/ .

Reprints and permissions

About this article

Cite this article.

Chen, S., Hao, M., Ding, F. et al. Exploring the global geography of cybercrime and its driving forces. Humanit Soc Sci Commun 10 , 71 (2023). https://doi.org/10.1057/s41599-023-01560-x

Download citation

Received : 19 May 2022

Accepted : 14 February 2023

Published : 23 February 2023

DOI : https://doi.org/10.1057/s41599-023-01560-x

Share this article

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Quick links

Explore articles by subject
Guide to authors
Editorial policies

Cyber case study round-up

Have you missed any of our monthly cyber claims case studies? Don't fear! Here's your chance to catch up.

Cyber Article 4 min 28 Sep, 2021

Copy page URL

In 2018, we launched our cyber claims case study series. Coming to you monthly, these in-depth case studies have explored everything from data re-creation after ransomware attacks to the reputational impact of data breaches. Here, we have consolidated the series so far. Have a read, and be on the lookout for more in the coming months. A city government falls victim to a fraudster on the watch for sizeable wire transfers

Thwarted threat: A machinery manufacturer nearly falls victim to malicious software

Law firm leakage: When a law firm employee fails to recognise a malicious attachment, it prompts a full-blown ransomware attack

Car part chaos: When an auto parts dealer gets hit by a ransomware attack, it comes close to wrecking their business

Recruitment ruse: When an employee at a recruitment firm falls for a phishing scam, a significant payment is misdirected

Search engine setback: When malicious code impairs a hotel's website, it takes longer than expected to get back on track

Nursing home hoax: After a CEO's email account is hacked, a care home faces huge financial loss from social engineering

Lucrative lookout: A city government falls victim to a fraudster on the watch for sizeable wire transfers

Education infiltration: Hackers access a school's systems through remote desktop protocol and hold data to ransom

Tax return trauma: A haulage firm loses several large tax payments after their accountant's email is spoofed

Donation diversion: A charity's payment to a research partner is sent to a fraudulent account after an email account is compromised

Payroll pandemonium: An HR service provider loses contracts due to a cyberattack suffered by one of its supply chain partners

Subcontractor scam: Criminals swindle a construction firm out of large payment by impersonating a subcontractor

Database debacle: A ransomware attack throws up unforeseen complications for a domestic goods retailer

School fees fiasco: Parents mistakenly pay tuition fees to a fraudster impersonating a private school

City shakedown: A targeted extortion attack leaves a local government in a predicament

Website wipeout: An appliance retailer suffers a significant sales shortfall after its website is taken down by hackers

Kitchen calamity: A kitchen unit manufacturer shelves several days’ profits after ransomware attack

Poached payment: Fraudster impersonates an insurance brokerage to siphon off customer payment

CEO swindle: A manufacturing firm transfers thousands to scam artists after falling victim to CEO fraud

Legacy system letdown: A ransomware attack on an electrical firm sparks the collapse of a vital accounting system

Phishing for funds: A law firm, specializing in property matters, falls victim to a social engineering scam

Malware mayhem: A targeted extortion attack and extensive malware infestation hit a tech provider

Software shutdown: A property management company learns the importance of longer indemnity periods after a cyber attack results in lost contracts

Reputational repercussions: A data breach leads to a damaged reputation and subsequent incomes loss for an online retailer

Quick fix complication: A healthcare provider wipes ransomware from their system, only to discover they’ve also wiped away the proof that large-scale notification isn’t necessary

Beyond the breach: A malware attack leads to huge operational disruption for a small hospital

Backup breakdown: A ransomware wipes out an engineering firm’s files, creating a need for full data re-creation

CFC’s jam-packed, invite-only event on the fut ...

Event 1 min May 23, 2019

This cyber guide explains how cyber risk and insurance has evolved, and how a good cyber policy addresses these modern exposures.

Cyber Guide 20 min Aug 05, 2019

CFC expands cyber insurance offering with market-leading business interruption cover

Product News 4 min Jan 08, 2019

Get in touch

Trade with us, let's get you signed up, you've successfully signed up.

Which newsletter would you like to receive?

We won’t share your data with anyone else or bombard you with emails, we simply want to keep you in the loop of upcoming events and news. View Privacy Policy

Upload your files here (max 5MB each)

Landmark Cyber Law cases in India

Post author By ashwin
Post date March 1, 2021

By:-Muskan Sharma

Introduction

Cyber Law, as the name suggests, deals with statutory provisions that regulate Cyberspace. With the advent of digitalization and AI (Artificial Intelligence), there is a significant rise in Cyber Crimes being registered. Around 44, 546 cases were registered under the Cyber Crime head in 2019 as compared to 27, 248 cases in 2018. Therefore, a spike of 63.5% was observed in Cyber Crimes [1] .

The legislative framework concerning Cyber Law in India comprises the Information Technology Act, 2000 (hereinafter referred to as the “ IT Act ”) and the Rules made thereunder. The IT Act is the parent legislation that provides for various forms of Cyber Crimes, punishments to be inflicted thereby, compliances for intermediaries, and so on.

Learn more about Cyber Laws Courses with Enhelion’s Online Law Course !

However, the IT Act is not exhaustive of the Cyber Law regime that exists in India. There are some judgments that have evolved the Cyber Law regime in India to a great extent. To fully understand the scope of the Cyber Law regime, it is pertinent to refer to the following landmark Cyber Law cases in India:

Shreya Singhal v. UOI [2]

In the instant case, the validity of Section 66A of the IT Act was challenged before the Supreme Court.

Facts: Two women were arrested under Section 66A of the IT Act after they posted allegedly offensive and objectionable comments on Facebook concerning the complete shutdown of Mumbai after the demise of a political leader. Section 66A of the IT Act provides punishment if any person using a computer resource or communication, such information which is offensive, false, or causes annoyance, inconvenience, danger, insult, hatred, injury, or ill will.

The women, in response to the arrest, filed a petition challenging the constitutionality of Section 66A of the IT Act on the ground that it is violative of the freedom of speech and expression.

Decision: The Supreme Court based its decision on three concepts namely: discussion, advocacy, and incitement. It observed that mere discussion or even advocacy of a cause, no matter how unpopular, is at the heart of the freedom of speech and expression. It was found that Section 66A was capable of restricting all forms of communication and it contained no distinction between mere advocacy or discussion on a particular cause which is offensive to some and incitement by such words leading to a causal connection to public disorder, security, health, and so on.

Learn more about Cyber Laws with Enhelion’s Online Law firm certified Course!

In response to the question of whether Section 66A attempts to protect individuals from defamation, the Court said that Section 66A condemns offensive statements that may be annoying to an individual but not affecting his reputation.

However, the Court also noted that Section 66A of the IT Act is not violative of Article 14 of the Indian Constitution because there existed an intelligible difference between information communicated through the internet and through other forms of speech. Also, the Apex Court did not even address the challenge of procedural unreasonableness because it is unconstitutional on substantive grounds.

Shamsher Singh Verma v. State of Haryana [3]

In this case, the accused preferred an appeal before the Supreme Court after the High Court rejected the application of the accused to exhibit the Compact Disc filed in defence and to get it proved from the Forensic Science Laboratory.

The Supreme Court held that a Compact Disc is also a document. It further observed that it is not necessary to obtain admission or denial concerning a document under Section 294 (1) of CrPC personally from the accused, the complainant, or the witness.

Syed Asifuddin and Ors. v. State of Andhra Pradesh and Anr. [4]

Facts: The subscriber purchased a Reliance handset and Reliance mobile services together under the Dhirubhai Ambani Pioneer Scheme. The subscriber was attracted by better tariff plans of other service providers and hence, wanted to shift to other service providers. The petitioners (staff members of TATA Indicom) hacked the Electronic Serial Number (hereinafter referred to as “ESN”). The Mobile Identification Number (MIN) of Reliance handsets were irreversibly integrated with ESN, the reprogramming of ESN made the device would be validated by Petitioner’s service provider and not by Reliance Infocomm.

Questions before the Court: i) Whether a telephone handset is a “Computer” under Section 2(1)(i) of the IT Act?

ii) Whether manipulation of ESN programmed into a mobile handset amounts to an alteration of source code under Section 65 of the IT Act?

Decision: (i) Section 2(1)(i) of the IT Act provides that a “computer” means any electronic, magnetic, optical, or other high-speed data processing device or system which performs logical, arithmetic, and memory functions by manipulations of electronic, magnetic, or optical impulses, and includes all input, output, processing, storage, computer software or communication facilities which are connected or related to the computer in a computer system or computer network. Hence, a telephone handset is covered under the ambit of “computer” as defined under Section 2(1)(i) of the IT Act.

(ii) Alteration of ESN makes exclusively used handsets usable by other service providers like TATA Indicomm. Therefore, alteration of ESN is an offence under Section 65 of the IT Act because every service provider has to maintain its own SID code and give its customers a specific number to each instrument used to avail the services provided. Therefore, the offence registered against the petitioners cannot be quashed with regard to Section 65 of the IT Act.

Shankar v. State Rep [5]

Facts: The petitioner approached the Court under Section 482, CrPC to quash the charge sheet filed against him. The petitioner secured unauthorized access to the protected system of the Legal Advisor of Directorate of Vigilance and Anti-Corruption (DVAC) and was charged under Sections 66, 70, and 72 of the IT Act.

Decision: The Court observed that the charge sheet filed against the petitioner cannot be quashed with respect to the law concerning non-granting of sanction of prosecution under Section 72 of the IT Act.

Christian Louboutin SAS v. Nakul Bajaj & Ors . [6]

Facts: The Complainant, a Luxury shoes manufacturer filed a suit seeking an injunction against an e-commerce portal www.darveys.com for indulging in a Trademark violation with the seller of spurious goods.

The question before the Court was whether the defendant’s use of the plaintiff’s mark, logos, and image are protected under Section 79 of the IT Act.

Decision: The Court observed that the defendant is more than an intermediary on the ground that the website has full control over the products being sold via its platform. It first identifies and then promotes third parties to sell their products. The Court further said that active participation by an e-commerce platform would exempt it from the rights provided to intermediaries under Section 79 of the IT Act.

Avnish Bajaj v. State (NCT) of Delhi [7]

Facts: Avnish Bajaj, the CEO of Bazee.com was arrested under Section 67 of the IT Act for the broadcasting of cyber pornography. Someone else had sold copies of a CD containing pornographic material through the bazee.com website.

Decision: The Court noted that Mr. Bajaj was nowhere involved in the broadcasting of pornographic material. Also, the pornographic material could not be viewed on the Bazee.com website. But Bazee.com receives a commission from the sales and earns revenue for advertisements carried on via its web pages.

The Court further observed that the evidence collected indicates that the offence of cyber pornography cannot be attributed to Bazee.com but to some other person. The Court granted bail to Mr. Bajaj subject to the furnishing of 2 sureties Rs. 1 lakh each. However, the burden lies on the accused that he was merely the service provider and does not provide content.

State of Tamil Nadu v. Suhas Katti [8]

The instant case is a landmark case in the Cyber Law regime for its efficient handling made the conviction possible within 7 months from the date of filing the FIR.

Facts: The accused was a family friend of the victim and wanted to marry her but she married another man which resulted in a Divorce. After her divorce, the accused persuaded her again and on her reluctance to marrying him, he took the course of harassment through the Internet. The accused opened a false e-mail account in the name of the victim and posted defamatory, obscene, and annoying information about the victim.

A charge-sheet was filed against the accused person under Section 67 of the IT Act and Section 469 and 509 of the Indian Penal Code, 1860.

Decision: The Additional Chief Metropolitan Magistrate, Egmore convicted the accused person under Section 469 and 509 of the Indian Penal Code, 1860 and Section 67 of the IT Act. The accused was subjected to the Rigorous Imprisonment of 2 years along with a fine of Rs. 500 under Section 469 of the IPC, Simple Imprisonment of 1 year along with a fine of Rs. 500 under Section 509 of the IPC, and Rigorous Imprisonment of 2 years along with a fine of Rs. 4,000 under Section 67 of the IT Act.

CBI v. Arif Azim (Sony Sambandh case)

A website called www.sony-sambandh.com enabled NRIs to send Sony products to their Indian friends and relatives after online payment for the same.

In May 2002, someone logged into the website under the name of Barbara Campa and ordered a Sony Colour TV set along with a cordless telephone for one Arif Azim in Noida. She paid through her credit card and the said order was delivered to Arif Azim. However, the credit card agency informed the company that it was an unauthorized payment as the real owner denied any such purchase.

A complaint was therefore lodged with CBI and further, a case under Sections 418, 419, and 420 of the Indian Penal Code, 1860 was registered. The investigations concluded that Arif Azim while working at a call center in Noida, got access to the credit card details of Barbara Campa which he misused.

The Court convicted Arif Azim but being a young boy and a first-time convict, the Court’s approach was lenient towards him. The Court released the convicted person on probation for 1 year. This was one among the landmark cases of Cyber Law because it displayed that the Indian Penal Code, 1860 can be an effective legislation to rely on when the IT Act is not exhaustive.

Pune Citibank Mphasis Call Center Fraud

Facts: In 2005, US $ 3,50,000 were dishonestly transferred from the Citibank accounts of four US customers through the internet to few bogus accounts. The employees gained the confidence of the customer and obtained their PINs under the impression that they would be a helping hand to those customers to deal with difficult situations. They were not decoding encrypted software or breathing through firewalls, instead, they identified loopholes in the MphasiS system.

Decision: The Court observed that the accused in this case are the ex-employees of the MphasiS call center. The employees there are checked whenever they enter or exit. Therefore, it is clear that the employees must have memorized the numbers. The service that was used to transfer the funds was SWIFT i.e. society for worldwide interbank financial telecommunication. The crime was committed using unauthorized access to the electronic accounts of the customers. Therefore this case falls within the domain of ‘cyber crimes”. The IT Act is broad enough to accommodate these aspects of crimes and any offense under the IPC with the use of electronic documents can be put at the same level as the crimes with written documents.

The court held that section 43(a) of the IT Act, 2000 is applicable because of the presence of the nature of unauthorized access that is involved to commit transactions. The accused were also charged under section 66 of the IT Act, 2000 and section 420 i.e. cheating, 465,467 and 471 of The Indian Penal Code, 1860.

SMC Pneumatics (India) Pvt. Ltd. vs. Jogesh Kwatra [9]

Facts: In this case, Defendant Jogesh Kwatra was an employee of the plaintiff’s company. He started sending derogatory, defamatory, vulgar, abusive, and filthy emails to his employers and to different subsidiaries of the said company all over the world to defame the company and its Managing Director Mr. R K Malhotra. In the investigations, it was found that the email originated from a Cyber Cafe in New Delhi. The Cybercafé attendant identified the defendant during the enquiry. On 11 May 2011, Defendant was terminated of the services by the plaintiff.

Decision: The plaintiffs are not entitled to relief of perpetual injunction as prayed because the court did not qualify as certified evidence under section 65B of the Indian Evidence Act. Due to the absence of direct evidence that it was the defendant who was sending these emails, the court was not in a position to accept even the strongest evidence. The court also restrained the defendant from publishing, transmitting any information in the Cyberspace which is derogatory or abusive of the plaintiffs.

The Cyber Law regime is governed by the IT Act and the Rules made thereunder. Also, one may take recourse to the provisions of the Indian Penal Code, 1860 when the IT Act is unable to provide for any specific type of offence or if it does not contain exhaustive provisions with respect to an offence.

However, the Cyber Law regime is still not competent enough to deal with all sorts of Cyber Crimes that exist at this moment. With the country moving towards the ‘Digital India’ movement, the Cyber Crimes are evolving constantly and new kinds of Cyber Crimes enter the Cyber Law regime each day. The Cyber Law regime in India is weaker than what exists in other nations.

Hence, the Cyber Law regime in India needs extensive reforms to deal with the huge spike of Cyber Crimes each year.

[1] “Crime in India – 2019” Snapshots (States/UTs), NCRB, available at: https://ncrb.gov.in/sites/default/files/CII%202019%20SNAPSHOTS%20STATES.pdf (Last visited on 25 th Feb; 2021)

[2] (2013) 12 SCC 73

[3] 2015 SCC OnLine SC 1242

[4] 2005 CriLJ 4314

[5] Crl. O.P. No. 6628 of 2010

[6] (2018) 253 DLT 728

[7] (2008) 150 DLT 769

[8] CC No. 4680 of 2004

[9] CM APPL. No. 33474 of 2016

Tags artificial intelligence courses online , aviation law courses india , best online law courses , business law course , civil courts , civil law law courses online , civil system in india , competition law , corporate law courses online , covaxin , covid vaccine , diploma courses , diploma in criminal law , drafting , fashion law online course , how to study law at home , indian law institute online courses , innovation , Intellectual Property , international law courses , international law degree online , international law schools , introduction to law course , invention , knowledge , labour law course distance learning , law , law certificate courses , law certificate programs online , law classes , law classes online , law college courses , law courses in india , law firms , law schools , lawyers , learn at home , legal aid , legal courses , online law courses , online law courses in india , pfizer , pleading , space law courses , sports law , sports law courses , study criminal law online , study later , study law at home , study law by correspondence , study law degree online , study law degree online australia , study law distance education , study law distance learning , study law online , study law online free , study law online uk , study legal studies online , teach law online , technology law courses , trademark

IMAGES

A Look at 23 Key Cyber Crime Statistics Data From 2021 and 2022 (2022)
Case study on cyber crime
Cyber crime- a case study
Cyber crimes in India rise 6% a year in 2021, Telangana tops list: NCRB
A Brief Introduction on Cyber Crime Cases under Information Technology
Case study cyber crime

COMMENTS

Top 10 cyber crime stories of 2021
Here are Computer Weekly's top 10 cyber crime stories of 2021: 1. Colonial Pipeline ransomware attack has grave consequences. Though it did not trouble the fuel supply at petrol stations in the ...
PDF 2021 Internet Crime Report
2021 INTERNET CRIME REPORT 5 THE IC3 ROLE IN COMBATING CYBER CRIME1 What we do Partner with Private Sector and with Local, State, Federal, and International Agencies Host a Portal where Victims Report Internet Crime at www.ic3.gov Provide a Central Hub to Alert the Public Perform Analysis, Complaint Referrals, and Aid the Freezing of Assets
The Top 10 Biggest Cyber Attacks Of 2021
In fact, according to a recent report by SonicWall, 2021 saw ransomware attacks increase by 105% from the previous year and encrypted threats rise by 167%. While ransomware might have been front and center in the report, there were also significant concerns over phishing and business email compromise (BEC) attacks, which also saw significant ...
PDF 2022 1INTERNET CRIME REPORT
The F I's commitment to assisting victims of cyber crimes and cyber-enabled frauds, as well as our dedication to ... In 2022, RAT saw a 64 percent increase in FFKCs initiated compared to 2021. While the cyber threat is ever-growing, the FBI remains appreciative of those individuals and entities who report cyber incidents to the IC3, as that ...
Cybercriminals Stole $6.9 Billion In 2021, Using Social ...
The number of cybercrime complaints to the Federal Bureau of Investigation rose 7% in 2021 to 847,376 and total money lost to cybercrime increased 64% to $6.9 billion, the FBI said Tuesday in its ...
PDF A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data Breach Nelson Novaes Neto, Stuart Madnick, Anchises Moraes G. de Paula, Natasha Malara Borges Working Paper CISL# 2020-07 ... New data protection and privacy laws and recent cyber security regulations, such as the General Data Protection Regulation (GDPR) that went into effect in Europe in 2018, ...
Top cybersecurity statistics, trends, and facts
According to the 2021 Imperva Bad Bot Report, bad bot traffic amounted to 25.6% of all website traffic in 2020, up 6.2% from the previous year. What's worse, advanced persistent bots (APBs ...
Unpacking Cyber Crime: In-depth Analysis and Case Studies
Depicting Major Cyber Crime Case Studies. When regarding the multifaceted arena of cybercrimes, a few notorious examples have made all the difference in shaping both legislative processes and public perception. These archetypical scenarios paint a stark picture of the danger posed by cybercriminals and the significant, often devastating ...
Top 10 cyber crime stories of 2022
6. Uber suffers major cyber attack. Ride-sharing service Uber was one of 2022's high-profile cyber attack victims in September, when it suffered a supposed social engineering attack on an ...
PDF The Hacking of Sony Pictures: A Columbia University Case Study
This Columbia University case study explores this landmark attack, which underlined the importance of a well-coordinated cyber crisis management and public relations response following a cyber attack as much it reaffirmed the need for strong information security programs and investments prior to its occurrence.
Significant Cyber Incidents
Significant Cyber Events List 812kb. May 2024: A new report from Canada's Communications Security Establishment detected Chinese espionage activity against eight members of Parliament and one senator starting in 2021. The spies likely attempted to obtain information from the targets' personal and work devices but were unsuccessful ...
2021 Norton Cyber Safety Insights Report
With the effects of the COVID-19 pandemic in the past year, learn how consumers were impacted by cybercrime and identity theft in the 2021 Norton™ Cyber Safety Insights Report, a yearly report surveying over 10,000 adults in 10 countries. In this year's report, discover: The number of consumers impacted by cybercrime and identity theft in ...
PDF Target Cyber Attack: A Columbia University Case Study
Executive Summary. In this case study, we examine the 2013 breach of American retailer Target, which led to the theft of personally identifiable information (PII) and credit card information belonging to over 70 million customers from Target's databases. This case study will first consider Target's vulnerabilities to an external attack in ...
10. Case study: Combatting cyber threats, disinformation, and Internet
Governments sometimes impose Internet shutdowns during critical moments, violating rights with a devastating impact on people's lives (Google, 2021[1]).In 2020, there were at least 155 documented Internet shutdown incidents in 29 countries even as billions of people turned to the Internet for school, work and communication during the COVID-19 crisis (Taye, 2021[2]).
The real fuel behind cyber crime
Ciaran Martin, former head of the UK's National Cyber Security Centre, is the latest security expert to champion the cause for making it illegal for cyber insurers to reimburse ransom payments. Quoted in a recent Guardian article, Martin claims that cyber insurers are "inadvertently funding cyber crime".
$50m ransomware demand on Acer is highest ever
Published: 22 Mar 2021 14:14. A $50m ransomware demand made against PC manufacturer Acer by the REvil/Sodinokibi cyber crime syndicate appears to be the highest ever made. Details of the record ...
A deeper look into cybersecurity issues in the wake of Covid-19: A
Cybercrime, like traditional crime, is usually portrayed by the crime triangle (Khweiled et al., 2021), which stipulates that three variables must exist for cybercrime to happen: a victim, a motive, and an opportunity. The victim is the person who will be attacked, the motive is what motivates the criminal to perform the crime, and the ...
Cyber security in the age of COVID-19: A timeline and analysis of cyber
The extent of the cyber-security related problems faced in the UK was quite exceptional, and in this section we use the UK as a case study to analyse COVID-19 related cyber-crime. The discussion herein demonstrates that as expected and outlined above, there was a loose correlation between policy/news announcements and associated cyber-crime ...
10 of the biggest cyber attacks of 2020
The list of top cyber attacks from 2020 include ransomware, phishing, data leaks, breaches and a devastating supply chain attack with a scope like no other. The virtually-dominated year raised new concerns around security postures and practices, which will continue into 2021. While there were too many incidents to choose from, here is a list of ...
Exploring the global geography of cybercrime and its driving forces
Cybercrime is a broad term used by government, businesses, and the general public to account for a variety of criminal activities and harmful behaviours involving the adoption of computers, the ...
Cybersecurity Case Studies and Real-World Examples
In the ever-evolving landscape of cybersecurity, the battle between hackers and defenders continues to shape the digital domain. To understand the gravity of cybersecurity challenges, one need only examine real-world examples—breaches that have rocked industries, compromised sensitive data, and left organizations scrambling to shore up their ...
Cyber claims case study round-up
In 2018, we launched our cyber claims case study series. Coming to you monthly, these in-depth case studies have explored everything from data re-creation after ransomware attacks to the reputational impact of data breaches. Here, we have consolidated the series so far. Have a read, and be on the lookout for more in the coming months.
Landmark Cyber Law cases in India
Around 44, 546 cases were registered under the Cyber Crime head in 2019 as compared to 27, 248 cases in 2018. Therefore, a spike of 63.5% was observed in Cyber Crimes [1]. The legislative framework concerning Cyber Law in India comprises the Information Technology Act, 2000 (hereinafter referred to as the " IT Act ") and the Rules made ...