Cyber Pandemic: The Global Crisis and the Effects of Increased Cyber Attacks during the COVID-19 Pandemic

Author(s): Areej Ali

Mentor(s): Joshua Icore, Cyber Security Engineering

Abstract

The COVID-19 pandemic was an event impacted the world in an unprecedented manner, affecting billions of people. While there was a biological pandemic spreading around the world, a new phenomenon occurred, the cyber pandemic. The cyber pandemic saw cyber-attacks increase at an astonishing rate, as well as the sophistication of these attacks. These cyber-attacks were concentrated all over the world, however the United States faced a great share of them. In fact, many upper-level governmental organizations fell victim to these attacks, which led to disruption in daily operations on a national scale. These attacks led to tremendous financial loss, public disarray, data loss, and disruption in industrial control systems. The cyber pandemic is a unique phenomenon because of its effects on various corporations from all over the world. This project analyses the impact that the cyber pandemic had on the U.S. government, global corporations, and other stakeholders. Additionally, this project analyzed the driving forces behind these sophisticated cyber-attacks. These cyber-attacks have been studied as case studies based on a timeline beginning from March 2020 – July 2021. The research shows what the weaknesses were in most security systems that led to them becoming compromised. The different types of attacks have been identified, analyzed, and reported through the classic cyber resiliency research model. Additionally, each type of cyber-attack will be explained and organized according to each attack/data breach. Finally, there has been an analysis of what were the driving forces behind each attack.

Video Transcript

Hello, my name is Areej Ali and I will be presenting my research on the Cyber Pandemic. So, what is the cyber pandemic? As you know, the COVID-19 pandemic started making grave impacts in the United States. The COVID-19 pandemic is a biological pandemic that spread through human contact. Like the COVID-19 pandemic, the cyber pandemic spread via malware such as viruses. There are ways to prevent the spread of viruses and cyber-attacks through awareness. In fact, the FBI reported that their Cyber Division saw an increase in the number of complaints about cyberattacks up to as many as 4,000 a day. That means that there was a 400% increase from what they were seeing before the start of the pandemic. Here is a figure depicting a detailed timeline of major cyber-attacks during the pandemic. As you can see, the number of cyber-attacks only continued to increase. [Figure provided by (Lallie et al., 2021)]. I explored two research questions, first “What impact did the cyber pandemic have on the government, corporations, and other stakeholders?” and second “Regarding the cyber pandemic, what were the driving forces behind these sophisticated cyber-attacks?”. In this research project, I analyzed over 20 cyber-attack cases in order to learn the impacts it had on various stakeholders and to understand the main motivators. Here are some of the most recent cases that I will talk about. First, in June of 2021, a ransomware attack targeted iConstituent, a newsletter service used by U.S. lawmakers to contact constituents. The ransomware attack left almost 60 house offices unable to access constituent data. States such as New York, Georgia, and cities including Los Angeles were also said to be affected. Next, on May 6 2021, the Colonial Pipeline, which is the largest fuel pipeline in the United States, was the target of a ransomware attack. The energy company shut down the pipeline and later paid out a $5 million ransom to continue its operations. DarkSide, a hacking group is said to be the group that attacked the pipeline. Then in May of 2021, the FBI and the Australian Cyber Security Centre warned of an ongoing Avaddon ransomware campaign targeting multiple sectors in many countries. The reported targeted 20 countries included the US. The targeted industries included construction, energy, government, IT, law enforcement, pharmaceuticals and more. After analyzing over 20 cyber-attack cases, the top three motivators behind these attacks were: financial gain, hacktivism, and espionage. Financial Gain includes business’s financial details, customers’ financial details and sensitive personal data. Hacktivism is about making a social/political point. Espionage includes spying to gain unfair advantages or classified information. An estimated $6 trillion has been lost to hackers since the start of the pandemic. 9 million medical records were stolen during the pandemic and there has been a 600% increase in cyber-attacks up until now. After analyzing these cases, it seemed that most companies lacked basic security controls such as multifactor authentication. Here is a visual graphic to represent how defense in depth works. The basics include educating employees/users, implementing physical security controls, and implementing computer security controls. Here is the surveillance robot I built. I tested this robot against various cyber attacks in a closed environment and was able to improve my skills in programming and mechanics. I would like to acknowledge the Office of Student Scholarship Creative Activities, & Research, my mentor Professor Icore, Dr. Lee, and Mr. Johnson from the Cyber Security Engineering Department. Thank you! Here are my references… Thank you for listening!

4 replies on “Cyber Pandemic: The Global Crisis and the Effects of Increased Cyber Attacks during the COVID-19 Pandemic”

Hi Areej,
Its crazy to see the timeline of all previous cyber attacks that have occurred throughout the cyber pandemic. Even though these are probably just the cyberattacks that have been reported to have happened. One would believe thousands of attacks are continuously happening worldwide weekly. Looking at the robot that was made I am curious about what type of scenarios were done and what weaknesses were observed?
Daniel Hernandez

Hi Daniel,

I performed various scenarios such as honeypots and IP packet tracing to aim at the system and discover the vulnerabilities. Some vulnerabilities were that it lacked multi-factor authentication and that there was an absence of a “firewall”

Nice work. The fact that these attacks are so common and often so expensive is alarming. Do you think they can actually be prevented or will hackers just find another way in?

That’s a great question Dr. Lee, there are many ways that these attacks can be prevented by adding layers of security Fromm physical security to computer security. One of the reasons why most companies fall victim to these attacks is because they lack multi-factor authentication. While hackers advance in their methods, there are ways to advance security measures as well.

Leave a Reply