Written by: Ms. Moon Moon Malik[1]


In India, the COVID-19 pandemic has spread as well as induced a disturbance in the business. Remote working has been a solution in order to be protected from COVID-19 pandemic situations. The priority has been to safeguard the interests in the business world and then to accelerate the large-scale movement in the business makes it prone to cyberattacks. Since the COVID-19 pandemic has started, the cyberattacks in the business organisations have increased simultaneously they have been fighting with the pandemic situation. An advantage has been taken by the cyber criminals of the unaware users and thereby trying to handle the cyber-attacks in the difficult times would result in the loss of the resources. The paper analyses the exposure to the cyber threat to the society as due to the pandemic the individuals and the society, now depends on the computers. The use of technology has been more frequent now, due to the pandemic COVID 19, social distancing needs to be maintained. The paper highlights the issues related to how the internet has been a last resort. The paper revolves around certain issues like the ways in which the cyber criminals are taking advantage of the COVID-19 pandemic situation. The paper deals with the threats in the cyber world due to COVID-19, like cyber-attacks, including the issues relating to terrorist financing as well as money laundering. There needs to be collaboration between the authorities of criminal justice so that they can concentrate on the grey areas by detecting, investigating as well as prosecuting the offences cause in the cyber world, due the pandemic situation. The paper has dealt with the issues relating to the updated antiviruses. It also includes how the solutions in the COVID-19 pandemic situation like Data Leakage Protection as well as the Mobile Device Management have been implemented in cyberspace, in order to protect the individuals from the COVID-19 pandemic situation.

The paper accumulates the data relating to phishing occurred cases as well as portraits the possible circumstances of happening of the ransomware. The paper highlights one of the popular ransomwares i.e. The Maze Ransomware, frequency as well as the related current cases arose due to the COVID-19, pandemic situation. The paper covers the issues like the disguised keylogger in a COVID-19’s helping website, named ‘Eeskiri-COVID-19.chm. If this is unpacked by the user then it will voluntarily give a permission to get the desired credentials and then build a keylogger which will then send the gathered information to a drive known as ‘misdrive[.]icu. The occurrence of such events might be regular acts of the cyber threat actors, but it is obvious that a handful of individuals have the knowledge of such acts and are new for their knowledge. Lastly the paper focuses on the issue of trust in the cyberworld, how the cyber threats have led toward losing faith in cyberspace in the COVID-19 pandemic situation and what are the precautions taken for their protection.

Keywords: antivirus, COVID-19, cyber, keylogger, phishing, ransomware.


“I think that if we change our own approach and thinking about what we have available to us, that is what will unlock our ability to truly excel in security. It’s a perspectives exercise. What would it look like if abundance were the reality and our resource constraint?” – Grey York[2]

The entry of the COVID-19 has made the world take a different path to walk. India has welcomed COVID-19 in the beginning of the year 2020. In the initial few months, the COVID-19, effects were mild, but cases related to COVID-19 increased in the Month of March 2020, which made the country India to commit towards 7 days Lockdown. The duration of the first lockdown was from 24th March 2020 to 31st March 2020. The lockdown was again extended for a period of 21 days Lockdown, in the hope that the COVID-19 pandemic would reduce. But the future has decided something else for the country. The Lockdown got extended day by days, as the COVID-19 cases were coming under the control of people. There was a fear of getting affected by the COVID 19, and thus the policy known as ‘Social Distancing’ was brought into being. The society has locked themselves in their own residence for safety purposes.

Several hygienic precautions have been started to be observed by the country in order to protect themselves from the pandemic. One of such precautionary steps taken was that all the companies, or the educational institutions or any other alike areas were declared as closed until next notice.

The fact that the COVID-19 was spreading through air and social distancing was suggested, thus the gathering was not at all suggested. The government has latched all places where the gathering was possible for the stipulated time period.

The arrival of the lockdown made the citizens of India aloof of their work as they were cramped from going to their respective works.

The list of the citizens includes all the age groups whether it is the children’s or the teens or the adults. By mentioning the age groups this paper had tried to analyse the issues faced by them being unaware users. The reason behind using the phrase ‘unaware users’ is that there has been an increase in the cases in the cyber world.


As the pandemic spread in the environment the human beings preferred to stay inside their residence. The COVID-19 has made all the people to stay away from any kind of gathering. As the people were not able to carry on their regular duties as well as work, they opt for adapting the technology.

The school, college or any educational institution has also opted for closing down, keeping in mind the safety of the students including the faculty as well as the other staff.

The country cannot stay stagnant due to the COVID-19.  The technology has come to save the individuals lives and they are suffering loss.


The company has adopted the technology for shorting the distance between the companies and its employees. The individuals who were working in the companies were introduced to the new online platform. All the portals were made by the respective companies as the details like the username and the passwords was provided to the employees.

A schedule has also been provided by the companies for their employees to stay logged in their company’s portal in the stipulated time. Meanwhile the companies did not provide any kind of training to the employee nor to its staff for using the technology.

Most of the employees were not aware of the way to deal with the technicalities involved in the online world. The companies have not given any kind technical lessons to their employees who were alien to the world of technology.

The employees did not possess any knowledge about the online processes and has been asked to immediately start with the online activities related to the company.

A world which is the virtual world often called the ‘Cyber World’. The space where the individuals can meet, can chat, can see each other in a virtual manner and thereby this feature differentiates the Cyber world from the real one.

The cyber world is a kind of fantasy but there are many giants who are also present there. The cyber environment was friendly at the beginning. It helps individuals to connect across the world even without visiting that place or the individual in reality.

Therefore, the virtual world has been of great help in the pandemic situation.

As there are always two sides of the coin. There are several complications that arise as the cyber thefts become more active during this difficult situation. Before heading toward the issues, a glance of the meaning of ‘Cyber Theft’, would provide the readers a better understanding.


In the world the human thefts were present from an era, but the cyber thefts came into existence after the discovery of the virtual world.

When the human thefts have committed any kind of the crimes then the court can identify the culprit and therefore can penalize as per the prescribed laws. But in the case of the cyber thefts the real culprit can’t be traced easily as in the human thefts case.

In the virtual world there is Internet Protocol Address which would be the only existing option for tracing the culprit unlike the normal address which is the name of the street or the house.

The Internet Protocol Address or is generally known as the ‘IP Address’, is described as an arrangement of unique numbers which has been dedicated to the devices which get activated whenever an online activity takes place. The specific Internet Service Provider is there which would help to identify the address.

The Internet Protocol Address is the only available path through which the cyber theft can be identified. As the time passed, the cyber thefts became more expert and as a result the cyber-crimes cases increased in numbers.

However, the cyber theft can easily hack their Internet Protocol Address and as a result such thefts cannot be identified.


The COVID-19, pandemic situation has made the educational institutions to shut down, in order to maintain the social distancing policy. The social distancing was mandated because of the COVID-19. Maintaining social distancing and avoiding any form of gathering has resulted in a situation where the educational system was stopped. The schools, colleges and any other educational institutions were closed down.

The sudden and forceful shut down of the educational institutions has made the education system to suffer a lot. Meanwhile, in the midst of the COVID-19, pandemic situation, the educational system has opted for the option of using the world of technology.

The introduction of the technology in the field of education has made teachers as well as the students undergo various problems, which was unavoidable as they did not have other options to carry on the educational activities. Because, if the teaching process was stopped due to the then the future of the students would be at stake.

The teachers, the faculties were disturbed as they were not aware of the technologies nor they have used any previously in their teaching methodologies. On the other side the students were aloof of the usage of the mobile devices as well as the computers or the laptops. The students of all ages have faced various issues while using the virtual world as they were unaware of the process of using it.

Thus, after viewing the after effects of using the technologies during the COVID-19 pandemic, it crystal clear that the employees of the companies nor the teaching staff of the educational system has knowledge of using the technology i.e. using the online world as a part of their world. Thus, creating the path for the entry of the criminals in the cyber world.


As we are aware of the fact that everyone waits for the opportunity and thereby takes an advantage of such opportunity when found one. The cyber theft has taken an advantage of the COVID-19 situations as everything went online. The fact that very few have the required knowledge of using the online resources has ultimately ended up landing in the trap set by the cyber thefts.


In general, the term ‘crime’ has been used under several legislatures like the Indian Penal Code and the Code of Criminal Procedure. The crimes committed inside the world of the cyber is not like murdering anybody but it’s illegally taking away the details or to send some kind of virus to the computer or to stalk any person virtually and phishing.


The paper would deal briefly about the types of crimes which have been identified inside the premise of the Cyber World.[3]


For the purpose of covering the suspicious attacks, the cybercriminals are taking advantage of the COVID-19, pandemic situations.  Malware is basically a collective name which has been assigned to the number of malicious software variants. Such malicious software includes the ransomware, the spyware and certain kinds of viruses.[4]

The Creeper Virus was the first kind of the virus which was detected in the 1970s. These kinds of viruses have an intent to cause harm as well as damage to the concerned sector.

The job of the Malware is to deliver its payload in various ways; the concerned areas are the theft of the personal data which are sensitive in nature.

For a better understanding below few kinds of Malware has been mentioned.

  1. VIRUS

Virus is a kind of malware[5] which is attached to their suspicious code to clean code as well as wait for an unsuspected user or any kind of automated process to perform them. [6]

  1. WORMS

Worms are the type of malware[7], who start infecting one machine at a time and thereby continue to weave their path through the network.[8]


The Spyware is a kind of Malware[9] which keeps an eye over the user, somewhat similar to the concept of Surveillance.[10]


The term ‘Trojan’ means a kind of hidden malware[11] which acts secretly and thereby attacks without informing anyone.


The malware ‘Ransomware’ is a kind of malware[12] which has been costly. The Ransomware has the capability to lockdown the networks as well as lockout users until the amount claimed has been paid.


As in the COVID-19 pandemic situation, the policy of social distancing has been imposed, remotely working has become the daily option to work. Working remotely means to opt for the technology. The virtual world has become the means to go to office or school or to visit the college on the first day of the week ‘Monday’ or its meeting of the company. Everything has been shifted to the online world.


The National Critical Information Infrastructure Protection Centre which aims to curve the line of cyber threats downwards.  BACKGROUND OF THE NCIIPC   MISSION

The National Critical Information Infrastructure mission is to pinpoint the cyber threat actors who were active during the pandemic situation of COVID-19, of which the world is suffering.   VISION

The National Critical Information Infrastructure vision is to maintain a safe as well as Secure Cyberspace Critical Information Infrastructure of India.    VALUES

The National Critical Information Infrastructure values is to investigate and to stop the spread of the collected information.   COVID-19 THREAT LANDSCAPE AS PER THE NCIIPC

The COVID-19, pandemic situation, has been a threat in the cyber environment. The records of the National Critical Information Infrastructure have provided certain information regarding the same. SOCIAL ENGINEERING

Social Engineering has been one of the categories in National Critical Infrastructure Information has tracked the cyber threats records. Such records have provided that there have been links which have provisions for live tracking of the maps including the Mobile Applications. The second record provided is the email attachments which contain malicious documents. The third record which has been provided by the National Critical Infrastructure Information shows that a certain amount of donations has been made for the pandemic situation COVID-19.  The fourth record showed that Information Technology has faced fraud for collecting the credential.


Vishing is the method, where a phone has been done, by a scammer who uses the method of social engineering in order to obtain the personal information of the user as well their financial details. The financial details may include the account numbers as well as the passwords.

The scammer would dial the user and would fake that the user’s bank account has been corrupted and the services have been stopped.  The scammer could ask the user to provide the relevant information which would prove that the account belongs to the said user and thereby would represent as speaking on part of the bank and could assist in installing the software. The said software was a form of malware which is supposed to stay secret for the user.

The Vishing is another form of the Phishing, which is basically in the form of the email or a text or a call or is in the form of the direct-chat message, which would obviously present that form as a trusted source. Whereas in reality it was from fake sources and the main aim was to steal the user’s identity which includes monetary profit as well.  REMOTE ACCESS

The National Critical Infrastructure Information has been another form of categories which would be a part of the cyber threat is the ‘Remote Access’. The Remote Desktop Protocol (RDP), is the Microsoft Secure Network Communication Protocol which has been made for the purpose of the remote management[13]  and the Virtual Private Network, is the secured method to shield the users privacy in the online platform and thereby secure the data.[14] The Remote Desktop Protocol and the Virtual Private Network, has acted as a monster for stealing away the user’s personal data.

The next was Small Office Home Office (SOHO) Devices  is a type of hardware device which routes the data from the Local Area Network (LAN) to another form of network connection.[15] The main purpose of the SOHO Networking is to connect the several computing devices on a single network in order to share the information efficiently.

Another category was the Invitation to fake the Virtual Connection or through the Remote Access Trojan (RAT) application URLs.  GUIDELINES ISSUED BY THE NATIONAL CRITICAL INFORMATION INFRASTRUCTURE PROTECTION CENTRE

The National Critical Information Infrastructure Protection Centre has built certain guidelines for several sectors like the leadership or the managers or for the Information Technology Team or for managing the Phishing related risks or for the employees. TO THE LEADERSHIP AND MANAGERS

The National Critical Infrastructure Information has made the guidelines in order to assist the Information Technology teams in the process of the protection of their organization which has been in the state of critical assets as well as to procure the productivity, by the staff of the employees working remotely. ISSUED FOR THE IT/IS TEAM

The next guidelines provided by the National Critical Infrastructure Information is to the Information Team. The main reason behind implementing the guidelines is to shield the critical assets of the organizations as well as to provide the permissions to the employees and the contractors to work remotely.  MANAGE EMAIL PHISHING RISKS

The National Critical Infrastructure Information has provided certain guidelines for the way of managing the risk related to email phishing. ISSUED TO THE EMPLOYEES

The guidelines have also been provided to the Employees by the National Critical Infrastructure Information for the purpose to take the control so that they can provide the shield over the assets of the organization.



Another kind of social engineering attack is ‘Phishing’. The Phishing is a process where the user data is stolen which includes the user’s login credentials as well as the credit card details. In this case the attacker is impersonated to be a trustworthy entity and thereby influences the user to open the mail or the text message or the instant message. The user is then directed to move the cursor towards the mischievous link. By clicking the link can initiate installation of the malware. The installation of the malware can sometimes freeze the system and it can also disclose personal sensitive information of the user, which is known as the‘Ransomware Attack’.


The Maze Ransomware was discovered in the month of 29th May 2019, by Jerome Segura[16]. In the beginning the Maze Ransomware was known as the “ChaCha Ransomware”.

Crypting of all files that was thought to be an infected system was the main purpose of the Maze Ransomware. After the crypting of the files, the next step was to call for a ransom in order to recover the files. Till that step, was not so threatening until the next step was disclosed. The very next step of the ‘Maze Ransomware’ was to threaten the users, whose information has been kidnapped and if they ignore paying the ransom amount then the user’s personal information would be made public in the platform of the Internet.[17]

The threat was so real, that it seriously made the users personal information public on not paying the ransomed amount. Although a claim of damage has been argued for making the information in the public, it was of no use because the disclosing of the information has caused irrecoverable intense damage to them already.

Sodinokibi, Nemty, Clop were few well known Maze Ransomware, which was ruling at that time.[18]

A prediction was made with regard to the Maze Ransomware in the year 2019, that the process would even the unwilling one or the ignored one to pay the ransom money even though they have not been willing to pay the money for the decryption.[19]


In the pandemic situation of the COVID-19, there has been an increase in the malicious cyber threats. It has found that the actors of the cyber threat used the name of the ‘COVID-19 or of the coronavirus for creating the malicious files and thereby using the tricks so that the users click them, and the virus can enter their computer memory.

‘Eeskiri-COVID-19’ where the term “eeskiri” is obtained Estonian and it means ‘rule’. The ‘Esskiri-COVID-19’ means a kind of keylogger which has been camouflaged as a site which depicts a helping site for the COVID-19. After the keylogger has been unpacked by the user mistaken as a COVID-19 helping site, assemble all the data and thereby the keylogger has been set up, which would act as a medium to transport all the information to the ‘mail drive[.]cu’.

The address for obtaining such a keylogger is “”. The cyber threat actor can visit this address and can conduct the research as well as can prepare the setup for the ‘Eeskiri-COVID-19’. The site provides a button known as ‘Get Sample’, which would provide a sample of the attack.

Thus, it’s a process of confusing the user and making a way for sending the virus which could obtain all the personal data credentials from the user.


The Cyber threats have been reaching a higher level on the birth of the pandemic situation the COVID 19. The individuals who were an expert or we can say ‘Prolific and opportunistic criminals’has taken an edge of the COVID-19. pandemic situation and thereby given birth to a variety of cyber-attacks.

In order to magnify the social engineering tactics in the pandemic situation of COVID-19, has taken help of the dedicated malwares.

Some of cyberthreats which has been identified are as follows-


Remote Access Trojan is a form of Data- Harvesting Malware which provides the information theft or the spyware or provides an access to the banking Trojans infiltrate systems, and thereby making use of the information related to the COVID-19. This has resulted in the compromised networks as well as has steal the data or they divert the money and built botnets[20] which is also known as the “Robot Network”.  BOTNETS

The Botnets can take control of your computer and use it to send spam to millions of Internet Users.[21]

So, what are the Botnets!! The answer is they are the internet workhorses. The ‘Botnets’ are connected to the computer systems by carrying out a number of recurring tasks in order to keep the websites ongoing. Generally, the Botnets are often used in the premise of the Internet Relay Chat.


In the premises of the hospitals and the medical centers, the response institution and the critical infrastructure, where the cybercriminals have deployed disruptive malware like the ransomware. As due to the COVID-19, pandemic situation, the hospitals and the medical centers have been crowded and thereby facing health crises. The main purpose of the ransomware or DDoS is not to steal the information instead of that the main purpose of the ransomware or the DDoS is to stop from obtaining the critical data or to disrupt the system or to aggravate the already dire situation in the physical world.


In the COVID-19, pandemic situation, the cybercriminals are inventing dupe websites in connection to the COVID-19, in the intention to convince the victims by opening the malicious attachments or by inducing the victims to move the cursor towards the phishing links. These kinds of activities would cause the victims could result in the identity impersonation or it can also grant an access to the victim’s personal accounts. Since January 2020, Trend Micro has reported that there have been spam messages calculated nearly about 1 million, which has been in connection to the COVID-19, pandemic situation.

A scheme has been preferred i.e. the Business Email Compromise (hereinafter known as the BEC). The said scheme is in connection to the spoofing of the supplier as well the clients addresses. It also attempts to use almost similar email addresses. These preparations initiate the process of attack in cyberspace.

The utmost needs arose for the key supplies which provide an absolute proper background for the cyber criminals to reap the details of the victims and thereby open the paths to procure monetary benefits from such accounts.


In the present scenario of the COVID-19, a variety of malicious domains has been developed with the criminal intention in the month of March,2020. As per the Palo Alto Networks, around 40,261 risky registered new domains as well as 2,022 malicious.


The cyber threats have been found exploiting the vulnerabilities of the areas such as applications, networks, and systems which were used in the sectors like the business or the government or the schools, for helping them to adjust as well as to cope up with the staff who has been working remotely due to COVID-19 pandemic situation. As in this situation there has been an increase in the usage of the online tools by the individuals, there has been an increase in the virus as well as the cyber thefts are always looking for an opportunity to steal the data and thereby makes profits from such a situation.


In the COVID-19, pandemic situation, the individuals, the businesses or even the infrastructure has been prone to the cyberthreats. Thereby, causing injury which included the changing dimensions in the social as well as in the economic sector.

The increase in cybercrime has made the criminals search for other paths for taking advantage of the pandemic situation.

Thus, keeping in mind the present scenario, certain developments can be expected in near future like-

  1. As a result of the pandemic situation, the economy would be bound to shut down as there has been an increase in cybercrimes such as the Business Email Compromise, online scams as well phishing. This could make a shift in the business environment. Thereby, birth of several new criminal activities can be witnessed.
  2. Next, an event which can be witnessed that there would be an increase in the cybercriminals who would be taking advantage of the ‘cybercrime-as-a-service’, which will be available easily. These kinds of platforms would be less costly as well as yield high returns.
  3. Spoofing as well as misuse of the digital content would be the base of aiming the personal information of the individuals by the cyber threat actors.
  4. Exploitation by the cyber criminals could increase as the business, schools and even the government. As these sectors have become dependent on the virtual world, including its accessories. The online connectivity has provided the employees an option to work from home and this has been the main reason behind the increase of advantage of the cyber threats.


“It’s our responsibility to protect Critical Information Infrastructure of India. We are prepared to defeat COVID-19 Cyber Threat together.”

The National Critical Information Infrastructure has taken a pledge of protecting the cyber world from the cyber threat during the pandemic situation of COVID-19.

The COVID-19, situation is not in the hands of anyone who can control, nor the end is known to anyone. The situation has made everyone helpless as they cannot lead a normal life as the previous days. Moving towards the cyberworld, every individual whether in the form of the employees or teachers or students have donated their lives to the world of the cyber.

The COVID-19 pandemic situation is impromptu, on the other hand a path of learning has opened. A set up of several training as well as awareness programs has been built which is important for the employees and for the management.

A call for action situation has been built in the COVID-19, which has forced the employees to work from home, which opens the gates for the critical information to the hands of the cyber threat’s actors.



[2] Top 20 Cybersecurity Quotes You Need to Hear – Secure World, Secure World Expo (Nov 14, 2018),

[3] The 16 Most Common Types of Cybercrime Acts, VoIP Shield  (Feb14, 2018),

[4] Learn about Malware and how to tell if you’re infected, Malwarebytes,

[5] What is a Computer Virus?,  Definition from,

[6] What Is A Computer Virus?, Norton (Aug26, 2018),

[7] What is a computer worm and how does it work? , Norton,

[8] What is a Computer Worm and How Does it Work?,

[9] What is spyware? And how to remove it, Norton,

[10] Spyware – What Is It & How To Remove It?, Malwarebytes,

[11] What is a Trojan? Is It Virus or Malware? How It Works | Norton,

[12]Ransomware explained: How it works and how to remove it, csoonline (Nov13, 2017) ,

[13]What is remote desktop protocol (RDP)?, Search Enterprise Desktop,

[14] “The Best VPN Services for 2020 | PCMag.”

[15] Dr. Hatice Ozhisar, What is SOHO and which SOHO network is to choose?, HaticeXinterior,

[16][no signal]

[17]Sergui Gatlan, Maze Ransomware Demands $6 Million Ransom From Southwire, Bleeping Computers (Dec 12 ,2019, 11:56 AM),

[18] Lawrence Abrams, Nemty Ransomware to Start Leaking Non-Paying Victim’s Data, Bleeping Computer (Jan 13, 2020, 3:05 PM),

[19] [no signal],

[20] “What is a Botnet? – Norton.”

[21] Id.