The Genesis:
While people across the world are struggling to keep safe from the Novel Coronavirus in this post-COVID-19 era, cybercriminals have an absolutely different outlook. The COVID-19 crisis is endangering millions of human lives and severely crippling economies of nations worldwide and amid all this commotion, cybercriminals are looking for monetary incentives to get richer by all wrong means. According to a study by IBM X-Force[1], there has been a 4,300% upsurge in coronavirus-oriented digital spamming attacks which are shockingly alarming.

Since the majority of educational institutions, businesses, and other professional organizations have switched to digital pedagogies, thereby endorsing the work-from-home model, technology is ironically our best friend as well as the worst enemy in this global pandemic. COVID-19 has coerced schools/universities to conduct online classes and examinations to ensure a coherent administration, employees in both public and private sectors are encouraged to resort to digitized channels and virtual workspaces for mutual co-ordination, and even healthcare institutions across the globe have adopted digital canons to facilitate remote counseling and diagnostic services.

Among all these noble ingenuities which demonstrate the resilience and sheer determination of human beings to come through this pandemic, cybercrimes are at their zenith. The following article aims to determine some of the major technological pitfalls and the varieties of cyber-crimes that are extremely prevalent in this pandemic. The latter half of the article deals with suggestions for the road ahead and how to safeguard ourselves from becoming a potential victim of cyber-crime.

Assessing The Threat At Hand:

While Coronavirus usually spreads to a couple or a few more people without adequate social-distancing measures[2], digital viruses have a far more influential domain of infection. The 2003 Slammer/Sapphire worm, proclaimed to be one of the fastest internet worms in history, doubled in size approximately every 8.5 seconds, scattering to over 75,000 infected devices in under 10 minutes and 10.8 million devices in a single day.[3] Therefore, there is barely any rivalry between the potential of the corporeal Coronavirus and its cyber counterparts.

Now, if we try to equalize the economic impact of the nationwide lockdowns which were enforced in most of the major nations all around the world, with an imaginary global cyber-lockdown, the assessed economic impact is catastrophic to comprehend. The COST (Cost of Shutdown Tool) calculator by NetBlocks.org[4] evaluates that if the world imposed one day of a total shutdown of internet services, it would account for a loss of more than $50 billion. A single-day of cyber lockdown imposed in India would estimate losses equaling Rs72,568,811,964.

Therefore, it is apparent enough that shutting down internet services is futile to safeguard ourselves from cyber threats and such measures would summon more harm than good.

Types Of Potential Cyber-Attacks To Watch Out For:

1. Malware Attacks:

   Malware based attacks are growing extensively popular in this pandemic. Such attacks maliciously infect our devices without our knowledge and the malware installed thereby might steal our sensitive information or any vital log-in credentials. Popular malware applications include coronavirus tracking/mapping applications which might spy on us through the microphone and cameras of our mobile devices and they possess several other surveillance features under disguise.[5]
   
   Section 43 of the Information Technology Act, 2000, hereinafter referred to as the “IT Act” inter alia, criminalizes the offence of accessing a computer system/network without the prior approval of its owner. Any act of mining data or causing interruptions in the regular functioning of the system imposes a compensatory fine on such offenders. Section 43 of the IT Act provides for the main substructure dealing with unauthorized hacking attempts as well as other malware-related episodes.
    

2. Phishing Attacks:

   Phishing attacks or counterfeit e-mail attacks are one of the easiest yet fruitful cyber-attacks to execute. Phishing attacks are among the favorite forms of cyber-attacks of amateur cybercriminals because they appear legitimate to a majority of end-users who lack any technical expertise and they possess the potential of making easy-money with the least exertion. A popular example of prevalent phishing attacks these days is receiving e-mails from a person who claims to be a WHO official who requests the receiver to visit some URL in order to know more about the virus or to answer a survey. This might look harmless at first blush but such emails or even URLs might contain sophisticated multi-layered payload viruses viz. Trojan: Win32, which might infect the victim's device.
   
   Phishing attacks are generally prosecuted under Section 66C of the IT Act which provides that a person is liable for being punished into incarceration up to 3 years along with a monetary fine extending up to one lakh rupees, in case he fraudulently or dishonestly attempts to make use of the electronic signature/password/digital signature or any other miscellaneous provision concerning the identification purposes of another individual. Furthermore, Section 74 enunciates a penalty of imprisonment up to 2 years with a fine up to one lakh rupees in case of fabricating a forged Electronic Signature Certificate.
    

3. Text Message (SMS) Attacks:

   SMS attacks are similar to E-mail based phishing attacks with the key distinction being that in these attacks, the adversaries try to trick their victims to click a URL or donate to an agency by texting them from a temporary digital service provider on their mobile device. Since some users click on the links erroneously mistaking the adversaries to be genuine authorities, their private data or log-in credentials are quite perceptible to be compromised.
   
   Section 66D of the IT Act articulates the offence of using a computer resource (inclusive of mobile phones, tablets, laptops, etc.) for cheating by impersonation. Such offences are punished with imprisonment up to 3 years along with a fine extending up to one lakh rupees.
    

4. Fraudulent Mobile-based Applications:

   A lot of fraudulent applications are being continually released on mobile application markets by Cyber fraudsters which include both iOS and Android platforms. Users might be tempted to install such applications because of some free perks associated with an installation such as complimentary masks, PPE kits, cashback offers, etc. These proxy applications from third-party developers who claim to be authentic WHO/Central Government authorities efficaciously con the users by delivering malevolent malware in the background post-installation and the majority of users remain ignorant to remove or uninstall such applications being conversant with their fallouts. Robust malware programs are susceptible to persist in the mobile's operating system even if, the mother application via which it was delivered is uninstalled.
   
   On June 29, 2020, taking into account the conceivable threats to national security and sovereignty, the IT Ministry under the Government of India invoked its power under Section 69A of the IT Act, 2000 read with the relevant provisions of the Information Technology (Procedure and Safeguards for Blocking of Access of Information by Public) Rules, 2009, to ban 59 Chinese applications including some widely popular ones viz. TikTok, WeChat, Cam Scanner, Xender, Shein, Club Factory, Clash of Kings.[6]
    

5. Unified Payment Interface (UPI)/Donation Scams:

   UPI is an instantaneous real-time payment system which assists the user to instantly transfer funds between two bank accounts through a mobile device. Some of the popular UPI-based payment platforms in India include PhonePe, Google Pay, BHIM UPI, Paytm UPI among others. Opportunist cybercriminals have turned adversity into pecuniary prospects in this pandemic by creating a surfeit of identical fake UPI IDs representing governmental charity accounts like PMO Care Funds, WHO Global Relief Fund, PM-Care Fund, etc. Apparently, half a dozen identical websites were created similar to PM Cares Fund established by PM Narendra Modi in a matter of a few hours as soon as the initiative was publicly broadcasted.[7]

Section66D of the IT Act, 200 could be read in synchronicity with Section 419 of the Indian Penal Code, 1860, which provides for superficial instances of cheating by impersonation. On account of the Sony.Sambandh.com case (Arif Azim vs. CBI, 2003)[8], the accused was convicted u/s 419 of the Indian Penal Code read with Section 66D of the IT Act, for deceitfully stealing the credit card details of an American national citizen and using it to order Sony products from a website operated by Sony India Pvt. Ltd. to exclusively enable non-residential Indian citizens to gift Sony products to their friends or family members.

While these attacks are barely a drop in the ocean in the realm of budding cyber-crimes, these attacks are predominant in frequency and inclined towards single-individuals to possibly encounter. However, to be cognizant and keep safe from the various other forms of cybercrime and cyber offences which could target small/large scale businesses or other established enterprises, we must always keep up with the recent developments in the field of cybersecurity so as to be conversant with its perilous fallouts.[9]

Steps To Stay Digitally Uninfected:

Below are some recommended security measures via which we can ensure that we remain aloof from any cyber vulnerabilities which might sneak into our devices.

Refrain from clicking any suspicious URL or hyperlink unless you are absolutely positive that it's trustworthy or from a credible origin.

Double-check the email-ID/phone number to affirm the true identity of the sender even if he/she happens to be someone close or a professional acquaintance.

Use different passwords for different websites, especially for banking and financial applications/services, and ensure that the passwords are a homogenous combination of alphabets, numbers, and special characters.

In light of the above note, please do not share your passwords with any near or dear ones irrespective of the intimacy in your interpersonal association.

Use password manager applications like LastPass, 1Password, Dashlane, etc. to help store and auto-fill multiple encrypted passwords for all different services you might use.

Use two-factor authentication (2FA) features for all services which support the service to receive an additional OTP confirmation on your mobile device. Even in case, your password gets compromised, it's unlikely that your phone will be in the possession of the hacker. Services that support 2FA include Gmail, Instagram, and many more.[10]

Avoid using unprotected public Wi-Fi networks where possible and if the circumstances are inevitable, make sure to use a virtual private network (VPN) application before connecting to the network. A VPN encrypts the network connection of our devices to the public routers ensuring that no data accidentally/fraudulently leaks during transfer. Most mobile manufacturing companies like Samsung & OnePlus provide pre-installed VPN services.

Invest in a reliable antivirus software program that provides additional security for your device(s) and detect any abnormal anomalies which might be present in your device.

Never donate to counterfeit charity/donation drives without ensuring that your hard-earned money is falling into the right hands. Moreover, ensure that you never share your OTPs, UPI MPINs, card details, with any person even if he claims to be a genuine representative of the bank/company.

Regularly update your device software as well as your antivirus application whenever fresh updates are released, this ensures that your device is efficient in combatting any recently fabricated vulnerabilities which might have recently surfaced.

Bonus Tip:
Whenever you are skeptical about the legitimacy of a website or webpage which typically requires user log-in, confirm by clicking on the URL bar of the browser that the 'HTTPS' prefix appears before the domain name (website). HTTPS is a secure transfer terminal that enciphers any sensitive user data in contrast to the regular HTTP protocol. Additionally, there appears a “lock” icon on the URL bar which signifies whether the website is SSL/TLS certified. You can validate the legitimacy of a webpage by confirming that it owns a valid SSL/TLS certificate which reassures the identity of its certifying authority as well as data encryption standards.

Post Covid-19 Challenges For Cyber Security:

Since the threat of COVID-19 is expectantly ephemeral, it will positively collapse someday. But this will again obscure the landscape for the IT as well as cybersecurity personnel as they have proactively toiled themselves to adapt to this pristine way of life in quarantine. Bearing the aftermath in our minds is crucial in order to envision policies and regulations to deal with the coronavirus-free world, which seems sanguinely pleasing to the ears in the present ill-fated circumstances.

While there is a lot of ambiguity and conjectures pertaining to the future, an article by Tata Consultancy Services (India) cogently identifies six definite upshots:[11]

1. Many organizations will switch to new operating models to facilitate articulate framework along with access scrutiny to permit the previous shift systems.
2. All major companies will have to reestablish rigorous security measures to certify there are no violators to minimize potential criminal infringement attacks.
3. Upcoming cyber risks will be critically assessed to foresee any forthcoming digital disasters during the retrieval period.
4. Reassessment of corporate IT security architecture – access/support mechanism, risk/context-based security authentication measures, etc.
5. Policies to sanction remote access and carrying our personal devices will be invigorated.
6. Deployment of advanced technological utilities such as big data, artificial intelligence, machine learning, internet of things, etc. in order to simplify manual labor by developing automated comprehensive technologies to allow plans for dynamic scalability and simultaneous resolution delivery with the foresight of any probable calamity like COVID-19 in the future.

The future beholds a newfound horizon for cybersecurity and with more employees working remotely in the future, the demand for remote workforces will rise substantially.

Recommendations For The Road Ahead & The Verdict:
Although it might be extremely arduous to adapt to this unanticipated lifestyle amid this pandemic, we must not overlook a few cooperative policies which we could implement in our vocational infrastructure to tackle the ongoing scenario. A few idealistic standards which we could incorporate are enumerated below:

For Employees Working Remotely:

• Avoidance of physical presence of employees in office unless utterly necessary. Preference to those employees must be given who live in proximity to the office if work cannot be executed from home.
• Fabricating a robust digital infrastructure with baselines of digital security
• Digital sanitization of information and databases to ensure data confidentiality
• Deployment of reliable configuration standards for processing complex information
• User distribution to help segregate the work effectively
• Establishing a digital grievance redressal committee to help employees facing issues in network, hardware, or software configurations

For Healthcare Institutions:

• Informing patients about the nature of the personal data collected for examining their medical history
• Mandating prior consent of the patient, or their family in case the patient isn't sentient before utilizing any sensitive record or information
• Formulating both intrinsic as well as extrinsic regulations for reinforcing privacy measures
• Ensuring transparency in the usage of data and certifying that such policies are in harmony with the appropriate legal directives
• Deletion of redundant data once it is rendered unnecessary and of no future use

For Educational Institutions:

• Conducting online/virtual examinations as well as classes until the situation is deemed fit to reinstate physical attendance
• Implementing measures in light of academic integrity such as plagiarism checks, paraphrasing tools, etc. to minimize any potential occurrences of dishonest or unfair means during the conduction of online-based examinations
• Educators shall refrain from sharing or presenting any sensitive information to the students during online classes and they shall conduct such classes only on credible and secure digital learning platforms.
• Educational institutions must promote online payment methods to enable the students to pay their respective fees without the trouble of physically disbursing cash. It shall be the responsibility of the institutions to ensure an encrypted payment platform that facilitates all forms of modern-day payment technologies.
• The IT department of all educational institutions capable of imparting virtual education shall formulate consistent and user-friendly workarounds to help teachers as well as students to learn in a safe, secure, and tranquil atmosphere.
• Educators shall promote the significance of digital awareness and cybersecurity among the young students and inform them about the cautionary dos and don'ts of the Internet in order to secure their digital footprint.

Since COVID-19 is followed by the worst economic crises in recent history, a lot of people had to, unfortunately, lose their jobs or were victims of severe pay-cuts. Therefore, students who are not in a financial position to pay off their academic fees must not be obligated or compelled by the authorities to pay, instead, they shall be provided financial aid by the institutions until the looming contagion meet its fate. A few flexible EMI strategies could be envisaged to simplify the fiscal burden.

Nevertheless, no unnecessary fee apart from tuition fees (and any other mandatory fees) shall be acquired during the pandemic since the institutions are correspondingly saving their resources such as electricity bills, maintenance charges, etc. Likewise, teachers of extra-curricular subjects such as physical education, arts, music, et al. must not be terminated from their jobs simply because their presence is not essential in digital learning.

Although this conception might not be immensely beneficial from the standpoint of cybersecurity, no policy shall prevail over the fundamental values of humanity which are enshrined in the crux of our Constitution.

For Police Officials and Other Law Enforcement Agencies:

• Adherence to all safe hygiene practices and medical advisories curated by the Ministry of Health & Family Welfare (MoHFW) must be duly followed by the authorities.
• Sanitization protocols of accessories as well as vehicles must be stringently complied with.
• Precautionary safeguards while arrest and detention of individuals must be acquiescent with the stipulated social-distancing norms.
• Forensic inspectors handling digital devices must take due care while examining electronic devices that were in prior possession of the accused.
• Substituting physical meetings and roll calls with virtual meetings wherever possible
• Backing up any important information on secure digital servers with the aid of cloud computing technologies
• Eliminating all possible vulnerabilities from their digital infrastructure
• All law enforcement officials must be trained in basic technical expertise so that they are aware of their cyber safety on the Internet.
• A dedicated cybersecurity task force must be formed in every state of the nation to battle the uprising cybercrimes amid the ensuing pandemic.
• Lastly, the government must take immediate cognizance of the outdated and underprivileged cyber administration in most jurisdictions and extend financial as well as logistical support to the police departments.

In a nutshell, we might surmise that COVID-19 will indeed change our perspective forever towards the way we used to live by previously. With totally distinct ways of living, hygiene practices, social-distancing measures, and a transformed viewpoint about the futility of our previous administrative practices, the fight against the Novel Coronavirus is much more than its cybersecurity oriented insinuations, instead, it's the fight for collective survival as a species irrespective of any prejudicing bias such as caste, color, creed, race, or sex.

To sum up in the optimistic words of Hellen Keller, “Although the world is full of suffering, it is also full of the overcoming of it.”[12]

End-Notes:

1. Wendi Whitmore & Gerald Parham, COVID-19 cyberwar: How to protect your business, IBM (2020), https://www.ibm.com/downloads/cas/Y5QGA7VZ.
2. Bill Chappell, Coronavirus: New York Infection Rate is 'Doubling About Every 3 Days,' Cuomo Says, NPR (Mar. 24, 2020), https://www.npr.org/sections/coronavirus-live-updates/2020/03/24/820891370/coronavirus-n-y-infection-rate-is-doubling-about-every-3-days-cuomo-says?t=1588350179004.
3. Nicholas Davis & Algirde Pipikaite, What the COVID-19 pandemic teaches us about cybersecurity – and how to prepare for the inevitable global cyberattack, World Economic Forum (Jun. 01, 2020), https://www.weforum.org/agenda/2020/06/covid-19-pandemic-teaches-us-about-cybersecurity-cyberattack-cyber-pandemic-risk-virus/.
4. Cost of Shutdown Tool (COST), Netblocks.org with Internet Society, (last accessed Jul. 07, 2020, 10:55 PM), https://netblocks.org/cost/.
5. Thomas Brewster, Coronavirus Scam Alert: COVID-19 Map Malware Can Spy On You Through Your Android Microphone And Camera, Forbes (Mar. 18, 2020), https://www.forbes.com/sites/thomasbrewster/2020/03/18/coronavirus-scam-alert-covid-19-map-malware-can-spy-on-you-through-your-android-microphone-and-camera/#2dd946075fd8.
6. Yuthika Bhargava, Government bans 59 apps including China-based TikTok, WeChat, The Hindu (Jun. 29, 2020),https://www.thehindu.com/news/national/govt-bans-59-apps-including-tiktok-wechat/article31947445.ece.
7. Tech Desk, Fraudsters using fake PM CARES FUND links to dupe people; don't fall for it, The Indian Express (Apr. 05, 2020), https://indianexpress.com/article/technology/tech-news-technology/fake-pm-cares-upi-id-links-dupe-people-coronavirus-6348443/.
8. Talwant Singh, Cyber Law & Information Technology 12, Addl. District & Sessions Judge, Delhi (last accessed Jul. 12, 2020, 09:45 PM), https://delhidistrictcourts.nic.in/ejournals/CYBER%20LAW.pdf.
9. See: Bojana Dobran, 17 Types of Cyber Attacks to Secure Your Company From in 2020, Phoenix NAP Global IT Services (Feb. 21, 2019), https://phoenixnap.com/blog/cyber-security-attack-types; See also: Resource Guide for Cybersecurity During the COVID-19 Pandemic, Center for Internet Security – CIS (Apr. 20, 2020), https://www.cisecurity.org/blog/resource-guide-for-cybersecurity-during-the-covid-19-pandemic/.
10. Natt Garun, How to set up two-factor authentication on all your online accounts – An extra step of security never hurt anybody, The Verge (Mar. 27, 2019), https://www.theverge.com/2017/6/17/15772142/how-to-set-up-two-factor-authentication.
11. Prashant Deo et al., How Covid-19 is Dramatically Changing Cybersecurity, Tata Consultancy Services (2020), https://www.tcs.com/perspectives/articles/how-covid-19-is-dramatically-changing-cybersecurity.
12. Hellen Keller Quotes, BrainyQuote.com, BrainyMedia Inc. (last accessed Jul. 06, 2020, 11:11 AM), https://www.brainyquote.com/quotes/helen_keller_109208.