Abstract
The novel coronavirus (COVID-19) pandemic has caused a considerable and long-lasting social and economic impact on the world. Along with other potential challenges across different domains, it has brought numerous cybersecurity challenges that must be tackled timely to protect victims and critical infrastructure. Social engineering-based cyber-attacks/threats are one of the major methods for creating turmoil, especially by targeting critical infrastructure, such as hospitals and healthcare services. Social engineering-based cyber-attacks are based on the use of psychological and systematic techniques to manipulate the target. The objective of this research study is to explore the state-of-the-art and state-of-the-practice social engineering-based techniques, attack methods, and platforms used for conducting such cybersecurity attacks and threats. We undertake a systematically directed Multivocal Literature Review (MLR) related to the recent upsurge in social engineering-based cyber-attacks/threats since the emergence of the COVID-19 pandemic. A total of 52 primary studies were selected from both formal and grey literature based on the established quality assessment criteria. As an outcome of this research study; we discovered that the major social engineering-based techniques used during the COVID-19 pandemic are phishing, scamming, spamming, smishing, and vishing, in combination with the most used socio-technical method: fake emails, websites, and mobile apps used as weapon platforms for conducting successful cyber-attacks. Three types of malicious software were frequently used for system and resource exploitation are; ransomware, trojans, and bots. We also emphasized the economic impact of cyber-attacks performed on different organizations and critical infrastructure in which hospitals and healthcare were on the top targeted infrastructures during the COVID-19 pandemic. Lastly, we identified the open challenges, general recommendations, and prospective solutions for future work from the researcher and practitioner communities by using the latest technology, such as artificial intelligence, blockchain, and big data analytics.