Tag Archives: Cybercrime

Why is Online Voting Not a Good Idea?

pandasecurity-MC-online-voting

Online voting could introduce great risk into the election system by threatening voters

It’s the 21st century, and we are living in the future as technology is advancing at a rapid speed. It has never been easier to shop online and to do online banking. It is possible money will even cease to exist as blockchain digital currencies such as Bitcoin and Monero are gaining more and more popularity. At least here in the US, we rarely hold paper money with us anymore – all we see is a number on our internet banking profiles. And in the rare cases where you get a check, you no longer have to wait to deposit it at a bank, you skip the lines by using your banking app to deposit it from your phone.

Our lives are already online, should technology advancement keeps its steady growth, by the end of the century there will be mass production of driverless cars, and we will become interplanetary species. Scary and exciting at the same time as trips to Mars might be possible in our lifetimes.

Every process imaginable is getting improved thanks to technology. There is an app for everything except one – the voting system. When it comes to Presidential elections, what we still do is voting using physical ballots. Sounds archaic, doesn’t it? Our research shows that this is not going to change anytime soon. Here’s why;

Voter Fraud

In an ideal world, individuals eligible to participate in the elections will be assigned with login details that they will be able to use for casting votes. However, we all know people who sometimes are negligent towards the level of security of their login details. Individuals who are not tech savvy may end up swindled into sharing precious information with the wrong people. Or even worse, those login details may end up for sale online.

Another fraud related problem would arise from the fact that people’s addressed and information will have to be stored on third party servers to be used as a tool to verify their identities. Having so much sensitive information in one place might turn out to be a disaster should such database get pampered with. Regular folks might be stopped from the ability to cast a vote due to incorrect address adjustments, and bots might be added to the databases creating armies of fake voters.

Security

The inability of current technology to ultimately protect the elections from outside interference is one of the main reasons why online voting is not possible at the moment. Or at least it is not a good idea for a country the size of US. A possible cyber-attack could do so much damage that it may end up changing the future of the world, or render the elections’ results unusable.

One of the most prominent skills knowledgeable hackers have is to cover their digital traces after an attack; a successful hack may not only alter the elections but also may make us unaware that the breach ever happened. The possibility of such outcomes makes ordinary people, as well as experts, unable to trust online voting.

Privacy

Last but not least, elections are supposed to offer anonymity. Paper ballots do not leave a record of the person casting a vote. Online voting might not be able to protect people’s privacy as third parties involved in the elections might be able to see how certain people vote through the digital tracks left in the system. This raises a whole lot of ethical question and kills the entire idea of the elections.

In the free world, everyone willing to cast a vote deserves the right to remain anonymous and execute their right of voicing an opinion without any repercussions. Online banking or shopping transactions are based on your identity, where companies can confirm you are the one behind the screen. With online voting, this would not be a problem too, but the outcome needs to remain anonymous as you do not want people to be able to see who you voted for.

There have been speculations that the solution might be hidden in Ethereum’s smart contracts. The blockchain-based computing platform features smart contract capabilities that might hold the key to anonymous yet secure online voting. However, it is more likely for us to populate Mars before we develop an online voting solution smart enough to process 220 million votes in a night correctly.

The post Why is Online Voting Not a Good Idea? appeared first on Panda Security Mediacenter.

Read More

The Ways Cybercrime Has Changed in 2017

With thousands of infected computers and millions of dollars lost, the latest ransomware attacks are surely marking the trends to come in the increasingly lucrative field of cybercrime. This, together with the exponential proliferation of connected devices on the IoT, as well as covert cyberwar, sets the stage for cybercrime to come.

More malware, more sophisticated than ever

Incidents from unknown threats went up 40% in this year’s second, according to the latest data collected by PandaLabs in their quarterly report. These attacks are carried out with malware that is unrecognizable to signature-based antivirus solutions, and also evades heuristic detection, indicating a considerable increase in the amount of new malware. As the PandaLabs report points out, small and medium-sized enterprises generally account for the most-targeted victims of these new malware attacks, but home users are more affected by this malware in terms of sheer numbers,

Increased sophistication means that much of the malware we’ve seen uses legitimate system tools to exploit vulnerabilities, something that is especially critical in professional environments. Over the course of 2017, more than 150 million attacks are expected, of which a large percentage will seriously affect companies. We’ve already discussed the growing economic impact that could reach almost three billion dollars in losses in 2017. However, other vectors should be considered, such as the IoT and the troves of data it connects to. Also of note is the increasing probability of being caught in the crossfire of a cyberwar between two world powers, as international cyberespionage continues to rise.

Ransomware, the “fashionable” attack

We can’t stop talking about the attacks that have caused the most impact in the past few months (and which incidentally are some of the most brutal cyberattacks in history). Both WannaCry, which has affected more than 150 countries, causing losses of up to four billion dollars, and the subsequent Petya/GoldenEye incident, whose economic impact was infinitely lower, wreaked havoc on corporate networks the world over. Regardless of who’s responsible for the attacks, their sophistication belies a budding professionalism and simmering hostility in the underworld of cybercrime.

We can no longer deny that there is indeed a cyberwar being waged, sometimes covertly and sometimes not. Often, the perpetrators appear to be institutional (governmental, to be more specific), a hypothesis that can be further justified by looking at the chosen targets of these attacks (especially in the case of Petya/GoldenEye). But it is also important to note that these ransomware attacks take advantage of vulnerabilities found in legitimate system tools, and can therefore be classified as zero-day attacks.

The EternalBlue exploit is at the center of these attacks. It had already been patched by Microsoft before the events took place, but many users had not updated their systems. If on a network of hundreds of computers just one employee fails to update with the patch, the entire network is exposed to the wave of ransomware.

Smart Cities are especially vulnerable. In some cases, the attacks not only resulted in the loss of data, but also brought entire systems down, leading to the interruption of public services. From blackouts to blocked devices, such as cameras or traffic signals, the consequences of recent attacks show that the future of cybercrime can seriously hinder our digital life as we know it.

Fighting advanced cyber attacks

Corporations and home users alike must be constantly vigilant, and that means constantly updating systems and using advanced cybersecurity solutions that can stop an attack before it is able to penetrate the network. And how can we protect ourselves from vulnerabilities we don’t even know exist? More modern solutions address the problem by monitoring systems in real time and are triggered by suspicious behavior (and not known signatures or heuristics). So despite the proliferation of unknown malware, users can stay protected at all times. This is the secret of the advanced technology of Panda Adaptive Defense: to prevent the attack before it happens.

The post The Ways Cybercrime Has Changed in 2017 appeared first on Panda Security Mediacenter.

Read More