Druva: Election Cybersecurity Should Be Addressed with Cloud Voting
…to secure the most critical parts of our government infrastructure, and this would require no more or less security than that.
CF: How difficult/costly would switching to an authenticated cloud-based approach be?
WCP: It would require heavy development and testing, including penetration and other attack testing. It would have to be implemented and tested slowly, well in advance of any election cycle. This means, of course, that it isn’t possible to do this before the next election.
CCPA Compliance Deadline Looming
The pandemic has delayed a number of government initiatives. But California’s Attorney General isn’t giving companies any leeway when it comes to complying with the California Consumer Privacy Act (CCPA)
CCPA enforcement starts on July 1. And the California Privacy Rights Act (CPRA) is getting closer to the November 2020 ballot. There are a number of things both businesses and consumers need to consider, even if they aren’t based in California.
Dan Clarke is president of IntraEdge. It’s the the company behind Truyo, an Intel-backed General Data Protection Regulation (GDPR)-and CCPA-compliant data privacy platform.
Companies that are non-compliant with CCPA can expect the attorney general to issue a 30-day notice to cure, Clarke said. The attorney general has said he is not taking non-compliance lightly, he said.
“In addition, a business could get consumer-oriented complaints via the complaint form, which could lead to potential damage to the brand’s reputation,” he said. “And lastly, the fines can reach upwards of $2,500-$7,500 per incident if intentional.”
It could be too late to become compliant before the deadline, Clarke said. However, that doesn’t mean companies should continue to neglect it, he said.
“Companies should have been compliant since Jan. 1,” he said. “And at a minimum companies should have the proper and visible notice, be able to intake and process privacy rights requests and create evidentiary logs.”
An end-to-end automated solution is crucial to ensure a rapid response and the ability to scale with any privacy needs, Clarke said.
“Organizations should evaluate technology with the ability to track and log requests, reporting the type and number of requests made by each individual for auditing purposes, and streamline identity validation communication with data subjects,” he said.
The CPRA expands on CCPA by creating new privacy rights allowing consumers to stop businesses from using sensitive information. It also extends the exemption of employment data, safeguards the selling of a minor’s data by tripling the fines. And it establishes an enforcement body in the California Privacy Protection Agency.
“Organizations should have CPRA top of mind,” Clarke said. “It is still unclear whether or not it will pass come November, and they should have a pass/no pass strategy in mind.”
Watch Out for Glupteba
One of the most noteworthy trends in cybercrime right now is the commoditization of attacks. That means anything a cybercriminal needs is available at a price.
That includes networks of infected devices that can be harnessed to distribute malicious content. Glupteba, for example, is a backdoor that has evolved into a stealthy and complex malware-distribution network.
This week, SophosLabs published a report that examines the latest tools, techniques and procedures used by Glubteba, particularly its ability to avoid detection and secure persistence. Other key findings from SophosLabs’ research include:
- Glupteba infects a computer to deliver additional malware payloads without being readily detected.
- One of the most common payloads is a cryptominer. However, once installed in a victim’s network, it can download and execute additional tools to exfiltrate device data, install rootkits and more.
- Glupteba’s developers have spent an inordinate amount of time working on features to conceal the bot from detection.
Andrew Brandt is Sophos’ principal researcher. He said the normal, general precautions apply here as much as anywhere else. Don’t run stuff you shouldn’t, keep everything patched and always make sure you have some sort of malware protection on your computer.
“The malware appears to be relatively prolific on illicit download sites,” he said. “We’ve found a lot of samples by hunting through the kinds of places people end up when they’re looking to download pirated software. They’ve managed to bundle themselves into a lot of games, as well as commercial applications like the Adobe creative suite.”
This is a major update to Glupteba since it was first observed three years ago, Brandt said.
“We know they’re interested in using…