A security researcher claims to have established the identity of a programmer behind the code that carried out some recent crippling online attacks.Late last year, hundreds of thousands of connected devices were hacked and used to send debilitating surges of data to servers. These so-called Internet of things (IoT) botnets, made up of hardware such as Internet-connected cameras and broadband routers, were used to take down websites and Internet infrastructure. The most notable attack affected large swaths of the East Coast of the U.S.

Source: Researcher Claims He’s Identified a Co-creator of a Massive Internet of Things Botnet | MIT Technology Review

Cybercriminals will use distributed denial of service (DDoS) attacks in 2017 to extend their reach as there are now several Internet of Things (IoT) devices containing outdated codes and operating with well known vulnerabilities, a global security firm warned on Monday.

According to Sophos, global network and endpoint security firm, financial infrastructure is at greater attack risk as the use of targeted “phishing” and “whaling” continues to grow.

Source: Internet of Things based DDoS attacks to rise in 2017: Report | The Indian Express

A consortium of researchers today announced the development of a universal, free, and open-source framework to protect wireless software updates in vehicles. The team issued a challenge to security experts everywhere to try to find vulnerabilities before it is adopted by the automotive industry.

The new solution, called Uptane, evolves the widely used TUF (The Update Framework), developed by NYU Tandon School of Engineering Assistant Professor of Computer Science and Engineering Justin Cappos to secure software updates. Uptane is a collaboration of NYU Tandon, the University of Michigan Transport Research Institute (UMTRI), and the Southwest Research Institute (SwRI), and is supported by contracts from the U.S. Department of Homeland Security, Science and Technology Directorate.

Source: Call Issued to White Hat Hackers: Find the Flaws in New Automotive Software Updater | Yahoo Tech

Connected cars are the future for the automotive industry, with more than 90 percent of vehicles expected to have built-in connectivity by 2020. But, as more vehicles link up to the internet, lawmakers are worried about their security.On Wednesday, lawmakers introduced a bipartisan bill in the U.S. House of Representatives that would direct the National Highway Traffic Safety Administration (NHTSA) to study cyber security in vehicles. Rep. Joe Wilson, R-SC, and Rep. Ted Lieu, D-Calif., co-sponsored The Security and Privacy in Your Car Study Act, which hopes to create a standard for safety in connected cars.

Source: Federal lawmakers introduce bipartisan bill to study cyber security in connected cars | GeekWire

A recently discovered form of botnet malware has been found rapidly spreading, with more than 2 million “internet of things” devices believed to have already been infected.

Dubbed IoT_Reaper by security researchersat Chinese security company Qihoo 360, the malware is based on the infamous Mirai internet of things worm that first compromised millions of devices in 2016 — but with some noticeable differences.

Source: New Reaper malware infects 2 million-plus “internet of things” devices | SiliconANGLE

Your coffee pot, refrigerator, thermostat, and in-home security system are all connected to the internet. Or, if they’re not now, they will be one day. Sadly, as the forgotten stepchildren of internet security, these Internet of Things devices are likely doomed to a future teeming with botnets and hackers. But that doesn’t mean there isn’t hope for the ever-expanding IoT universe — even if it just so happens to be a thin one. While default passwords and poor update policies all contribute to vulnerable internet-connected devices, there are steps that both companies and consumers can take to make sure their security cameras don’t end up crashing Twitter (or worse).

Source: We can fix the broken and vulnerable Internet of Things | Mashable

On 21 October of last year, a variety of major websites—including those of Twitter, PayPal, Spotify, Netflix, The New York Times, and The Wall Street Journal—stopped working. The cause was a distributed denial-of-service attack, not on these websites themselves but on the provider they and many others used to support the Domain Name System, or DNS, which translates the name of the site into its numerical address on the Internet. The DNS provider in this case was a company called Dyn, whose servers were barraged by so many fake requests for DNS lookups that they couldn’t answer the real ones.

Source: To Secure the Internet of Things, We Must Build It Out of “Patchable” Hardware | IEEE Spectrum