The week in security: The IoT DDoS apocalypse may come as soon as this week

Australia’s appointment of an official Ambassador for Cyber Affairs was well received but some warn it’s still too little, too late to catch us up with the rest of the world.

It may also be too little to help stem the growing tide of Internet of Things (IoT) threats, which have continued to grow on the back of new techniques exploiting surveillance cameras, the explosion in intensity thanks to the public availability of the Mirai botnet source code, and a reluctance by US legislators to clamp down on IoT security.

That will be little consolation if Akamai predictions of a Thanksgiving and Christmas holiday-season IoT-driven DDoS apocalypse come true – particularly since many security experts believe fighting DDoS attacks requires a co-ordinated global response, that damage from the attacks could spill over into the real world, and that government intervention is the only viable way to improve IoT security.

Others believe the US government may intervene in security in a different way by weakening encryption if it continues to face industry hostility to its enforcement efforts. The threat of escalation of government powers is real and immediate, with US lawmakers already forced to lodge new legislation to delay the introduction of a bill expanding the government’s digital searching capabilities.

Trend Micro opened a new ANZ headquarters in an effort to both support its growing business and lock in its share of precious IT-security experts in a market that continues to suffer from what some are describing as a cybersecurity skills “chasm”. IBM was also expanding its brains trust, launching a significant cybersecurity simulation centre to test out real-world and imagined cybersecurity scenarios. The company will also tap into its Watson artificial-intelligence capabilities to stay ahead of constantly changing security threats, the head of its new X-Force IRIS crack cyber team told CSO Australia.

Security researchers demonstrated a new denial of service technique that can take down high-capacity firewalls with a single laptop, while investigation of a new malware attack found that it’s linked to a customer service-based tactic in which instigators convince support staff to open malicious email attachments.

A new online-advertising industry effort, designed to reduce exploitation of ads to spread ransomware, includes a certification program and security seals. Yet it may be businesses themselves that are doing the most to encourage ransomware by being far too lackadaisical when it comes to paying ransoms. Other businesses are simply thwarting the attacks themselves, a new report suggests – providing a glimmer of hope for businesses that feel besieged by the malicious attacks.

Google will do its part to improve browser security by blocking sites using outdated SHA-1 hashes, while an attempt by malware authors to weaponise the Ask.com toolbar was thwarted by keen-eyed security consultants. And a UK court approved the extradition of a British hacker to the US – offering rare solace for those concerned that hackers are getting away scot-free.