DDoS’s Newest Minions: IoT Devices (Volume 1)

The latest evolution of cyber weapons is brought to you by the default passwords in Internet of Things (IoT) devices.
October 08, 2016
22 min. read


The latest evolution of cyber weaponry is brought to you by the default passwords in Internet of Things (IoT) devices. That includes just about every conceivable modern electronic device—from home thermostats, lighting systems, refrigerators, cars, and water meters, to personal fitness devices, toasters, bicycle helmets, toys, and even shoes and clothing.

Today, the number of Internet-connected devices is estimated to be around 15 billion; bullish predictors are claiming that number will reach 20 billion by 2020. Because many users either don’t or can’t change the default passwords, these devices are being used by hackers as the latest minions in their armies of botnets. Why? Because they’re ripe for the picking, and most attackers don’t possess the resources they need to generate enormous distributed denial-of-service (DDoS) attacks—at least, not without your help.

In this report, we look at the growth of IoT devices as DDoS attack tools, who is on the hunt for these devices, how they're using them, and which attack trends are emerging.

A sample from the Report: The top 20 countries hunting for IoT devices

Here are some high-level observations:

  • China, a major player in cyber-attacks, is unlikely to stop censoring the Internet in its own country or dial back its cyber opposition forces and nation-state espionage activities.
  • Global leaders like the US, Canada, and members of the EU will continue to be top monetary targets because they are strong financial sectors. As a result, a lot of today’s malware is targeted at the financial industry specifically, especially since the release of Zeus in 2011.
  • China, Russia, Ukraine, Brazil, and India will likely remain the top five countries from which DDoS attacks are launched.
  • China, followed by Russia, Romania, Brazil, and Vietnam, are the most likely countries where Command and Control (C&C) servers will be located.

To see the full version of this report, click "Download" below.

Join the Discussion
Authors & Contributors
Sara Boddy (Author)
Justin Shattuck (Author)

What's trending?

What Is Zero Trust Architecture (ZTA)?
What Is Zero Trust Architecture (ZTA)?
07/05/2022 article 13 min. read
What Is Access Control?
What Is Access Control?
02/09/2022 article 15 min. read
What is Multi-Cloud and How Does It Affect Security?
What is Multi-Cloud and How Does It Affect Security?
11/03/2021 article 13 min. read