Updated July 06, 2017 (originally published October 08, 2016) Updated July 06, 2017

DDoS’s Newest Minions: IoT Devices (Volume 1)

22 min. read


The latest evolution of cyber weaponry is brought to you by the default passwords in Internet of Things (IoT) devices. That includes just about every conceivable modern electronic device—from home thermostats, lighting systems, refrigerators, cars, and water meters, to personal fitness devices, toasters, bicycle helmets, toys, and even shoes and clothing.

Today, the number of Internet-connected devices is estimated to be around 15 billion; bullish predictors are claiming that number will reach 20 billion by 2020. Because many users either don’t or can’t change the default passwords, these devices are being used by hackers as the latest minions in their armies of botnets. Why? Because they’re ripe for the picking, and most attackers don’t possess the resources they need to generate enormous distributed denial-of-service (DDoS) attacks—at least, not without your help.

In this report, we look at the growth of IoT devices as DDoS attack tools, who is on the hunt for these devices, how they're using them, and which attack trends are emerging.

A sample from the Report: The top 20 countries hunting for IoT devices

Here are some high-level observations:

  • China, a major player in cyber-attacks, is unlikely to stop censoring the Internet in its own country or dial back its cyber opposition forces and nation-state espionage activities.
  • Global leaders like the US, Canada, and members of the EU will continue to be top monetary targets because they are strong financial sectors. As a result, a lot of today’s malware is targeted at the financial industry specifically, especially since the release of Zeus in 2011.
  • China, Russia, Ukraine, Brazil, and India will likely remain the top five countries from which DDoS attacks are launched.
  • China, followed by Russia, Romania, Brazil, and Vietnam, are the most likely countries where Command and Control (C&C) servers will be located.

To see the full version of this report, click "Download" below.


Expertly picked stories on threat intelligence

Hundreds of apps will be attacked by the time you read this.

So, we get to work. We obsess over effective attack methods. We monitor the growth of IoT and its evolving threats. We dive deep into the latest crypto-mining campaigns. We analyze banking Trojan targets. We dissect exploits. We hunt for the latest malware. And then our team of experts share it all with you. For more than 20 years, F5 has been leading the app delivery space. With our experience, we are passionate about educating the security community-providing the intel you need to stay informed so your apps can stay safe.


9 hrs

a critical vulnerability—with the potential for remote code execution—is released.