From industrial robots to fitness trackers, Internet of Things (IoT) devices track real-time data to underpin smart systems and allow for data-driven decision-making. and into continuously monitor, interpret, and respond to changes in their environment.
From the most advanced applications, such as autonomous robots on factory floors, to thermostats, security cameras, and even network-connected printers, IoT devices are widespread and hugely beneficial to businesses.
But along with their benefits, IoT devices also introduce new risks by expanding an organization’s perimeter and acting as easy entry points for enterprise systems.
Once attackers compromise a vulnerable device, they can steadily and stealthily push further into an organization’s systems, bringing down critical infrastructure. Threat actors may also seek to take persistent control of IoT devices to form botnets.
An IoT botnet is a network of compromised IoT devices that attackers remotely manipulate to launch large-scale cyber attacks, typically in the form of distributed denial of service (DDoS) attacks.
In October 2025, Microsoft Azure was hit with a record-breaking multi-vector, cloud DDoS attack that peaked at 15.72 Tbps and 3.64 billion packets per second. It targeted a single edge device in Australia and was later linked to the Aisuru IoT botnet, notorious for exploiting compromised home routers and surveillance cameras. Although the threat was neutralized, the attack goes to show the scale at which endpoint devices can be weaponized. The campaigns are often strikingly fast and unprecedented.
True to form, the attacks carry on in 2026.
In January, RondoDox, a Linux-based IoT botnet, moved swiftly to exploit a critical remote code execution vulnerability in HPE OneView, launching over 40,000 automated attacks that targeted government, financial, and industrial systems. The rapid assault led the US Cybersecurity and Infrastructure Security Agency (CISA) to list the flaw as a known exploited vulnerability.
Cybersecurity firm Check Point’s investigation into the botnet’s activity revealed it operated from a single Dutch IP address, highlighting the sophisticated nature of the attack. In terms of attack frequency, the United States saw the largest number of attacks, followed by Australia, France, Germany, and Austria.
The month of January also saw the Kimwolf botnet, the Android variant of the Aisuru malware, grow to over two million infected hosts. Most infections stemmed from vulnerabilities in residential proxy networks, giving attackers access to devices on internal networks. Prime targets included Android TVs and streaming devices with exposed Android Debug Bridge (ADB) services.
Later in March, a new malware strain called KadNap made its presence felt. Identified by Black Lotus Labs, the threat research and operations unit at Lumen, KadNap infiltrated over 14,000 edge devices with the majority being Asus routers. KadNap’s threat lies in its ability to enlist infected devices in the Doppelgänger proxy service, providing bad actors with a means to execute anonymous DDoS campaigns.
Law enforcement activity and shifting attacks
Law enforcement takedowns of cyber groups are a recurring feature of the cybersecurity landscape and 2026 has been no exception to this rule. agencies in the US, Germany, and Canada launched a coordinated action to quash a cluster of IoT botnets – Aisuru, KimWolf, JackSkid, and Mossad. Collectively, these botnets are estimated to have infected more than 3 million devices worldwide.
IoT attacks are relentless. They are, at best, a constant test of cyber vigilance.
Following the outbreak of the US-Iran war, Iranian hacking groups have shifted their focus to surveillance cameras with internet connectivity in Israel and other Middle Eastern countries, according to Check Point researchers.
“Starting February 28, we observed a spike in targeting of IP cameras in several countries in the Middle East including Israel, UAE, Qatar, Bahrain, Kuwait and Lebanon, while also similar activity occurred against Cyprus,” Check Point stated in its recent report.
“The attack infrastructure we track combines specific commercial VPN exit nodes (Mullvad, ProtonVPN, Surfshark, NordVPN) and virtual private servers (VPS), and is assessed to be employed by multiple Iran-nexus actors.”
How to secure devices on your network
For enterprises, IoT is part of a growing attack surface that calls for stronger safeguards. Device authentication, encryption, and DNS filtering are some practical measures you can take to limit exposure to IoT attacks.
Regularly patching software and firmware adds another layer of security by preventing hackers from taking advantage of known vulnerabilities. Opting out of non-essential, optional, or rarely-used online features further expands your devices’ safety net.
Your passwords, by far, matter more than any other security setting. Remember, it takes just one rogue IoT device to spread malware like wildfire. The risks keep multiplying – especially when your watch, phone, and desktop share the same network. Using a different password for each device and application is a simple yet impactful shield against credential-based attacks.
More devices than ever are now smart and connected. Keeping your security just as smart by proactively securing your edge devices is an imperative, not an optional test.
-
Anthropic is increasing Claude Code usage limits — here’s everything you need to knowNews The new deal will help Anthropic increase Claude Code usage limits, and API rate limits for Claude Opus models
-
Cuts are coming: is now the time to upskill?Column The fear of redundancies is very real across the tech sector – IT professionals must take control of their own skills and learning
