IoT Botnet
What is IoT Botnet?
IoT BotnetA network of compromised Internet-of-Things devices remotely controlled to launch attacks such as DDoS, credential stuffing, click fraud, or cryptomining.
An IoT botnet is a collection of compromised Internet-of-Things devices — routers, cameras, DVRs, smart appliances, set-top boxes — that an attacker controls via command-and-control infrastructure. Devices are typically infected by exploiting default or weak credentials, exposed Telnet/SSH services, unpatched firmware, or known CVEs in webcam and router software. Once recruited, the botnet is rented out or used directly for distributed denial of service (DDoS), proxy/anonymization services, credential stuffing, ad fraud, or cryptomining. Mirai and its many variants (Bashlite, Mozi, Echobot, Reaper) demonstrated that millions of low-cost IoT devices can generate multi-Tbps attacks. Defences include strong default-credential policies, automatic patching, segmentation of IoT VLANs, and disabling unneeded remote-management services.
● Examples
- 01
A botnet of compromised home routers using DNS amplification to flood a hosting provider with terabits of traffic.
- 02
Hijacked IP cameras sold as residential proxies for credential-stuffing attacks.
● Frequently asked questions
What is IoT Botnet?
A network of compromised Internet-of-Things devices remotely controlled to launch attacks such as DDoS, credential stuffing, click fraud, or cryptomining. It belongs to the OT / ICS / IoT category of cybersecurity.
What does IoT Botnet mean?
A network of compromised Internet-of-Things devices remotely controlled to launch attacks such as DDoS, credential stuffing, click fraud, or cryptomining.
How does IoT Botnet work?
An IoT botnet is a collection of compromised Internet-of-Things devices — routers, cameras, DVRs, smart appliances, set-top boxes — that an attacker controls via command-and-control infrastructure. Devices are typically infected by exploiting default or weak credentials, exposed Telnet/SSH services, unpatched firmware, or known CVEs in webcam and router software. Once recruited, the botnet is rented out or used directly for distributed denial of service (DDoS), proxy/anonymization services, credential stuffing, ad fraud, or cryptomining. Mirai and its many variants (Bashlite, Mozi, Echobot, Reaper) demonstrated that millions of low-cost IoT devices can generate multi-Tbps attacks. Defences include strong default-credential policies, automatic patching, segmentation of IoT VLANs, and disabling unneeded remote-management services.
How do you defend against IoT Botnet?
Defences for IoT Botnet typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for IoT Botnet?
Common alternative names include: Internet of Things botnet, IoT-based botnet.
● Related terms
- ot-iot№ 683
Mirai Botnet
An IoT malware family first seen in 2016 that recruits routers, cameras, and DVRs through default credentials and was used in the Dyn DNS DDoS that broke much of the U.S. internet.
- malware№ 119
Botnet
A network of internet-connected devices infected with malware and remotely controlled by an attacker to perform coordinated activities.
- attacks№ 329
Distributed Denial-of-Service (DDoS) Attack
A denial-of-service attack carried out from many distributed sources simultaneously — typically a botnet — to overwhelm a target's bandwidth, infrastructure, or application.
- ot-iot№ 552
IoT Security
The discipline of protecting Internet-of-Things devices, gateways, networks, and cloud services from compromise, given their scale, constrained resources, and long lifetimes.
- malware№ 201
Command and Control (C2)
The infrastructure and channels attackers use to maintain communication with compromised systems and send them instructions.
- ot-iot№ 422
Firmware Over-the-Air (OTA)
A mechanism for delivering and installing firmware updates to remote devices through wireless or networked channels, without physical access.
● See also
- № 1267Zigbee Security