The Internet of Weapons: How Everyday Devices Power Global Botnets

Reading Time: 5 minutes

Category: Digital Warfare

Author: Tim Timmermans

Summary

This article explores how billions of everyday connected devices – routers, cameras, and even smart home gadgets – are being hijacked into massive IoT botnets. It explains how these networks form, their growing role in cyber warfare, and what individuals and organizations can do to stay protected. The takeaway: in the digital era, even a smart light bulb can become a weapon.

Every second, billions of connected devices quietly keep our world running: streaming shows, monitoring homes and automating daily routines. But these same conveniences are being quietly misused.

Smart fridges, routers and cameras are increasingly being hijacked and turned into parts of massive botnets: networks of infected devices that can flood servers with traffic and bring down websites, platforms and even parts of national infrastructure.

In October 2025 researchers recorded attacks peaking at 29.6 terabits per second¹, showing how deeply these systems have infiltrated everyday life.

How a Botnet Attack Works

Most large botnet attacks follow a familiar pattern:

1. Scanning. Attackers search the internet for devices with weak passwords, outdated firmware or exposed services. The Mirai botnet in 2016 spread by guessing simple credentials like “admin:admin”² on thousands of routers and cameras. Many of those same models remain online, still unpatched³.

2. Infection. Once found, a device is quietly infected with malware that links it to a control network. Some older botnets depended on a single command server, but modern ones like Mozi use peer-to-peer communication to stay alive even when parts of the network are taken down⁴ ⁵.

3. Attack. When activated, each compromised device starts sending large volumes of fake requests. Individually these are harmless, but together they overwhelm servers. A wave of cameras, routers and smart speakers can quickly take a website or service offline. What once took a coordinated group of hackers now requires only automated code running on thousands of ordinary household devices.

IoT Botnets in Modern Warfare

Beyond financial gain, IoT botnets are now used as tools of geopolitical pressure and digital conflict. During the Russia-Ukraine war, DDoS attacks powered by compromised IoT devices targeted Ukrainian government sites alongside military operations⁶.

State-sponsored actors increasingly deploy botnets to disrupt critical infrastructure, banking systems and communication networks while maintaining plausible deniability.

Research links surges in DDoS activity to conflicts in regions such as India-Pakistan and Iran-Israel⁷ ⁸, with significant increase in DDoS attacks was recorded during these events, many powered by infected IoT devices. This demonstrates that modern cyber operations often rely on consumer technology to achieve strategic disruption without physical force.

Real-World Examples of Large Botnets

Mirai. One of the first large IoT botnets, Mirai targeted the DNS provider Dyn and temporarily knocked major platforms such as Netflix, Twitter and GitHub offline². It revealed how consumer devices could be weaponized through automation.

Meris. Exploiting vulnerabilities in MikroTik routers, Meris infected an estimated 250,000 devices worldwide⁹. One of its attacks peaked at 17.2 million HTTP requests per second⁹, proving that even older networking gear can cause global outages if left unsecured.

Mozi. Built from elements of earlier botnets, Mozi spread through weak Telnet passwords and outdated router software. It has since generated most of the IoT-based traffic seen in global botnet monitoring⁴ ⁵.

Everyday Devices, Extraordinary Risk

The same technology that simplifies life can be turned against us. Smart thermostats, baby monitors, light bulbs and even electric toothbrushes often connect to the internet with little protection. Once compromised, they can serve as small but constant sources of attack traffic.

Important factors that make these devices interesting targets:

  • Always on: devices rarely shut down, giving attackers reliable uptime.
  • Default settings: about 86% of home routers still use factory passwords.¹⁰
  • Outdated software: many devices no longer receive security updates after a few years.
  • Network position: routers and smart hubs sit between home networks and the internet, making them valuable for attackers.

How to Protect Your Own Devices

Keeping your devices secure doesn’t require advanced technical skills, just consistent attention:

  • Change default passwords immediately and use unique credentials.
  • Enable automatic updates or check for firmware upgrades regularly.
  • Disable features you don’t use, such as remote access or universal plug-and-play.
  • Replace unsupported devices that no longer receive security patches.

For businesses and service providers, isolating IoT devices from other systems and devices, and monitoring for abnormal traffic are key defenses⁵.

Conclusion

IoT botnets are an active part of both the global economy and modern conflict. They exploit the same consumer products people rely on every day, from routers to smart appliances, turning convenience into a point of weakness.

As governments and security providers tighten defenses, attackers continue to adapt, leveraging household technology for large-scale impact.

References

  1. KrebsOnSecurity. (2025, October 10). DDoS Botnet Aisuru Blankets US ISPs in Record DDoS.
  2. Antonakakis, M., April, T., Bailey, M., Bernhard, M., Bursztein, E., Cochran, J., … & Zhou, Y. (2017). Understanding the Mirai botnet. In 26th USENIX Security Symposium (USENIX Security 17) (pp. 1093-1110).
  3. Forescout Technologies. (2025, April 9). 2025 report reveals surge in device vulnerabilities across IT, IoT, OT and IoMT.
  4. IBM. (2020, September 17). A new botnet attack just mozied into town.
  5. Microsoft. (2021, August 18). How to proactively defend against Mozi IoT botnet. Microsoft Security Blog.
  6. USTelecom. (2022). International Botnet and IoT Security Guide.
  7. NetScout. (2025). Digital aftershocks: Collateral damage from DDoS attacks. DDoS Threat Intelligence Report Issue 15.
  8. NetScout. (2025). An era of DDoS hacktivism. DDoS Threat Intelligence Report Issue 15.
  9. Akamai Technologies. (n.d.). What is the Meris botnet? Akamai Security Glossary.
  10. IBM. (2025, January 3). Router reality check: 86% of default passwords have never been changed.

FAQ

1. What is an IoT botnet?

An IoT botnet is a network of compromised smart devices (like routers, cameras, or thermostats) remotely controlled by attackers to launch coordinated cyberattacks such as DDoS (Distributed Denial of Service).

2. How do hackers take control of devices?

Attackers scan the internet for devices with weak or default passwords, outdated firmware, or open services, then infect them with malware that links to a command network.

3. Why are IoT devices so vulnerable?

Most IoT products are built for convenience, not security. They often ship with default credentials and rarely receive long-term updates, making them easy to exploit.

4. What can IoT botnets be used for?

They can flood servers with traffic (DDoS), disrupt services, or even support state-sponsored cyber operations during geopolitical conflicts.

5. How can I protect my home or business?

Change default passwords, update firmware, disable unnecessary features, and isolate IoT devices on a separate network to reduce risk.