The US government has taken action to disrupt four major IoT botnets (Aisuru, KimWolf, JackSkid, and Mossad) responsible for some of the largest DDoS attacks recorded, with traffic volumes exceeding 30 Tbps. These botnets compromised more than three million internet-connected devices worldwide, including routers, IP cameras, and digital video recorders that often ship with weak credentials and are rarely patched. The botnet operators monetized access by offering DDoS-for-hire services and extorting victims to sustain attacks unless payments were made. While the operation disrupted command-and-control infrastructure, it did not address the underlying security issues in millions of insecure devices still online.
- Routers (various models and firmware versions)
- IP cameras (multiple manufacturers, outdated firmware versions)
- Digital Video Recorders (DVRs) (outdated firmware versions)
- Update router firmware to the latest version by logging into the admin interface and navigating to the 'Firmware Update' section.
- Change default credentials on IP cameras by accessing the device's web interface and updating the username and password in the 'Security Settings'.
- Upgrade DVR firmware to the most recent release available from the manufacturer’s support website.
Common homelab stacks that include IoT devices, such as routers from brands like Linksys or TP-Link, IP cameras from manufacturers like Hikvision or Dahua, and DVRs from similar vendors are at risk. Impact is significant due to the potential for these devices to be commandeered into botnets.