How IoT’s Explosive Growth Created a New Class of Cyber Weapon

Hello readers,

Welcome to the IoT For All newsletter! This week we’re talking about the future of IoT-powered cybercrime, indoor localization with microphones, 5 IoT compliance mistakes that could cost you, and more.

The Botnet Next Door

IoT is now the beating heart of a new kind of cyber siege, the raw material for the world’s most powerful cyber weapons. Since the Mirai botnet first harnessed insecure cameras and routers in 2016 to unleash a 1.5 Tbps Distributed Denial-of-Service (DDoS) attack, IoT-driven assaults have exploded nearly twentyfold. The Aisuru botnet’s recent 29.6 Tbps flood, reported by KrebsonSecurity, shattered every prior record, an exclamation point on a decade of exponential escalation. Today’s hyper-volumetric “pulse” attacks last only seconds, but they deliver damage once thought impossible, overwhelming targets faster than most defenses can even spin up.

At the center of this escalation is a shift in the business model of cybercrime, and it’s one built squarely on IoT. Modern botnets like Aisuru no longer rely solely on selling short-term DDoS attacks. Instead, they’ve turned millions of connected devices into what are known as Residential Proxy Networks (or RaaS). These networks rent out hijacked IoT hardware like smart cameras, DVRs, and home routers as “clean” residential IP addresses for credential theft, ad fraud, and other cybercrimes. The result is a steady, lucrative income stream that funds ongoing exploitation of new IoT vulnerabilities, ensuring the botnets that hijack our smart devices never run out of power or profit.

The collateral damage isn’t confined to the targets of these attacks. Every compromised IoT device contributes to a growing strain on global internet infrastructure. Major U.S. Internet Service Providers including AT&T, Comcast, and Verizon have reported seeing up to 500 Gbps of malicious egress traffic flowing out of their own customer networks during major Aisuru events. In practical terms, that means smart homes and connected appliances are unintentionally flooding the internet with attack traffic, degrading network performance for everyone around them.

The next wave of IoT connectivity, 5G, Industrial IoT (IIoT), and edge computing, will only magnify the problem, or at least its potential. These systems promise unprecedented speed, bandwidth, and uptime, but they also expand the available firepower for cybercriminals. If today’s consumer IoT networks can generate city-wide outages, the potential of compromised industrial controllers or 5G-enabled sensors operating at the network edge is even greater.

Reversing this trajectory will require manufacturers and regulators to finally bake security into the foundation of connected technology. “Security by Design” must become the standard. That means:

• Unique, cryptographically strong credentials for every device, no more default passwords.

• Automatic, signed firmware updates that fix vulnerabilities without user action.

• Transparent software supply chains through SBOMs and coordinated disclosure policies.

IoT’s potential to connect the world safely depends on closing the gap it opened in its rush to connect everything else. Until then, the same network of smart devices designed to make life easier will continue doubling as the world’s largest, most powerful cyber weapon.

📖 Top Articles

Speech to Location: Enabling Indoor Localization with Microphones

Indoor positioning, localization, and sensing have long been considered the "holy grail" of smart home intelligence. Imagine a home where devices seamlessly adapt to your presence: lights dim as you exit a room, HVAC systems optimize for occupied areas, and only the closest smart speaker responds to your commands. This level of personalization and efficient automation is precisely what indoor localization offers.

Read more

• Integrating IoT Data with Enterprise Systems: Breaking Silos for Better ROI

• IoT Security Best Practices for LoRaWAN and LPWAN Deployments

• The 7 Worst Examples of IoT Hacking and Vulnerabilities in Recorded History

• Deploying Multi-Network IoT Connectivity at Scale: A Practical Guide to SGP.32, Multi-IMSI & Satellite NTN

• The Top 4 Smart Manufacturing Companies of 2025

🔥 Rapid Fire

• Always-on eSIM connectivity built on Kigen

• Ground Control joins CLS to advance satellite IoT for environmental and infrastructure monitoring

• New Omdia research finds real-time analytics tops priorities for 82% of IoT enterprises

• IoT devices communicate with satellites via standard mobile communication protocols

• Roaming takes a back seat for IoT

• Peloton's newest tech bet: AI digital twins

• BMW uses private 5G to deliver AI automation in Hungary

• What Qualcomm's Arduino deal means for your Raspberry Pi

🎙️ The IoT For All Podcast

In the latest episode of the IoT For All Podcast, Harald Fuchs, CEO of Freeeway, and Mark van den Berg from KPN IoT join Ryan Chacon to discuss how rising data consumption in connected cars is reshaping the automotive industry and turning connectivity from a cost to a monetized service. The conversation covers IoT monetization strategies, connected cars as entertainment hubs, autonomous driving, digital services within vehicles, including payment integrations, connected cars in China, and evolving business models in automotive IoT.

YouTube • Spotify • Apple • YT Music • Amazon

🗓️ Events & Webinars

📖 White Papers & eBooks