Hello readers!

This week we’re looking at a record-breaking DDoS attack powered by insecure IoT, pseudonymization in IoT, the evolution of industrial joysticks, and more!

In December, a massive attack peaked at 31.4 terabits per second—enough traffic to overwhelm major service providers or disrupt connectivity across entire regions. What powered it wasn’t exotic infrastructure or cutting-edge hardware. It was millions of compromised, everyday connected devices. As IoT deployments continue to scale faster than security practices, incidents like this make one thing clear: insecure devices not only create local risk but they can also destabilize the internet itself.

The attack was attributed to the Aisuru–Kimwolf botnet and mitigated by Cloudflare, which described it as an “unprecedented bombardment.” What stood out wasn’t just the size, but the pattern. These attacks arrive as short, hyper-volumetric bursts—spiking almost instantly, lasting seconds or minutes, then disappearing. Over the past year, Cloudflare observed a dramatic jump in the potential attack capacity of this botnet family, alongside a sharp rise in overall DDoS activity. At this scale, even well-defended targets can feel the impact upstream.

IoT devices sit squarely at the center of this growth. Aisuru pulls in a wide range of compromised equipment: consumer IoT devices, DVRs, routers, and other always-on endpoints. Kimwolf, its Android-focused counterpart, expands that footprint further by targeting smart TVs, streaming boxes, and mobile devices running outdated software. These devices aren’t powerful on their own but they’re plentiful, rarely patched, and often forgotten once installed. For attackers, that combination is hard to beat.

What’s changed in recent years is how systematically this capacity is being monetized. Beyond a mere botnet, Aisuru–Kimwolf is part of a broader cybercrime marketplace. Operators rent access to infected devices as “residential proxies,” allowing attackers to hide behind legitimate-looking home IP addresses. Others sell DDoS-as-a-service packages through messaging platforms, sometimes for surprisingly small sums. The result is a mature ecosystem where insecure IoT devices quietly fuel large-scale attacks, over and over again.

Stopping attacks at this level is increasingly challenging, even for organizations built to handle extreme traffic. Techniques like carpet bombing spread traffic thinly across many destinations, keeping individual signals below traditional thresholds while overwhelming networks in aggregate. Because much of the traffic originates from residential IPs in familiar regions, it often looks legitimate at first glance. Even when attacks are mitigated automatically, the collateral effects—congestion, degraded performance, disrupted services—can still be felt.

For IoT teams, the lesson is hard to ignore. Device security issues no longer stay contained within a product or a customer environment. They add up, and at scale, they become a shared problem for the entire internet. Default credentials, outdated firmware, and unattended devices expose individual deployments, which is bad enough, but they also help power the next record-breaking attack. As IoT adoption accelerates, secure-by-default design, patching strategies, and ongoing device management are table stakes for keeping the connected world stable.

As medical care and quality of life continue to improve, the world is entering a significant aging phase. By 2030, one-sixth of the global population will be 60 years or older. Ensuring their well-being has become a shared priority for our society. Because many seniors live alone, they often face hidden risks in their daily lives—which is exactly where emergency devices become essential.

Read more

A private inbox doesn’t have to come with a price tag—or a catch. Proton Mail’s free plan gives you the privacy and security you expect, without selling your data or showing you ads.

Built by scientists and privacy advocates, Proton Mail uses end-to-end encryption to keep your conversations secure. No scanning. No targeting. No creepy promotions.

With Proton, you’re not the product — you’re in control.

Start for free. Upgrade anytime. Stay private always.

Get free private email

In this episode of the IoT For All Podcast, David Stanton, CEO and co-founder of Reelables, joins Ryan Chacon to discuss how smart labels are transforming the supply chain. The conversation covers the current state of the supply chain industry, the challenges of data quality, why data still flows across supply chains by email, how smart labels compare to barcodes, computer vision, and drones for tracking assets, passive vs active smart labels, cargo tracking, and the future of the supply chain.

YouTube • Spotify • Apple • YT Music • Amazon

Interested in becoming an IoT For All Partner? Reach out here!