Hello readers!

This week we’re looking at a massive takedown of a massive IoT botnet—and how little it solved. That, plus the future of healthcare, D2D connectivity, and more!

In one of the most significant botnet takedowns on record, US law enforcement — working with authorities in Germany and Canada — dismantled the command-and-control infrastructure behind four major botnets that had collectively hijacked more than three million devices worldwide. The networks, known as Aisuru, KimWolf, JackSkid, and Mossad, were responsible for hundreds of thousands of distributed denial-of-service attacks, including strikes against US Department of Defense systems. German authorities identified two suspected administrators and seized evidence including data storage devices and tens of thousands of dollars worth of cryptocurrency.

The story is, at its core, an IoT security story. The four botnets spread almost exclusively through internet-connected consumer devices — routers, webcams, digital video recorders, smart TVs, set-top boxes — the kind of hardware that gets plugged in once and forgotten. These devices are routinely shipped with weak default credentials, rarely receive firmware updates, and are almost never monitored by their owners. That combination makes them ideal raw material for botnet operators, who can quietly conscript millions of them into attack infrastructure without the owners ever noticing anything is wrong. The scale that results is staggering: together the four networks were capable of generating attack traffic exceeding 30 terabits per second, with one combined Aisuru-Kimwolf attack last November peaking at roughly 31.4 Tbps — nearly three times the size of any previously recorded attack.

The business model behind the botnets was as notable as their technical capabilities. Rather than using the infected devices solely for their own purposes, the operators ran a cybercrime-as-a-service operation — renting out access to the hijacked infrastructure to other criminal actors. KimWolf's compromised devices were also repurposed as a residential proxy network, allowing paying customers to route traffic through ordinary people's home connections as an anonymization layer, entirely without those homeowners' knowledge. Beyond being weapons, the infected devices were a commodity, bought and sold on the criminal market while sitting quietly in living rooms and home offices around the world.

The takedown itself focused on seizing the domains and backend servers that coordinated the botnets — the systems that tell infected devices where to send their traffic. Without that infrastructure, the hijacked devices lose most of their operational value, even though they remain compromised. The operation involved seizure warrants across multiple US-registered domains and virtual servers, and was supported by nearly two dozen major technology companies including Amazon Web Services, Google, PayPal, and Nokia, as well as Europol's ongoing PowerOff initiative targeting DDoS-for-hire operations.

The caveat, acknowledged openly by security researchers, is that nothing fundamental has changed. All four networks were themselves descendants of Mirai, the IoT botnet that first made headlines in 2016 and whose leaked source code has served as the foundation for a decade of successors. The pattern is consistent: new botnets emerge, break records, get taken down, and are replaced by the next iteration — because the underlying vulnerability never gets fixed. Hundreds of millions of poorly secured IoT devices remain online, running outdated firmware or factory-default passwords, permanently available for conscription. Until device manufacturers are held to higher security standards — or consumers demand them — the recruitment pool for the next Aisuru is already out there, plugged into the wall and waiting.

One where care doesn’t stop at discharge, and automation is quietly reshaping how healthcare organizations operate, all while keeping patient-centered decisions at the core. At this year’s HIMSS Global Health Conference & Exhibition 2026 in Las Vegas, this shift was hard to ignore. Conversations across the show floor made one thing clear: the healthcare industry is becoming more connected. Healthcare systems are actively implementing technologies that enable smarter care delivery, lower operational costs and better patient outcomes.

In this episode of the IoT For All Podcast, Kevin Dewald, Founder at The California Open Source Company, joins Ryan Chacon to discuss the current state of Bluetooth. The conversation covers why Bluetooth in IoT is so mobile-centric, the promise of desktop as a Bluetooth platform, why dongles pose challenges, the economics of open source, the complexities of the Bluetooth protocol, and the need for a shift in how IoT products are developed.

YouTube • Spotify • Apple • YT Music • Amazon

Interested in becoming an IoT For All Partner? Reach out here!