In June 2025, malware dubbed Eleven11bot compromised around 30,000 IP devices – hijacking them to create a coordinated botnet and launch DDoS attacks. This figure was revised down from the 86,000 devices first thought to have been breached; as observed by intelligence analysis firm GreyNoise.
Most of the compromised devices are IP cameras and Network Video Recorders (NVRs), many of which were running outdated firmware and default credentials. The number of unsecured devices, and their wide range of locations across the internet, makes them highly appealing to malicious actors.
If we rewind a bit, the Mirai botnet – a malware family that exploded into the limelight around 2016 – set a concerning precedent by exploiting infected cameras, routers and DVRs for large-scale attacks.
Rather than dying out, Mirai has evolved. In March 2025, CVE‑2025‑1316 emerged – a command injection flaw in Edimax IC‑7100 IP cameras. Exploited in the wild, this zero‑day was actively used by Mirai‑based malware to infect thousands of devices that were already end‑of‑life and unpatched.
Akamai’s Security Intelligence team also observed active exploitation of command injection vulnerabilities in discontinued GeoVision IoT devices (CVE‑2024‑6047, CVE‑2024‑11120), as recently as April 2025.. Despite being disclosed months earlier, they went unpatched.
These incidents are just moments within a pattern that continues to create vulnerabilities globally.
It looks like this:
These devices are weaponised in plain sight; silently joining large-scale attack fleets without anyone noticing.
The implications of IoT hijacking are serious. In late May, Darktrace reported Mirai malware infecting a DVR camera on a Canadian logistics company network; again, exploiting accessible credentials to gain a foothold
And Trend Micro researchers have been flagging IoT botnets using routers and IP cameras to launch cyberattacks around the world, including North America, Europe, and Japan, from late 2024 onwards.
The proliferation of IoTs means that criminals have disparate, often weakly monitored endpoints to leverage for malicious purposes. And as long as these devices remain vulnerable, their exploitation will increase. Threat actors use them to create botnets that generate huge volumes of traffic to seriously disrupt organisations; gain access to networks via a vulnerable IoT, and then pivot once inside the network to hop onto internet networks; breach privacy by intercepting live feeds or recordings from cameras and audio devices; and more.
Innovative cybersecurity communities can always develop solutions to the problems that threat actors throw at us.
First and foremost, IoT manufacturers need to integrate security into their devices at the design stage. This means they need to work closely with cybersecurity practitioners to develop unique credentials, patchable firmware, encrypted comms, and so on.
When IoTs have been turned out to the market, we need proactive vulnerability research teams to identify vulnerabilities and maintain a clear view of devices in operation. And new roles are emerging in cybersecurity for professionals who can monitor IoT fleets, detect abnormal behaviour, and triage device-level breaches effectively.
At a birds-eye level, regulation and compliance is key. Governments need to push manufacturers to harden their products – and we’re seeing that happen, bit by bit.
And there is, of course, the consumer-level piece of the puzzle: educating the people who buy and use IoT devices to make sure they understand the vulnerabilities, maintain updates on a regular schedule so they don’t miss a firmware patch, and interact with devices in the most secure way possible.
IoT security challenges will continue to accelerate. And to maintain security, everyone needs to play their part – regulators, manufacturers, security practitioners, and consumers.
Become a part of the solution at Black Hat MEA 2025. Pre-register now to secure your place and discover the latest in IoT security research, vendors, and threats.
Join the newsletter to receive the latest updates in your inbox.
How do you get your first job in cybersecurity? Break things. Because cultivating your hacker mindset can help you differentiate yourself in a competitive market for entry-level infosec roles.
Read More
M&A can be a golden opportunity for malicious hackers. Find out how rushed integrations, open-source risks, and weak access controls turn acquisitions into cybersecurity minefields.
Read More
Credential leaks are escalating, powering stealthy, devastating attacks. Learn why passwords are no longer enough – and how passwordless authentication can help.
Read More