Securing the Internet of Things: Thousands of IP cameras hacked

In June 2025, malware dubbed Eleven11bot compromised around 30,000 IP devices – hijacking them to create a coordinated botnet and launch DDoS attacks. This figure was revised down from the 86,000 devices first thought to have been breached; as observed by intelligence analysis firm GreyNoise.

Most of the compromised devices are IP cameras and Network Video Recorders (NVRs), many of which were running outdated firmware and default credentials. The number of unsecured devices, and their wide range of locations across the internet, makes them highly appealing to malicious actors. 

The emergence of IoT botnets goes back a few years 

If we rewind a bit, the Mirai botnet – a malware  family that exploded into the limelight around 2016 – set a concerning precedent by exploiting infected cameras, routers and DVRs for large-scale attacks. 

Rather than dying out, Mirai has evolved. In March 2025, CVE‑2025‑1316 emerged – a command injection flaw in Edimax IC‑7100 IP cameras. Exploited in the wild, this zero‑day was actively used by Mirai‑based malware to infect thousands of devices that were already end‑of‑life and unpatched.

Akamai’s Security Intelligence team also observed active exploitation of command injection vulnerabilities in discontinued GeoVision IoT devices (CVE‑2024‑6047, CVE‑2024‑11120), as recently as April 2025.. Despite being disclosed months earlier, they went unpatched.

The IoT attack trend won’t go away 

These incidents are just moments within a pattern that continues to create vulnerabilities globally. 

It looks like this: 

1. Massive device proliferation: Everyday objects (cameras, routers, smart TVs, even refrigerators) are now connected to the internet.
2. Poor security hygiene: Default credentials, negligent patching, and outdated firmware are rife.
3. Unmonitored deployments: Organisations often deploy IoT swiftly and forget about them.
4. High-value targets: Botnet owners use these devices to launch DDoS attacks that disrupt entire services.

These devices are weaponised in plain sight; silently joining large-scale attack fleets without anyone noticing.

IoT attacks can hold real-world dangers 

The implications of IoT hijacking are serious. In late May, Darktrace reported Mirai malware infecting a DVR camera on a Canadian logistics company network; again, exploiting accessible credentials to gain a foothold

And Trend Micro researchers have been flagging IoT botnets using routers and IP cameras to launch cyberattacks around the world, including North America, Europe, and Japan, from late 2024 onwards. 

The proliferation of IoTs means that criminals have disparate, often weakly monitored endpoints to leverage for malicious purposes. And as long as these devices remain vulnerable, their exploitation will increase. Threat actors use them to create botnets that generate huge volumes of traffic to seriously disrupt organisations; gain access to networks via a vulnerable IoT, and then pivot once inside the network to hop onto internet networks; breach privacy by intercepting live feeds or recordings from cameras and audio devices; and more. 

What should we be doing? 

Innovative cybersecurity communities can always develop solutions to the problems that threat actors throw at us. 

First and foremost, IoT manufacturers need to integrate security into their devices at the design stage. This means they need to work closely with cybersecurity practitioners to develop unique credentials, patchable firmware, encrypted comms, and so on. 

When IoTs have been turned out to the market, we need proactive vulnerability research teams to identify vulnerabilities and maintain a clear view of devices in operation. And new roles are emerging in cybersecurity for professionals who can monitor IoT fleets, detect abnormal behaviour, and triage device-level breaches effectively. 

At a birds-eye level, regulation and compliance is key. Governments need to push manufacturers to harden their products – and we’re seeing that happen, bit by bit. 

And there is, of course, the consumer-level piece of the puzzle: educating the people who buy and use IoT devices to make sure they understand the vulnerabilities, maintain updates on a regular schedule so they don’t miss a firmware patch, and interact with devices in the most secure way possible. 

IoT security challenges will continue to accelerate. And to maintain security, everyone needs to play their part – regulators, manufacturers, security practitioners, and consumers. 

Become a part of the solution at Black Hat MEA 2025. Pre-register now to secure your place and discover the latest in IoT security research, vendors, and threats.