Hackers Offer an IoT Botnet for $7,500
Cybercriminals are now offering massive IoT botnets for rent. Security firm RSA discovered one of these networks in an underground forum — capable of launching DDoS attacks with more than 1 terabit per second of traffic.
The DynDNS Attack and Its Consequences
In October, a powerful Distributed Denial-of-Service (DDoS) attack hit DynDNS, one of the largest domain name services worldwide. As a result, many popular websites such as Twitter, GitHub, PayPal, Amazon, Reddit, Netflix, and Spotify were temporarily unavailable in the United States.
The investigation revealed that millions of compromised Internet of Things (IoT) devices participated in the attack. These devices sent an overwhelming number of requests to DynDNS servers, causing widespread service interruptions. The malware responsible for the incident is known as Mirai.
How the Mirai Botnet Works
Mirai scans the Internet for IoT devices with weak or default login credentials. Once infected, the devices become part of a botnet that can be remotely controlled by hackers. The botnet can then flood targets with data, taking down websites and services.
Security firm Flashpoint confirmed that parts of this infrastructure were used in attacks against DynDNS, OVH, and the blog Krebs on Security. The evidence clearly shows how easily everyday devices can be turned into dangerous digital weapons.
Cybercrime Becomes a Business Model
According to RSA, hackers are now selling access to IoT botnets in online criminal markets. The offer included up to 100,000 infected devices capable of generating over 1 Tbps of attack traffic. The smaller version, with 50,000 bots, was priced at $4,600. The full version cost $7,500.
“This is the first time we have seen an IoT botnet of this power offered for rent,” said Daniel Cohen, Head of RSA’s FraudAction unit. Such offers show how DDoS-as-a-Service has become an organized and profitable industry.
Comparison: Costs vs. Risks
The price for such a botnet is alarmingly low compared to the damage it can cause. A DDoS attack of this scale can paralyze entire infrastructures, affect millions of users, and cause major financial losses. Therefore, organizations must take IoT security much more seriously.
IoT Manufacturers Under Pressure
Device manufacturers are slowly realizing the scale of this threat. The Chinese company Xiongmai Technology (XM), which produces surveillance cameras and DVR systems, released a firmware patch after its devices were used in Mirai attacks. However, older devices remain at risk if they use standard passwords and outdated firmware.
Why Old Devices Are Still Dangerous
Any device produced before September 2015 that still uses default credentials can be compromised via Telnet. These devices often remain connected to networks without proper monitoring. Consequently, they continue to be an easy target for cybercriminals.
How to Defend Against IoT Botnets
IoT-driven DDoS attacks are difficult to stop entirely. Nevertheless, companies can minimize risks through proactive defense. The following steps are recommended:
- Update all IoT devices and change default passwords.
- Deactivate unused remote access ports like Telnet.
- Implement a Managed Firewall for traffic control.
- Set up Failover protection to maintain availability.
- Use multiple DNS providers for redundancy.
- Monitor outgoing traffic to detect unusual data flows early.
For further details, refer to the FORBES article or Flashpoint’s technical report.
Key Takeaway
The sale of a $7,500 IoT botnet demonstrates how accessible cyberattacks have become. However, companies are not powerless. With modern infrastructure, active monitoring, and certified security standards, organizations can defend themselves effectively. At centron, we provide ISO 27001-certified environments designed to withstand even large-scale DDoS attacks.
