Botnet activity on connected devices is up 500% thanks to default passwords, outdated software, and inadequate security protections creating backdoors into enterprise networks. Now, even entry-level hackers with off-the-shelf tools are getting in on the act.
In November, researchers discovered a new and dangerous botnet, Matrix, made from open source and readily available solutions rather than custom code. While not highly sophisticated, this hack shows how bad actors with basic technical knowledge can make and sell botnets with the potential for widescale damage.
This is an escalating issue and something’s got to give. Stricter device regulations are on the way in 2025 but, until they’re enforced, it’s up to admins to step up. This demands immediate action on software patching, strong authentication, and unified device management.
Founder and CEO of Hexnode.
Growing devices, growing botnets
It’s no coincidence that connected devices and botnets are growing at similar rates. In the past five years, consumers and enterprises have embraced devices in the smart home and office, resulting in a doubling of devices in the Internet of Things (IoT). This number is expected to double again in the next decade to more than 40 billion worldwide.
This is a problem since not all devices are created equal. By scanning the internet for known software flaws or easy-to-break passwords – two common vulnerabilities in cheaper products – hackers can bend these machines to their will. With more devices, there are more botnet targets.
Once compromised, devices become unwitting recruits in massive botnet armies, allowing attackers to spread malware, launch devastating DDoS attacks, and infiltrate critical enterprise systems. Nokia recently reported IoT devices engaged in botnet-driven DDoS attacks are up 500% over the past 18 months and account for 40% of all DDoS traffic.
Matrix only ups the degree of difficulty. This latest arrival demonstrates how making a botnet isn’t as hard as one might think, opening up new avenues for individuals to execute broad, multi-faceted attacks on numerous endpoint vulnerabilities and misconfigurations. Even more concerning? The solution is for sale as commercial botnet-as-a-service, turning basic tech know-how into automated hacking weaponry. And with enterprise ecosystems now counting more endpoints than ever before, it’s clear that admins must redouble their cybersecurity efforts in the face of this escalating threat.
Three ways admins can fight back against botnets
First, and it should go without saying, change any default passwords. Generic credentials are often shared across entire fleets of the same device – meaning hackers might already have your login if it’s left unchanged. Regardless of whether you’re securing a camera, sensor, or industrial control, don’t do default. Strong, randomized passwords are non-negotiable and go a step further with two-factor authentication for added protection.
Next, strengthen your software. Half of last year’s enterprise vulnerabilities remain unpatched and outdated, making them perfect botnet targets. Automated patch management isn’t optional – it’s integral to security survival.
Finally, be proactive. Hackers are counting on admin complacency and weak backend safeguards. Prove them wrong. Contain breaches by segmenting networks, consolidate endpoint management with a unified console, and deploy AI monitoring to catch suspicious behavior.
A critical step here is developing an incident response plan. Many organizations discover botnet infections too late because they lack clear protocols for detection and response. Regular tabletop exercises and automated network monitoring (more on that below) can help teams identify weak points and practice responding to potential breaches before they occur. These basics separate minor hiccups from major incidents.
Be smart and proactive
It’s worth mentioning that various regulations are coming online to help stop botnets this year.
Europe, The United States, and The United Kingdom are taking aim at basic vulnerabilities in different ways. Europe’s Cyber Resilience Act, for example, will go a long way to closing device backdoors by banning default passwords and obligating manufacturers to provide software support throughout a product’s lifespan.
Across the Atlantic, expect to see a consumer tick of approval on connected devices that meet cybersecurity minimums. Let’s hope these concerted efforts across major markets will hit botnets where it hurts – easy to exploit vulnerabilities – and make us all a little safer.
In the meantime, the buck stops with admins, and it’s not easy in a landscape of growing devices, experimental hackers, and stretched IT teams. To close the gap, look for extra and smarter ways to oversee your ecosystem. Make your life easier with automation, maintain a real-time ecosystem inventory, and establish clear security baselines for new endpoints. You’ll find that relatively small changes to how you manage, authenticate, and protect devices can make a big difference to your overall security posture.
This isn’t to say to do away with endpoints – far from it. Connected devices are popular in enterprises big and small for a reason. They unlock operational data, deliver business insights, and achieve newfound efficiencies. The key is to onboard them consciously and carefully, slamming shut every potential backdoor while unleashing the full promise of tomorrow’s smart office.
We've compiled a list of the best endpoint protection software.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
