2025 Seems To Be Bringing A Botnet Bonanza

We Already Have A New Record Setting 5.6 Terabits Per Second DDoS
2025 is looking, amongst other things, to be the year of the botnet. Yesterday Cloudflare reported on a recent DDoS from 13,000 IoT devices infected by a variant of Mirai that peaked at 5.6 terabits per second, which is now the largest DDoS ever recorded. Another security company, Qualys, found 1,500 IP addresses assigned to AVTECH cameras and Huawei HG532 routers infected with a Mirai variant called Murdoc Botnet which seems to be growing by hundreds of devices every day.
Trend Micro also found a new IoT botne, again Mirai based with an extra dash of a similar malware family called Bashlite which have been delivering large DDoSes to Japanese users since the end of last year. We can also look forward to someone releasing a botnet living on 13,000 MikroTik routers and other devices; it hasn’t done anything yet but it is there and ready to ruin someone’s day.
Ars Technica lists a few more of these IoT botnets which are either active or ready to be deployed. It would be wonderful if we could just offer the usual advice to update your devices but with IoT it simply isn’t that simple. In many cases the manufacturer has abandoned their older products and there simply are not any updates to install. In other cases the vulnerability is hard coded in and there is nothing to be done about it except tossing it; other times the manufacturer has locked down the device and they are the only ones who can push updates. That leaves you at the mercy of their update schedule, assuming they even have one.
Let’s hope Mirai doesn’t move to the HPC clusters running everyone’s LLMs, as that would be an even worse nightmare than we have faced so far!
We’re only three weeks into 2025, and it’s already shaping up to be the year of Internet of Things-driven DDoSes. Reports are rolling in of threat actors infecting thousands of home and office routers, web cameras, and other Internet-connected devices.
More Tech News From Around The Web
- SMC pauses production after strong earthquake hits Taiwan @ The Register
- Hackers exploit 16 zero-days on first day of Pwn2Own Automotive 2025 @ Bleeping Computer
- Microsoft to force Windows 11 24H2 on Home and Pro users @ The Register
- Wine 10.0 Released @ Slashdot
- Windows 11 24H2 now also offered to all eligible Windows 10 PCs @ Bleeping Computer
- Improved Windows Search arrives… but only for Copilot+ PCs @ The Register
- This is the Massive AMD Instinct MI300A Heatsink in the Gigabyte G383-R80-AAP1 @ ServeTheHome
- Atlassian’s Bitbucket Cloud went down ‘hard’ today @ The Register
- Bambu Lab pushes a “control system” for 3D printers, and boy, did it not go well @ Ars Technica
- Corsair TC500 LUXE Gaming Chair @ TweakTown