FortiGuard Labs Threat Research

IoT malware are coming. Will you listen to me now?

By Axelle Apvrille | October 24, 2016

It happened again. This past weekend we witnessed another record-setting DDoS attack, probably primarily caused by infected IoT devices. This attack is attributed to the same piece of code - Linux/Mirai - which attacked and OVH in September.

List of Attacks Attributed to Linux/Mirai





Oct 21, 2016



Some of the attacks were coming from hosts infected with Mirai. Impacted sites included Twitter, Amazon, Tumblr, Reddit, Spotify and Netflix. New World Hackergroup claimed responsibility.

Sept 22, 2016


1 Tbps

145,607 cameras and DVRs

Sept 13, 2016

620 Gbps

More info from host Akamai

Aug 17, 2016


280 Gbps

Size of the botnet: 49,657 unique IPs. Most were CCTV cameras, DVRs, and routers.


I Told You! (months ago) ;)

And now, I can't resist saying "I told you so." Yes, I started researching and warning about the risks of IoT infections approximately 20 months ago! I started hacking sports wristbands, and last year, at Hacktivity and 2015, I publicly outlined for the first time the attack scenario where a tracker propagates infection. Then again, at Insomni'hack in March 2016, later at Area 41, and most recently at Virus Bulletin 2016, I developed the topic explaining why an attacker might want to attack a connected toothbrush, a smart watch, or other connected devices.

Slide presented at Area 41Slide presented at Insomni'hack

Fortiguard Research Papers may be accessed here, which include my own talks and papers.

Upcoming talk: "Infecting Internet of Things" at DefCamp

This will also be the main topic of my upcoming talk at DefCamp "Infecting Internet of Things". Couldn't be more appropriate, could it? Quite "amusingly," the talk was turned down by 2 conferences before that ;( So much for self-pride ;) Anyway, I resubmitted because I was really confident about the topic, and I am definitely happy to speak about it at DefCamp now.

Just like Mirai doesn't care about your IP cameras or DVRs, I will show with proof of concepts that consumer Internet of Things such as smart glasses or smart watches are at risk of propagating malware, taking part in larger attacks, or being the victims of ransomware.

Be warned, this is only the beginning of IoT-based malware.

-- the Crypto Girl