It's 8PM on a Thursday evening. You've sat down on the couch and are preparing to relax & watch your favorite TV show. You open your mail, and receive a letter from your Internet Service Provider stating that your home internet connection was found being used in a larger malicious botnet to attack major U.S. companies and government agencies. Confused, you wonder if this is spam mail or if it is legitimate. You call your ISP's official number from their website and confirm that this is true: your home network was flagged for participating in numerous attacks against government agencies and U.S. companies. Curious, you wonder how this could have happened. You have great antivirus software on your computers, you use newer phones, and never share your WiFi password. How did this happen?
A quick side-note: Your ISP will never threatening you requiring immediate payment or any other "ransom". When in doubt, call the official phone number for your ISP
Now you're left wondering: "how is that possible?" After doing some additional digging, the only other devices on your network besides your computer and phone are the new smart plugs and new streaming box you bought for a great deal online last month and recently connected to your home internet.
Recent Examples in the News
As reported by Bleeping Computer and PC Gamer, Cloudflare recently disclosed mitigating the largest publicly reported Distributed Denial of Service (DDoS) attack ever: an insane 31.4 Tbps peak from the Aisuru/Kimwolf botnet in December 2025. This "Night Before Christmas" campaign hammered telecom targets and Cloudflare's own infrastructure with over 200 million requests per second. Cloudflare blocked it autonomously, but it shows how "harmless" smart gadgets can fuel record-breaking cyber assaults.
Many compromised IoT devices are linked to some of the largest recorded DDoS attacks against organizations. Many of these massive attacks trace back to vulnerable IoT devices, like cheap routers, smart TVs, cameras, and plugs, that everyday users added to their home networks without thinking twice.
How Does This Happen?
Sometimes, deals really ARE too good to be true
Like many others, you may be wondering how this can happen. Cheaper knockoffs of mainstream, namebrand products (such as cheaper smart plugs, smart cameras, and even smart light bulbs), often are built in a less secure manner, with some having back doors directly "baked" into the hardware itself. I'm not saying that namebrand products don't suffer from vulnerabilities too, but they are often more "trustworthy" than many knockoff brands.
By purchasing these knock-off products and putting them on your network, you can then turn your home internet connection into another attack node for the a botnet. A botnet is a network of hijacked devices (often thousands or millions) controlled remotely by attackers to launch attacks - like flooding targets with traffic in a DDoS - or other malicious activities (proxy services, data theft, etc.)
How to Protect Yourself, Your Privacy, and Your Network
The easiest way to protect yourself from this happening to you: watch what you buy and put on your network! There are no guarantees that any smart devices are free from vulnerabilities, even with the top of the line name branded items. However, the risk is higher with the cheaper, off-branded items mimicking the real deal. It's also possible that they are manufactured in other countries and are "phoning home" information from your network for cyber criminals to steal and are already a part of a larger botnet.
The next best idea? Invest in a home wireless solution that allows for a separate "IoT" network or guest network. Most of the devices nowadays only need to talk to the cloud to function, so putting them on a guest network will protect your main devices and your information on your private network. However, something to note, if your smart device is something like a smart speaker or streaming device that you try to use Google Cast or Apple AirPlay with, that will need to be on your private network to allow those protocols to function properly (or will require separate routing and firewall rules if you are more network-savvy).
Finally, if a deal seems too good to be true, it probably is. Those "streaming boxes" that promise to give you so many free channels are not only a data mining nightmare, but are also incredibly illegal and can get you and others into serious legal trouble. Those cheap smart cameras? They could be insecure and allow anyone with slight coding knowledge to compromise them and start streaming that video.
Overall, the message is clear: be careful what you buy and be diligent to what you connect to your home network. Audit your devices today - what cheap smart gadget are you rethinking being on your home network? Share in the comments below!
Discover more from Anthony DeFallo
Subscribe to get the latest posts sent to your email.