The Botnet siege: How your toaster could topple a corporation

January 8, 2024  |  Sam Bocetta

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

In addition to the overt signs of cyber threats we've become conditioned to recognize, like ransomware emails and strange login requests, malicious actors are now utilizing another way to achieve their nefarious purposes — by using your everyday devices. These hidden dangers are known as botnets.

Unbeknownst to most, our everyday devices, from toasters to smart fridges, can unwittingly be enlisted as footsoldiers in a digital army with the potential to bring down even corporate giants.

This insidious force operates in silence, escaping the notice of even the most vigilant users.

A recent report by Nokia shows that criminals are now using these devices more to orchestrate their attacks. In fact, cyber attacks targeting IoT devices are expected to double by 2025, further muddying the already murky waters.

Let us go to the battlements of this siege, and we’ll tackle the topic in more depth.

What is a botnet?

Derived from the words “robot” and "network.", a botnet refers to a group of devices that have been infected with malicious software. Once infected, these devices are controlled remotely by a central server and are often used to carry out malicious activities such as cyber attacks, espionage, financial fraud, spam email campaigns, stealing sensitive information, or simply the further propagation of malware.

How does a botnet attack work?

A botnet attack begins with the infection of individual devices. Cybercriminals use various tactics to compromise these devices, such as sending malicious emails, exploiting software vulnerabilities, or tricking users into downloading malware.

Everyday tech is notoriously prone to intrusion. The initial stages of building a botnet are often achieved with deceptively simple yet elegant tactics.

Recently, a major US energy company fell prey to one such attack, owing to hundreds of phishing emails. By using QR code generators, the attacks combined two seemingly benign elements into a campaign that hit manufacturing, insurance, technology, and financial services companies, apart from the aforementioned energy companies. This new attack vector is now being referred to as Quishing — and unfortunately, it’s only going to become more prevalent.

Once a device has been compromised, it becomes part of the botnet. The cybercriminal gains control over these infected devices, which are then ready to follow the attacker's commands.

The attacker is then able to operate the botnet from a central command-and-control server to launch various types of attacks. Common ones include:

  • Distributed denial-of-service (DDoS). The botnet floods a target website or server with overwhelming traffic, causing it to become inaccessible to legitimate users.
  • Spam emails. Bots can be used to send out massive volumes of spam emails, often containing phishing scams or malware.
  • Data theft. Botnets can steal sensitive information, such as login credentials or personal data, from the infected devices.
  • Propagation. Some botnets are designed to spread malware further by infecting additional devices.

But what makes a device eligible to be a part of a botnet?  Well, malicious actors first look for vulnerabilities, lack of monitoring, and even the brand of the toaster or any other IoT device you might be using. Aside from unknowingly assisting criminals, things such as virtual debit cards, PayPal accounts, and personal information may all be stolen, especially if your computer and IoT devices are on the same network — and they usually are.

Why are botnets attacks more dangerous?

Botnets operate stealthily, staying under the radar by blending in with regular internet traffic. They often use encryption and other techniques to ensure their activities remain hidden. Unlike other forms of cyberattacks, botnets aim to remain undetected for as long as possible. This makes it extremely difficult for individuals and organizations to realize that their devices have been compromised.

The most concerning aspect of botnets is their destructive potential. If they infect enough devices they can amass significant computational power and bandwidth.

With this collective strength, they can launch massive attacks on targets, including critical infrastructure like energy grids, agriculture systems, and healthcare facilities.

Additionally, the average layperson is blissfully unaware of botnets and how they work. In fact, most people don't have a clue how to identify a cyber threat or how to prevent identity theft — the fact that their devices can be used as unwitting proxies in a malware attack is far beyond their ken.

How botnet attacks can cause serious damage to businesses

We’ve discussed how the covert nature, ability to spread, and computational power of botnets — these factors coalesce into a lot of destructive potential.

Even large businesses are not immune — one of the most notorious botnets, Mirai, was used in a DDoS attack against domain name provider Dyn, mobilizing as much as 1.2 terabytes (yes, terabytes) of data each second. Tech titans like Spotify, Amazon, and Airbnb were affected, and over 14,000 online services dropped Dyn as a result of the attack. Although the incident was resolved within two hours, quantifying the volume of business lost is hard to imagine.

The attacks don’t have to be wholly digital either — botnets may also be used in conjunction with real-life breaches, with car dealerships being a prominent target because of their high-value and easily sellable goods. Oftentimes, criminals will use the botnet to perform a data breach to find more info about the facility.

Then, they might try to access the dealership’s security camera management system, and effectively get to choose when they want to break in. And yes, this can all stem from your toaster or your smart fridge.

Other sectors that extensively use IoT are also particularly vulnerable to botnet attacks. Energy, agriculture, and healthcare organizations have become increasingly reliant on IoT — and while the benefits are apparent, the heightened vulnerability to botnets is rarely discussed.

These sectors heavily rely on Real-Time Location System (RTLS) security to ensure the smooth operation of critical systems. While it may seem improbable for a single hacker to take down well-funded hospitals with their seven-digit security budgets, the dynamics change drastically when a multitude of Internet of Things (IoT) devices join forces.

How to protect yourself against botnet attacks

To successfully foil an attack from an army of devices is no easy task — and that question deserves a long, exhaustive answer. However, we can start small — with a couple of steps that can be taken without requiring large investments or a lot of time to put into play.

Keep your devices updated

Updates often include security patches that fix vulnerabilities hackers might exploit. Make sure to enable automatic updates whenever possible. Don't delay or ignore these updates, as outdated devices are easier targets for botnet recruitment.

Install reliable security software

These programs can detect and remove malicious software that might be used to recruit your device into a botnet. We might be retreading old ground here, and although it goes without saying, it still bears repeating — ensure that your security software is up to date and set to run regular scans.

Segment your network

If you have multiple IoT (Internet of Things) devices, segmenting your network is another action you should consider. Keep your IoT devices on a separate network from your computers and smartphones. This way, even if an IoT device is compromised, it won't provide a direct pathway to your more sensitive data or other devices to infect, thereby minimizing the impact and damage of infection.

Be cautious with email and links

Oftentimes, the human element is the weakest link when it comes to cybersecurity, and phishing attacks are a common method for recruiting devices into botnets. Exercise caution when opening email attachments or clicking on links, especially if the sender is unknown or the message seems suspicious. Always verify the legitimacy of the source before taking any action.


Botnets present a new paradigm of risk in cybersecurity — apart from simply being another method by which we can be attacked, botnets are unique in that they seek to recruit our hardware for their own nefarious purposes.

While this is still a relatively new phenomenon, and we’re sure to see a lot of evolution in this arena in the next couple of years, being aware of what the threat is, how it works, and how to implement best practices are good first steps — so long as we stay the course and keep our ears to the ground, we can keep up with malicious actors.

Share this with others

Featured resources


Insights Report

2023 AT&T Cybersecurity Insights Report: Edge Ecosystem



2023 AT&T Cybersecurity Insights Report: Edge Ecosystem

Get price Free trial