IoT devices: threat from the dark web


Share post

IoT devices are a popular target for cybercriminals. On the Darknet, these attacks are offered as a service. In particular, services for DDoS attacks carried out via IoT botnets are currently very popular.

Services for attacks on IoT devices are increasingly being offered on the dark web. Kaspersky security experts identified over 2023 advertisements for DDoS attack services in various darknet forums in the first half of 700.

DDoS attack services for $63,50

In particular, services for DDoS attacks that are carried out via IoT botnets are obviously very popular with cybercriminals. The costs for these services vary - depending on the existing DDoS protection, CAPTCHA or JavaScript verification. On the victim side, they cost anywhere from $20 per day to $10.000 per month. On average, such services are offered for $63,50 per day or $1.350 per month.

Exploits for zero-day vulnerabilities in IoT devices as well as IoT malware - including the corresponding infrastructure and supporting programs - also seem to be popular.

Many dangers for IoT devices

“We recommend that manufacturers make cybersecurity of consumer and industrial IoT devices a higher priority. Changing default passwords on IoT devices and consistently providing patches to fix vulnerabilities should also be mandatory. The IoT world is fraught with cyber threats, including DDoS attacks, ransomware, and security issues in both smart home and professional devices. Our analysis highlights the need for a responsible approach to IoT security; It’s up to manufacturers to improve product security and proactively protect users,” comments Yaroslav Shmelev, security expert at Kaspersky.

Kaspersky tips for protecting industrial and personal IoT devices

  • Conduct regular security audits of operational technology (OT) systems to identify and remediate potential vulnerabilities.
  • Leverage dedicated ICS solutions to monitor, analyze and detect network traffic to protect against attacks that threaten technological processes and critical business resources.
  • Protect industrial endpoints as well as those in the office network. Kaspersky Industrial CyberSecurity includes specialized endpoint protection and network monitoring to identify suspicious and potentially malicious activity on the industrial network.
  • Before implementing IoT solutions, carefully review the security status of a device. Devices that have cybersecurity certificates and products from manufacturers that pay close attention to information security should be preferred.
  • For smart home devices, replace the default password with a strong, complex password. A reliable password manager, like Kaspersky Password Manager, helps create and store strong passwords.
  • Serial numbers, IP addresses, and other sensitive information about smart devices should never be shared on social media.
  • Stay informed about the latest information regarding discovered IoT vulnerabilities.
  • Before purchasing, read reviews and research on the security of the devices and pay attention to how a manufacturer reacts to discovered security gaps. If problems reported by researchers are resolved quickly, that's a good sign
More at


About Kaspersky

Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at


Matching articles on the topic

Researchers find 26 billion access data on the web

A package with 26 billion data records containing access data appeared online. It is said to contain user access data at many companies ➡ Read more

Data offering: Every third company appears on the dark web

In the last two years, one in three companies worldwide have offered compromised data for sale on the dark web. A big ➡ Read more

Fast food chain Subway probably victim of Lockbit

Many sources indicate that the Subway company was the victim of a cyberattack by LockBit. The operator Subway is there ➡ Read more

Russian APT group attacked Microsoft 

According to its own information, Microsoft was attacked by Midnight Blizzard on January 12, 2024. The Russian-sponsored actors had ➡ Read more

Many German chambers of crafts remain offline

The IT service provider ODAV was the victim of a cyber attack at the beginning of January. Because the service provider provides many services for the German Chamber of Crafts ➡ Read more

Security awareness against phishing attacks

The increasing spread of deepfake and AI technologies poses a serious threat, particularly in the area of ​​phishing attacks. These technologies enable ➡ Read more

Cat and mouse game in IT security

Looking back at 2023, we can see that the topic of AI has had a significant impact on IT security. That will too ➡ Read more

Cybersecurity incidents: Lack of budget is a risk factor

According to a survey, 18 percent of cybersecurity incidents are due to a lack of cybersecurity budget. The manufacturing sector is ➡ Read more