A botnet is a collection of compromised devices—the bots. The bots communicate with a central command-and-control server to receive instructions. Thousands or hundreds of thousands of compromised devices infected with malicious software can be harnessed as a group into a botnet. The botnet can be used to distribute spam or target servers with a denial-of-service attack, all without the owners of the compromised devices realizing their devices have been infected.
Typically, botnets are comprised of devices that lack basic security features due to limited processing power and minimal operating system capabilities. They are usually designed to be plug-and-play devices that are connected to the network and simply left alone. However, they also frequently contain flaws and hardcoded credentials that can be exploited by attackers and they lack any means of patching or updating, leaving them vulnerable.
Webcams, home security cameras, routers, connected refrigerators, and other IoT devices are exposed over the internet, making it easy for attackers to automate scanning for vulnerable targets and spreading the initial botnet malware infection. Once compromised, attackers can use the collective processing power of the IoT botnet for other malicious activities, and because the devices are not actively monitored or managed it is unlikely that it will be detected.
The massive and quickly growing volume of IoT devices on the internet, combined with the inherent security weakness of most IoT devices makes it likely that IoT botnets will emerge as a common and widely-used tactic by attackers.